Collaborate Disseminate
This example is an email containing the subject of “FW: Unpaid Invoice 17.07.2018” pretending to come from HMRC but actually coming from a look-a-like or typo-squatted domain “Melanie.Moran@hmrcco.uk” with a malicious word doc… Continue reading Trickbot deliveredc via fake HMRC “FW: Unpaid Invoice 17.07.2018”
This example is an email containing the subject of “Past due invoice 07.16.2018 ” pretending to come from ADP but actually coming from a look-a-like or typo-squatted domain adp-invoice.co.uk with a malicious word doc attachment that pret… Continue reading Fake ADP “Past due invoice 07.16.2018 ” malspam delivers Trickbot
This example is an email containing the subject of “FW: Recent BACs ” pretending to come from Danske Bank but actually coming from a look-a-like or typo-squatted domain “Jacob.Schiander@danskebankco.uk” with a malicious word d… Continue reading Fake Danske Bank FW: Recent BACs delivers Trickbot
The second in today’s trickbot campaigns targets USA. I wonder if the hacked/ compromised healthcare company involved in the distribution has also lost or leaked any patient details. This example is an email containing the subject of “Impor… Continue reading Trickbot campaign spoofing Chase Bank “Important account documents”
Trickbot is back targeting the UK again today after a short break. This example is an email containing the subject of “June’s Invoices / Documents ” pretending to come from Companies House eBilling but actually coming from a look-a-li… Continue reading Trickbot via Fake Companies House E-billing “June’s Invoices / Documents ” malspam
A bit of a strange one to start off today. The word doc doesn’t want to run or run properly in most of the online sandboxes available to me. An email with the subject of “Alert! Shipment Notification” pretending to come from DHL but… Continue reading Fake DHL “Alert! Shipment Notification” delivers Remcos RAT
An email with the subject of ” ENQUIRY NO-64743″ pretending to come from “isaac_w@highgatelimited.com” with a malicious word doc attachment eventually delivers some sort of malware that looks like a keylogger or password ste… Continue reading Fake ” ENQUIRY NO-64743″ malspam using multiple exploits delivers malware.
I have received something a bit weird and wonderful this Saturday morning. I can’t quite work out what malware it is supposed to deliver. I can’t get anything & Anyrun fails using a 32 bit VM. ( a subsequent run using a W10 64 VM and se… Continue reading Fake delivery notification delivers some sort of keylogger, possibly Ramnit Banking Trojan
Over the last week of so, there has been a bit of a change to the Trickbot delivery system. For quite a while they used the Microsoft Equation Editor Exploit CVE-2017-11882 in word docs to deliver the payload. Sometimes using 2 or 3 different exploit… Continue reading Slight changes to Trickbot delivery system
This example is an email containing the subject of “FW: Invoice” pretending to come from Santander Bank but actually coming from a look-a-like or typo-squatted domain “Diana.Braser@santander-invoice.co.uk” with a malicio… Continue reading Even more Fake Santander Bank invoices delivering Trickbot