Collaborate Disseminate
Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previou… Continue reading Formbook from fake order via complicated chain using multiple equation editor exploits
A slightly unusual malware campaign this morning. The email is nothing special and spoofs a Maltese Shipping company ( it is highly probable that multiple other companies will also be spoofed with this campaign). It pretends to be an outstanding Paymen… Continue reading Fake outstanding payment delivers Formbook and an unknown malware at same time.
I have seen some pretty lame malware campaigns over time, but this one must rank as one of the lamest ones. Whichever bad actor sending these needs to step up his game. He is using csv attachments that will open in Excel or any other spreadsheet progra… Continue reading Nanocore via fake order using dde in csv files
Following on from Today’s earlier Formbook campaign using exploits in RTF files we are now seeing another campaign that appears to be coming from the same bad actors using .exe files disguised as a bat file inside a zip. The email pretends to … Continue reading Formbook via fake statement of account
I can’t remember previously seeing a malware delivery campaign using a malformed, malicious RTF file like this one. It definitely is using one of the multiple Equation Editor exploits.There is some dispute on VirusTotal whether it is CVE-2017-11… Continue reading Formbook via fake Unicredit Bank swift transfer using different malformed RTF files
I was sent these 2 emails via the malware submission system on this site. 2 different emails coming from different senders, imitating or spoofing different companies. Both have iso attachments that extract to .exe files that try to pretend to be a pdf… Continue reading Nanocore RAT via fake order emails
Following on from this post from last week. We are seeing another what looks like Hawkeye or Agent Tesla keylogger campaign using identical methods. All the same sites and hosting companies are involved with the same possibility of the DNS on Godaddy … Continue reading Agent Tesla reborn via fake order
Following on from my slightly earlier post about Lokibot, this is yet another version with 2 XLS spreadsheet attachments coming in a fake Overdue Invoices November – December 2018 email. This version uses CVE-2017-11882 or is trying to, but only… Continue reading More Lokibot via fake Maersk Quotation / Invoice
A slightly different Lokibot campaign this morning. The email is nothing special with a typical subject of CONFIRM OVERDUE INVOICE coming from various email addresses including what is likely to be either a compromised or fraudulently set up email a… Continue reading Lokibot via multiple embedded OLE objects in fake invoice rtf word docs
We see lots of phishing attempts for banking credentials. This is new entry to the lists. We normally see the traditional banks being used in this sort of phishing scam / identity theft in the UK on an almost hourly basis. I probably see 20 or 30 every… Continue reading Cashplus new Fintech service phishing scam