Collaborate Disseminate
Yet another Agent Tesla Keylogger / Info-stealer Trojan malware delivered via a fake Request for Quotation email with a malicious Excel XLS spreadsheet attachment using Microsoft Equation Editor Exploit CVE-2017-11882. We see dozens of this sort of ema… Continue reading Agent Tesla keylogger via fake Request for Quotation
A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies involved i… Continue reading Fake HSBC payment details delivers Agent Tesla
Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the expl… Continue reading Formbook via fake Urgent Enquiry email
Continuing with this malware campaign trying to deliver Hawkeye Keylogger/ Infostealer from yesterday. The same bad actor has updated the email, changed the payload slightly to try to bypass AV detections and instead of a .exe attachment has u… Continue reading Hawkeye keylogger via fake Bank Details in the Invoice
A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this campaign is he or she attached a .exe to the ema… Continue reading Hawkeye keylogger via fake Proforma Invoice that probably fails delivery
An email with the subject of POQEA inquiry for order pretending to come from Balwinder Singh <sanjayl.sherma@gmail.com> with a link to download a malicious word doc delivers Agent Tesla Keylogger / Remote Access Trojan. This campaign is u… Continue reading Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits
I am quite impressed with the level of Social Engineering with this malware delivery Malspam campaign. With Brexit fast approaching and the likelihood of no deal between UK and Europe, many companies are increasingly trying to build a relationship wit… Continue reading Azorult via fake Chinese Government New Import Export Regulations
A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain
Ave Maria info stealer & keylogger is a relatively new malware that appeared rather suddenly towards the end last year 2018. We don’t see much of it in UK and most examples I have heard of are from Italy and have been targeting Italian compa… Continue reading Ave Maria infostealer keylogger via Fake Invoice order confirmation
Another malware campaign using malformed RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Azorult via fake inquiry email using Microsoft Office Equation Editor exploits