Collaborate Disseminate
A quick post detailing another Formbook campaign with what looks like a few changes.Recently the criminals distributing this malware have been using .exe files inside various forms of archive, including .iso, .ace, .rar. ,zip. Frequently they use vario… Continue reading Formbook campaigns continue via malspam emails
Another day and yet another malformed. malicious word doc attachment that is a renamed RTF file delivering Lokibot malware. These criminal gangs are really playing around with RTF files and constantly changing the header control word to try to bypass A… Continue reading Fake Quotation Request with malformed RTF file attachments delivering Lokibot
Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previou… Continue reading Formbook from fake order via complicated chain using multiple equation editor exploits
I can’t remember previously seeing a malware delivery campaign using a malformed, malicious RTF file like this one. It definitely is using one of the multiple Equation Editor exploits.There is some dispute on VirusTotal whether it is CVE-2017-11… Continue reading Formbook via fake Unicredit Bank swift transfer using different malformed RTF files
Following on from this post from last week. We are seeing another what looks like Hawkeye or Agent Tesla keylogger campaign using identical methods. All the same sites and hosting companies are involved with the same possibility of the DNS on Godaddy … Continue reading Agent Tesla reborn via fake order
Following on from my slightly earlier post about Lokibot, this is yet another version with 2 XLS spreadsheet attachments coming in a fake Overdue Invoices November – December 2018 email. This version uses CVE-2017-11882 or is trying to, but only… Continue reading More Lokibot via fake Maersk Quotation / Invoice
I am seeing a bit of changes today from the scumbags who are distributing the Hawkeye Keylogger Trojan. The email template is a typical fake Purchase Order with a malicious word doc attachment. The word doc is actually a RTF that uses the CVE-2017-118… Continue reading Some changes to malicious RTF docs delivering Hawkeye
A slightly interesting and unusual malware delivery to report first today. First we note the spelling mistake in the subject line “Purchase Oder”, then the body content when the email is delivered to the prospective victim. Please read the … Continue reading megalodon delivered via fake purchase oder via compromised Godaddy DNS settings
We frequently see this sort of generic Malicious Spam email with an office file attachment that acts as a downloader for all sorts of malware. Today’s example is an email with the subject of [Your Email Address] RE:Payment Receipt for your refere… Continue reading Fake Payment Receipt delivers Nanocore RAT malware
Yet another fake or spoofed DHL delivery notification delivering what today turns out to be Remcos RAT . An email with the subject of “READ : (DHL Express) -Delivery Address Confirmation” Pretending to come from dhlSender@dhl.com <nore… Continue reading Fake DHL READ : (DHL Express) -Delivery Address Confirmation delivers Remcos Rat