A weekly round-up of security pulses created by the BIT Security team.
A spoofed email address attempted to deploy malicious trojans and other malicious files, using glitch.me sites.
IoC's found when exploring 220.127.116.11 This is a known C2 domain. This IP was originally taken from an existing sunburst pulse Explored using virus total.
IOC's extracted from gurztac.wtchevalier.com and khanhhoahomnay.net using virus total. These domains drop .doc files with malicious macros that appear to download Emotet These two domains were analyzed using virus total. The domains themselves were taken from the November 03 2020 malware domain feed v2.