Collaborate Disseminate
A new malicious campaign is spreading LokiBot and NanoCore trojans under the guise of an ISO file claiming to be an invoice. Continue reading Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files
It looks like one of the criminal gangs behind some of the Lokibot campaigns have found a way to serve their malware almost undetected or at least without any known host that can take down easily or be blocked. What they have done with this series of c… Continue reading Lokibot via abusing the ngrok proxy service
I have got a very unusual and somewhat difficult to analyse set of malware files here. I received 2 different versions of this email. The first with just an XLSX attachment, the second with both an XLSX and a .rar attachment. Running the xlsx file thro… Continue reading Lokibot via fake purchase order but won’t run in W7 or W8.1
Earlier this morning I received a spam email, pretending to be a new order asking me to quote a price, with a word docx attachment. That is normal for me & many others to receive this sort of malware laden spam. The subjects are so generic, the all… Continue reading Lokibot via fake order email. Massive document.xml.rels obscuring analysis
Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack. Continue reading LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files
Yet another Lokibot campaign. This time coming via a Fake DHL delivery failed email. We frequently see comments saying ” how can anybody fall for this sort of scam”. Well it is extremely easy! It only needs a combination of very plausible c… Continue reading Lokibot via Fake DHL delivery message using ISO attachments
Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019
Yet another Lokibot campaign via Malspam emails. In today’s Internet based world parcel delivery messages are so common. Most of us will receive at least 1 every week, if not several each day. Today the lure pretends to be a delivery notificatio… Continue reading Lokibot via fake Fedex customs clearance notice
Another day and yet another malformed. malicious word doc attachment that is a renamed RTF file delivering Lokibot malware. These criminal gangs are really playing around with RTF files and constantly changing the header control word to try to bypass A… Continue reading Fake Quotation Request with malformed RTF file attachments delivering Lokibot
Following on from my slightly earlier post about Lokibot, this is yet another version with 2 XLS spreadsheet attachments coming in a fake Overdue Invoices November – December 2018 email. This version uses CVE-2017-11882 or is trying to, but only… Continue reading More Lokibot via fake Maersk Quotation / Invoice