It seems to be the week for harder to analyse & dodgy delivery systems that more carefully target specific countries / regions or even specific isps. Yesterday we saw a fake e-fax notification in German language that eventually led to a Buran ransomware. I couldn’t analyse that one properly or get the full payload, but with lots of help from many Twitter contacts, the ransomware payload was soon discovered, downloaded and submitted. Today I have received a fake TNT delivery / collection notice that has a link in the email body that downloads a zip file. Inside the zip is … Continue reading →