Collaborate Disseminate
Posted by Josh Stroschein, Ratnesh Pandey and Alex Holland. For an attack to succeed undetected, attackers need to limit the creation of file and network artifacts by their malware. In this post, we analyse an attack that illustrates two popular tactic… Continue reading Congratulations, You’ve Won a Meterpreter Shell
Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Continue reading VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options. Continue reading Spora Ransomware Offers Victims Unique Payment Options
The next in the never ending series of Locky downloaders is an email with the subject of Voicemail from [random name] [random number] <[random number]> [random time] pretending to come from voicemailandfax@ random email addresses with a semi-random named zip attachment containing a HTA … Continue reading →
The next in the never ending series of Locky downloaders is an email with the subject of Document No 25845584 ( random numbers) pretending to come from random names at accounts@your own email domain or company with a random … Continue reading →
The next in the never ending series of Locky downloaders is an email with the subject of Receipt of payment coming as usual from random companies, names and email addresses with a random numbered zip attachment containing a HTA file This … Continue reading →
We show two examples of HTA induced infections we have seen recently. Nothing fancy, but feel free to consider it a general warning, that malware authors are expanding the number of file extensions they are using, to spread their payload.Categories: Cy… Continue reading Surfacing HTA infections
The next in this mornings never ending series of Locky downloaders is an email with the subject of Accounts Documentation – Invoices pretending to come from CreditControl @ your own email domain with a random named zip attachment containing a .HTA file … Continue reading →
The next in the never ending series of Locky downloaders is an email with the subject of Documents Requested or FW:Documents Requested pretending to come from a random name at your own email domain or company with a zip file … Continue reading →
The next in the never ending series of Locky downloaders is an email with the subject of Order Confirmation 9226435 [random number]coming as usual from random companies, names and email addresses with a random named zip attachment containing an HTA … Continue reading →
Continue reading Order Confirmation nnnnnn malspam with a dzip attachment delivers Locky