Collaborate Disseminate
This example is an email containing the subject of “FW: Unpaid Invoice 17.07.2018” pretending to come from HMRC but actually coming from a look-a-like or typo-squatted domain “Melanie.Moran@hmrcco.uk” with a malicious word doc… Continue reading Trickbot deliveredc via fake HMRC “FW: Unpaid Invoice 17.07.2018”
This example is an email containing the subject of “FW: Recent BACs ” pretending to come from Danske Bank but actually coming from a look-a-like or typo-squatted domain “Jacob.Schiander@danskebankco.uk” with a malicious word d… Continue reading Fake Danske Bank FW: Recent BACs delivers Trickbot
The second in today’s trickbot campaigns targets USA. I wonder if the hacked/ compromised healthcare company involved in the distribution has also lost or leaked any patient details. This example is an email containing the subject of “Impor… Continue reading Trickbot campaign spoofing Chase Bank “Important account documents”
Trickbot is back targeting the UK again today after a short break. This example is an email containing the subject of “June’s Invoices / Documents ” pretending to come from Companies House eBilling but actually coming from a look-a-li… Continue reading Trickbot via Fake Companies House E-billing “June’s Invoices / Documents ” malspam
A bit of a strange one to start off today. The word doc doesn’t want to run or run properly in most of the online sandboxes available to me. An email with the subject of “Alert! Shipment Notification” pretending to come from DHL but… Continue reading Fake DHL “Alert! Shipment Notification” delivers Remcos RAT
Over the last week of so, there has been a bit of a change to the Trickbot delivery system. For quite a while they used the Microsoft Equation Editor Exploit CVE-2017-11882 in word docs to deliver the payload. Sometimes using 2 or 3 different exploit… Continue reading Slight changes to Trickbot delivery system
This example is an email containing the subject of “FW: Invoice” pretending to come from Santander Bank but actually coming from a look-a-like or typo-squatted domain “Diana.Braser@santander-invoice.co.uk” with a malicio… Continue reading Even more Fake Santander Bank invoices delivering Trickbot
This example is an email containing the subject of “FW: Invoice” pretending to come from Sage but actually coming from a look-a-like or typo-squatted domain “Dorothy.Fraser@sageinvoice.co.uk” with a malicious word doc at… Continue reading Yet another Fake Sage Invoice delivers Trickbot
This example is an email containing the subject of “FW: Payslip” pretending to come from UK Tax Service but actually coming from a look-a-like or typo-squatted domain “Amanda.Right@tax-service-gov.uk” with a malicious word do… Continue reading Fake “Fw: Payslip” from tax-service-gov.uk delivers Trickbot
The second in today’s Trickbot versions has reverted to the tried & trusted Macros in word docs. This one targets the USA rather than UK but keeping to the same theme of the country’s Tax & Revenue Authority. They have also kept on… Continue reading Fake IRS ” Important Documents ” delivers Trickbot