Collaborate Disseminate
Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or… Continue reading Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.
We have been seeing a massive increase in Malspam emails delivering Hawkeye keylogger / infostealer trojan. The vast majority have either a zip file containing the trojan itself or a malformed word doc either containing macros or using one of the Micro… Continue reading Hawkeye keylogger using fileless delivery system via Amazon AWS
Another Hawkeye keylogger campaign again today. We see these most days and the emails are always such a generic invoice, order or Request for quotation so I don’t bother to post all versions we receive. I normally just tweet to the other research… Continue reading Multiple Hawkeye malspam campaigns via GreenCloudVPS
Continuing with this malware campaign trying to deliver Hawkeye Keylogger/ Infostealer from yesterday. The same bad actor has updated the email, changed the payload slightly to try to bypass AV detections and instead of a .exe attachment has u… Continue reading Hawkeye keylogger via fake Bank Details in the Invoice
A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this campaign is he or she attached a .exe to the ema… Continue reading Hawkeye keylogger via fake Proforma Invoice that probably fails delivery
The start to another week with several different malspam emails arriving overnight to start off Monday Morning with a bang. They are all typical subjects & email content and all deliver various well known malware, using a variety of exotic compress… Continue reading Multiple malware versions via malspam emails
Following on from this post from last week. We are seeing another what looks like Hawkeye or Agent Tesla keylogger campaign using identical methods. All the same sites and hosting companies are involved with the same possibility of the DNS on Godaddy … Continue reading Agent Tesla reborn via fake order
I am seeing a bit of changes today from the scumbags who are distributing the Hawkeye Keylogger Trojan. The email template is a typical fake Purchase Order with a malicious word doc attachment. The word doc is actually a RTF that uses the CVE-2017-118… Continue reading Some changes to malicious RTF docs delivering Hawkeye