Updated: July 17, 2019
The TA505 computer crime gang appears to have launched two wealthy campaigns last month to protect RawedAmmyy RAT victims.
In most countries, the newly created download program uses AndroMut.
According to both campaigns, phishing emails use Microsoft Word and Excel files to download files.
If the record point is Vedic, the macros in these files are downloaded to the downloaded Msiexec command and
Download AndroMut or FlawAmmyy. In either case, the agent will receive a RAT default.
One focuses on the Korean campaign and the other on the Koreans.
Singapore, United Arab Emirates and
In both cases, the United States received fraudulent emails
Disclosure of financial documents, such as receipts,
Transfer of money or money.
The evidence suggests that AndroMut is written in C ++ and communicates with C2 servers via HTTP-POST requests.
Both Andromeda and QtLoader appear to share code and behavior with malware (although scientists have found it missing).
Courage at this crossroads).
AndroMut also has a number of analytical techniques, including
Sandbox, moving mouse, emulator and controls
The critics. Based on this, create time in two ways.
User License: This is done by all operating systems
The GNP file is in reusable storage or during registration,
The evidence shows.
Due to new pressure in March 2019, the banks budget was reduced
Important destinations appear, such as the United States, the United Arab Emirates, and Singapore
The financial situation was checked in section TA505
Trial block issued. The latest download of AndroMut software
RAT is compatible with FlawedAmmy because the load is similar to TA505
New animals for the summer of 2019.