Collaborate Disseminate
An email with the subject of POQEA inquiry for order pretending to come from Balwinder Singh <sanjayl.sherma@gmail.com> with a link to download a malicious word doc delivers Agent Tesla Keylogger / Remote Access Trojan. This campaign is u… Continue reading Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits
I am quite impressed with the level of Social Engineering with this malware delivery Malspam campaign. With Brexit fast approaching and the likelihood of no deal between UK and Europe, many companies are increasingly trying to build a relationship wit… Continue reading Azorult via fake Chinese Government New Import Export Regulations
A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain
Ave Maria info stealer & keylogger is a relatively new malware that appeared rather suddenly towards the end last year 2018. We don’t see much of it in UK and most examples I have heard of are from Italy and have been targeting Italian compa… Continue reading Ave Maria infostealer keylogger via Fake Invoice order confirmation
A quick post detailing another Formbook campaign with what looks like a few changes.Recently the criminals distributing this malware have been using .exe files inside various forms of archive, including .iso, .ace, .rar. ,zip. Frequently they use vario… Continue reading Formbook campaigns continue via malspam emails
Another day and yet another malformed. malicious word doc attachment that is a renamed RTF file delivering Lokibot malware. These criminal gangs are really playing around with RTF files and constantly changing the header control word to try to bypass A… Continue reading Fake Quotation Request with malformed RTF file attachments delivering Lokibot
Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previou… Continue reading Formbook from fake order via complicated chain using multiple equation editor exploits
I can’t remember previously seeing a malware delivery campaign using a malformed, malicious RTF file like this one. It definitely is using one of the multiple Equation Editor exploits.There is some dispute on VirusTotal whether it is CVE-2017-11… Continue reading Formbook via fake Unicredit Bank swift transfer using different malformed RTF files
Following on from this post from last week. We are seeing another what looks like Hawkeye or Agent Tesla keylogger campaign using identical methods. All the same sites and hosting companies are involved with the same possibility of the DNS on Godaddy … Continue reading Agent Tesla reborn via fake order
Following on from my slightly earlier post about Lokibot, this is yet another version with 2 XLS spreadsheet attachments coming in a fake Overdue Invoices November – December 2018 email. This version uses CVE-2017-11882 or is trying to, but only… Continue reading More Lokibot via fake Maersk Quotation / Invoice