MONSOON – ANALYSIS OF AN APT CAMPAIGN
monsoon-analysis-apt-campaign?utm_source=Labs&utm_medium=blog&utm_content=monsoon_whitepaper&utm_campaign=monsoon
monsoon-analysis-apt-campaign?utm_source=Labs&utm_medium=blog&utm_content=monsoon_whitepaper&utm_campaign=monsoon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Forcepoint Security Labs | Special Investigations<br />
Distribution Mechanism. The final Google search result was a report generated by the URLQuery.net<br />
site:<br />
Figure 7 <strong>–</strong> URLQuery.net<br />
The site t.ymlp50[.com] is a legitimate web and e-mail marketing service. It is owned and operated by the<br />
Belgian company Your Mailing List Provider (YMLP). Further Google searches of other document names<br />
revealed similar redirection chains using the same service. Consequently, it is reasonable to conclude that<br />
a number of “weaponised” documents were delivered using YMLP.<br />
<strong>MONSOON</strong> <strong>–</strong> <strong><strong>AN</strong>ALYSIS</strong> <strong>OF</strong> <strong>AN</strong> <strong>APT</strong> <strong>CAMPAIGN</strong> Revision: 1.07 | TLP-WHITE | 9/57