Mapping Out a Malware Distribution Network
released on 2019-04-05 @ 08:39:09 AM
More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns.
Malware families include Dridex, GandCrab, Neutrino, IcedID and others.
Evidence suggests the existence of distinct threat actors: one responsible for email and malware hosting, and others that operate the malware.
Indications that the servers are part of Necurs botnet malware-hosting infrastructure.