NeuroSOC, as part of the malware/abuse service that it provides, has recently captured two samples which concern a spam campaign (a DHL General Price Increase e-mail and a DHL Express_Shipment Notification e-mail) that delivers the cross-platform (RAT) Adwind, along with another well-known RAT Duhini which has worm capabilities. A similar campaign was first spotted in April 2018 by TrendMicro. Later on, another campaign (Repayment Confirmation Copy e-mail) was spotted that contained a third sample which utilizes Adwind RAT along with vjw0rm RAT.
NeuroSOC malware analysts analyzed the mails which delivered the samples, and reverse engineered them to uncover their functionality and discover relevant Indicators Of Compromise (IOCs), which will help to successfully protect Clients under the Continuous Monitoring Service provided by Neurosoft. This report aims to present the results of this analysis and shares relevant IOCs with the Internet Security community.