in , ,

TA505 terrorists launch Andromut, a global broadcasting publisher to present the unfair Ammyy RAT

Updated July 17, 2019

Cybercrime TA505 launched two malicious campaigns in June, targeting FlawedAmmy and RAT.
Many countries are using new import methods.

Email and links to download Microsoft Word and Excel documents are affected.
On the July 2 blog
When the backup is active, incorrect macros in these files are sent and executed using the Msiexec command
The tomb of Andromeda, who transported ammonia in the wrong way. In either case, the carrier is brought to the RAT FlawedAmmyy

One campaign is South Korean and the other is dubious
Singapore, United Arab Emirates and
In either case, the FS sends the address line to the recipient
Financial statements are accounts
Published in the form of an evaluation

ProfilePoint indicates that Android is written in C ++ programming language and communicates with C2 server via HTTP Post
Malware was found to share specific numbers and features with Andromeda and KetiLoader (but researchers have not reported it).
Regarding this piece).

There are many ways to analyze the scale
Sand, work, beer and mouse
Suffers from discomfort. The two create a balance between one.
User rights: perform specific actions
Use the LNK bucket or registration form,
Explanation of tapes.

Stand at a commercial bank in June 2019 with the new step
The United States, the United Arab Emirates, and Singapore are the closest allies
Section TA505 usually includes financial advice,
Access to the Pro Point website ends. When downloading a new Android
TA505 appears in relation to FlavDammy RAT as salary
New summer zoo for 2019.


Leave a Reply

Notify of





Violation of OpenPGP may result in destruction of public documents

Shadowgate is a bad company that promotes SEALWareware