Collaborate Disseminate
Another malware campaign using malformed RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Formbook via fake invoice using Microsoft Office Equation Editor exploits
Trickbot is back with a vengeance. I have seen a couple of mentions on Twitter earlier this week but haven’t actually been able to find any copies myself. However that all changed last night with several emails to various email addresses on my s… Continue reading Trickbot with multiple changes via fake Chase JP Morgan incoming confirmation
Got a very strange one that I can’t quite work out. I received a submission via our system with the message that he had quite few “phishing” type emails with all the same link, but couldn’t get anything. I tried the link from A… Continue reading Unknown malware via VBS & fake eml file
This is a version of Nanocore RAT being delivered via a fake Purchase Order. The file has an invalid, Expired Digital Signature that says Google. It is reasonably well detected by Antiviruses although most of them are Generic / Heuristic detections. … Continue reading Fake Autec Power purchase Order delivers Nanocore RAT
Another malware campaign using malformed RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Azorult via fake inquiry email using Microsoft Office Equation Editor exploits
A quick post detailing another Formbook campaign with what looks like a few changes.Recently the criminals distributing this malware have been using .exe files inside various forms of archive, including .iso, .ace, .rar. ,zip. Frequently they use vario… Continue reading Formbook campaigns continue via malspam emails
Yet another Lokibot campaign via Malspam emails. In today’s Internet based world parcel delivery messages are so common. Most of us will receive at least 1 every week, if not several each day. Today the lure pretends to be a delivery notificatio… Continue reading Lokibot via fake Fedex customs clearance notice
Last night we received several emails to various email addresses on this server using a template we first saw back in Early December 2018. They are still using Rosie L. Ashton as the sender. Then it delivered Ursnif banking trojan. Today it is deliver… Continue reading Gandcrab 5.1 via Uр to date emergenсy exit maр malspam from Rosie L. Ashton
Another day and yet another malformed. malicious word doc attachment that is a renamed RTF file delivering Lokibot malware. These criminal gangs are really playing around with RTF files and constantly changing the header control word to try to bypass A… Continue reading Fake Quotation Request with malformed RTF file attachments delivering Lokibot
The next Formbook campaign today is a bit of a cock-up from the malware bad actors. The email invites you to quote for 720 of an unspecified object, the details being in the attached file. This is where they have made the mistake and made it less like… Continue reading More Formbook via fake order using broken .rar attachments