The man, Atallah al-Maythan, headed pro-ISIS jihadists across the quadrant. He was arrested along with 68 militiamen in the "Revenge for Al-Raqqah deaths" operation.
The email changes the text and the compressed attachment. Inside, however, there is an exe with the same malware and the stolen data is exfiltrated via Telegram Api to the same C2.
Heli-transported operation in Shahil against the networks of facilitators and logisticians of the Islamic State. More than 270 jihadists have already been arrested in January.
A fake email from an Indian company contains an r.00 attachment, with an exe file inside: the malware. The infostealer doesn’t have a C2, but sends the stolen data by email.