Collaborate Disseminate
Another Hawkeye keylogger campaign again today. We see these most days and the emails are always such a generic invoice, order or Request for quotation so I don’t bother to post all versions we receive. I normally just tweet to the other research… Continue reading Multiple Hawkeye malspam campaigns via GreenCloudVPS
Earlier this morning I received a spam email, pretending to be a new order asking me to quote a price, with a word docx attachment. That is normal for me & many others to receive this sort of malware laden spam. The subjects are so generic, the all… Continue reading Lokibot via fake order email. Massive document.xml.rels obscuring analysis
A very slightly strange and less usual malware campaign this morning that does eventually deliver Formbook. The email is nothing special, very terse & bland that just says ” Kindly find the attachment”. It has 2 Microsoft Word Doc attac… Continue reading Fake Hillconmining Incoming20414 email delivers Formbook
We have been in a bit of lull with a quiet couple of weeks on the malware front in the UK, but that seems to have come to an end overnight and early this morning. Most of the malware are very common, well known versions of Lokibot, Hawkeye and a marg… Continue reading Fake Bank Detail For Funds Transfer delivers info stealer malware
Yet another Agent Tesla Keylogger / Info-stealer Trojan malware delivered via a fake Request for Quotation email with a malicious Excel XLS spreadsheet attachment using Microsoft Equation Editor Exploit CVE-2017-11882. We see dozens of this sort of ema… Continue reading Agent Tesla keylogger via fake Request for Quotation
A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies involved i… Continue reading Fake HSBC payment details delivers Agent Tesla
Another Hawkeye keylogger attempt that has problems with the delivery system. The email pretends to be a purchase order from a company called Bath Trends, who might or might not actually exist. It pretends to come from a Gmail address. It is supposed … Continue reading Yet another attempted Hawkeye delivery that fails.
Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the expl… Continue reading Formbook via fake Urgent Enquiry email
Continuing with this malware campaign trying to deliver Hawkeye Keylogger/ Infostealer from yesterday. The same bad actor has updated the email, changed the payload slightly to try to bypass AV detections and instead of a .exe attachment has u… Continue reading Hawkeye keylogger via fake Bank Details in the Invoice
A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this campaign is he or she attached a .exe to the ema… Continue reading Hawkeye keylogger via fake Proforma Invoice that probably fails delivery