#TA505 find subdomain to download #Dropper #Malware

Krishnendu Paul

Jun 16, 2020 1 min read

So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method

So, found 2 TTPs today from twitter

But, subdomains are not there. Without disturbing the poster, goto https://[DOMAIN]

It will show you a certificate error page. Click on Advanced .

Following section will open , click on View Certificate.

Now you can see subdomain names which are distributing the actual dropper files.

Now use that subdomain and add /download.php at end to download actual dropper excel file.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.