Protect Before You Detect: FlawedAmmyy and the Case for Isolation

Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882&… Continue reading Protect Before You Detect: FlawedAmmyy and the Case for Isolation

Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

Formbook via fake invoice using Microsoft Office Equation Editor exploits

Another malware campaign using malformed  RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing  the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Formbook via fake invoice using Microsoft Office Equation Editor exploits

Azorult via fake inquiry email using Microsoft Office Equation Editor exploits

Another malware campaign using malformed  RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing  the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Azorult via fake inquiry email using Microsoft Office Equation Editor exploits

Lokibot via multiple embedded OLE objects in fake invoice rtf word docs

A slightly different Lokibot campaign this morning. The  email is nothing special with a typical subject of  CONFIRM OVERDUE INVOICE coming from various email addresses including what is likely to be either  a compromised or fraudulently set up email a… Continue reading Lokibot via multiple embedded OLE objects in fake invoice rtf word docs

Lokibot via fake enquiry CVE-2017-8570 malware campaign error

An email with the subject of  “Re: Inquiry”  pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar  but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>”  with a malic… Continue reading Lokibot via fake enquiry CVE-2017-8570 malware campaign error

CobInt Trojan Removal Instructions — Restore Your Computer From Infections

The CobInt Trojan is a newly devised malware that has been identified in several ongoing attacks. It is an upgraded version of a previous weapon that has the potential of infecting whole networks of computers. A dangerous characteristic of it…Read mo… Continue reading CobInt Trojan Removal Instructions — Restore Your Computer From Infections

Slightly different Lokibot delivery via embedded ole objects in rtf word doc

Today’s first example of malware received overnight is a slightly less usual delivery method for Lokibot. The email is a common lure pretending to be  a quote / Inquiry request and is  nothing special. The subject is  “Re: Inquiry / Quotes&… Continue reading Slightly different Lokibot delivery via embedded ole objects in rtf word doc

Word Attachment Delivers FormBook Malware, No Macros Required

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Continue reading Word Attachment Delivers FormBook Malware, No Macros Required