Managed XDR Investigation of Ducktail in Trend Micro Vision One™ 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Indicator Type	Indicator																				Description
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
URL		https://cvws.icloud-content.com/B/AdOthXEQEHT52LS8LnEBNp-DhsYDAceH36UdRBsJmAy_iZI0dTY-BUI0										Download Link
		/FENDI%20Performance_Marketing%20Manager%20job%20description%202023.zip?o=AhNawctzDHi5rtTXk3D8V409VHulTBrBKa2ths_
		IBRa6&v=1&x=3&a=CAogxzzVrVCwhfmRZh6rg1pLKdfvIS0knhm4fbk-TJCZOZoSbxCgj4ur9TAYoOzmrPUwIgEAUgSDhsYDWgQ-BUI0aieY2bC29xIUd6u5GsL76LJngyU86cs
		W0YR2jTuSa387WLYkciaTokNyJwwAjpg1NCe8LZo8seBJ-yPL344r8Ifi0gA674tD2SuWRVDaOJc1Aw&e=1680768349&fl=&r=d2307f1f-69d5-46a3-97e4-f947021bcd28-1&k=DD8ONa_n1hzCoaGixQS
		IKA&ckc=com.apple.clouddocs&ckz=com.apple.CloudDocs&p=119&s=kuEchbFQHtIMAiwSkXp08M6h5ho&+=f5dfcf90-bc0b-4a3f-8b75-396b34456783	
URL		https://getip.pro																			Used to get IP address and geolocation
SHA1		d89fcfc4d02217ec9b467cd4b223da70d2556b76																TrojanSpy.MSIL.DUCKTAIL.YXDC1
SHA1		af91268d21c08bf89b17797c6a6b4813b3bd582f																TrojanSpy.MSIL.DUCKTAIL.YXDC1