Collaborate Disseminate
Last week we reported on a fairly large scale Gandcrab ransomware campaign that was assisted in delivery via a security hole in Godaddy (and almost certainly other major DNS providers). Some of the major tech sites reported on the DNS compromise with a… Continue reading Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign
With Christmas over we are starting to see an increase in malware campaigns. It is not up to the usual level yet because the Russian Gangs are still on their Xmas breaks, but the rest of the scumbags are trying to make up for it. Some like this one are… Continue reading Lokibot via Fake DHL quotation using .ace attachments
An old favourite lure with this email with the subject of “DHL Shipping of Original invoice B/L dated 26/10/2018” pretending to come from DHL EXPRESS – < noreply@dhl.com > with a malicious word doc attachment delivers Remcos… Continue reading More Fake DHL invoices delivering Remcos RAT via office XML files
Yet another fake or spoofed DHL delivery notification delivering what today turns out to be Remcos RAT . An email with the subject of “READ : (DHL Express) -Delivery Address Confirmation” Pretending to come from dhlSender@dhl.com <nore… Continue reading Fake DHL READ : (DHL Express) -Delivery Address Confirmation delivers Remcos Rat
We are starting this Monday Morning with a Lokibot campaign being delivered via malicious word docs, actually RTF files using CVE-2017-11882 Microsoft equation editor exploits. I am seeing various email subjects. I have received 2 of each version so … Continue reading Lokibot campaign 17 September 2018
Yet another fake or spoofed DHL delivery notification delivering what today turns out to be Lokibot . An email with the subject of “Arrival Notice For BL – 08/23/2018 / Vessel – DHL Express” coming from DHL Express Internationa… Continue reading Yet another Fake DHL delivery note delivers Lokibot
Yet another fake or spoofed DHL delivery notification delivering what looks like Agent Tesla keylogger. An email with the subject of “Vessel Schedule ETD:AUG 26 ,ETA:SEP 20” coming from Donald Townsend <comercial@twistermedical.com>… Continue reading Fake DHL delivery notification Agent Tesla Keylogger
Following on from last week with an almost identical DHL malware campaign, today I am seeing yet another email pretending to be a DHL Shipment Notification with the subject of Arrival Notice For BL – 06/08/2018 / Vessel – DHL ATLAN… Continue reading Fake DHL Arrival Notice or Shipment Notice delivers malware via embedded exe files inside MP3 music files
Yet another email pretending to be a DHL Shipment Notification with the subject of Shipment Notification pretending to come from DHL but actually coming from dhl@paperattention.com with a malicious word doc attachment delivers some sort of malware…. Continue reading Fake DHL Shipment Notification delivers malware
A bit of a strange one to start off today. The word doc doesn’t want to run or run properly in most of the online sandboxes available to me. An email with the subject of “Alert! Shipment Notification” pretending to come from DHL but… Continue reading Fake DHL “Alert! Shipment Notification” delivers Remcos RAT