Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign

Last week we reported on a fairly large scale Gandcrab ransomware campaign that was assisted in delivery via a security hole in Godaddy (and almost certainly other major DNS providers). Some of the major tech sites reported on the DNS compromise with a… Continue reading Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign

More Fake DHL invoices delivering Remcos RAT via office XML files

An old favourite lure with this email with the subject of “DHL Shipping of Original invoice B/L dated 26/10/2018” pretending to come from DHL EXPRESS – < noreply@dhl.com >  with a malicious word doc attachment  delivers Remcos… Continue reading More Fake DHL invoices delivering Remcos RAT via office XML files

Fake DHL READ : (DHL Express) -Delivery Address Confirmation delivers Remcos Rat

Yet another fake or spoofed DHL delivery notification delivering what today turns out to be Remcos RAT . An email with the subject of “READ : (DHL Express) -Delivery Address Confirmation” Pretending to come  from dhlSender@dhl.com <nore… Continue reading Fake DHL READ : (DHL Express) -Delivery Address Confirmation delivers Remcos Rat

Lokibot campaign 17 September 2018

We are starting this Monday Morning with a Lokibot campaign being delivered via malicious word  docs, actually RTF files using CVE-2017-11882 Microsoft equation editor exploits.  I am seeing various email subjects. I have received 2 of each version so … Continue reading Lokibot campaign 17 September 2018

Fake DHL delivery notification Agent Tesla Keylogger

Yet another fake or spoofed DHL delivery notification delivering what looks like Agent Tesla keylogger. An email with the subject of “Vessel Schedule ETD:AUG 26 ,ETA:SEP 20” coming from  Donald Townsend <comercial@twistermedical.com&#62… Continue reading Fake DHL delivery notification Agent Tesla Keylogger

Fake DHL Arrival Notice or Shipment Notice delivers malware via embedded exe files inside MP3 music files

  Following on from last week with an almost identical DHL malware campaign, today I am seeing yet another email pretending to be a DHL Shipment Notification  with the subject of  Arrival Notice For BL – 06/08/2018 / Vessel – DHL ATLAN… Continue reading Fake DHL Arrival Notice or Shipment Notice delivers malware via embedded exe files inside MP3 music files

Fake DHL Shipment Notification delivers malware

Yet another email pretending to be a DHL Shipment Notification  with the subject of  Shipment Notification pretending to come from DHL but actually coming from dhl@paperattention.com  with a malicious word doc attachment  delivers some sort of malware…. Continue reading Fake DHL Shipment Notification delivers malware

Fake DHL “Alert! Shipment Notification” delivers Remcos RAT

A bit of a strange one to start off today. The word doc doesn’t want to run or run properly in most of the online sandboxes available to me. An email with the subject of “Alert! Shipment Notification”  pretending to come from  DHL but… Continue reading Fake DHL “Alert! Shipment Notification” delivers Remcos RAT