Collaborate Disseminate
Another Hawkeye keylogger attempt that has problems with the delivery system. The email pretends to be a purchase order from a company called Bath Trends, who might or might not actually exist. It pretends to come from a Gmail address. It is supposed … Continue reading Yet another attempted Hawkeye delivery that fails.
There are lots of changes to the Trickbot delivery system and possibly the payloads and configs today. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email wit… Continue reading Fake ADP Tax Billing Records delivers Trickbot
Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the expl… Continue reading Formbook via fake Urgent Enquiry email
Continuing with this malware campaign trying to deliver Hawkeye Keylogger/ Infostealer from yesterday. The same bad actor has updated the email, changed the payload slightly to try to bypass AV detections and instead of a .exe attachment has u… Continue reading Hawkeye keylogger via fake Bank Details in the Invoice
A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this campaign is he or she attached a .exe to the ema… Continue reading Hawkeye keylogger via fake Proforma Invoice that probably fails delivery
An email with the subject of POQEA inquiry for order pretending to come from Balwinder Singh <sanjayl.sherma@gmail.com> with a link to download a malicious word doc delivers Agent Tesla Keylogger / Remote Access Trojan. This campaign is u… Continue reading Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits
This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “Payment Receipt Advise/Avis de Reception de paiement” pretends to come fr… Continue reading Fake Royal Bank of Canada Payment Receipt Advise/Avis de Reception de paiement delivers Trickbot
I am not completely sure what we have got here today. An email with the subject of Packing List and LPO coming from Jidapa Dongbang <jidapa.d@asrservice.co.th> with a link to download a rar file from a onedrive address They use emai… Continue reading Fake Packing List and LPO delivers malware via onedrive
This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “TD Bank Secure Mail ” pretends to come from TD Bank, but actually comes f… Continue reading Fake TD Bank Secure Mail delivers Trickbot
A somewhat involved and slightly complicated and devious chain in this Formbook campaign. What is slightly concerning are some of the sites involved, especially the live download site http://globalbank.us/ which looks like it has been been purchased b… Continue reading Fake order with 2 lnk files delivers Formbook