Collaborate Disseminate
Something slightly different to start with this morning. There is nothing special about the email lure, but the attached word doc seems to be a bit different to the ones we are used to seeing with equation editor exploits. I don’t know if this … Continue reading Agent Tesla Keylogger via fake new Order using Equation Editor RTF exploit
Nothing exceptionally special about this malware campaign delivering Pony / fareit trojan. An email with the subject of “Urgent Order for october Shipment needed” pretending to come from AL-HASSANA TRADING LTD <info@al-hassana.com>… Continue reading Urgent Order for october Shipment needed delivers Pony / Fareit
We are starting this Monday Morning with a Lokibot campaign being delivered via malicious word docs, actually RTF files using CVE-2017-11882 Microsoft equation editor exploits. I am seeing various email subjects. I have received 2 of each version so … Continue reading Lokibot campaign 17 September 2018
An email with the subject of ” ENQUIRY NO-64743″ pretending to come from “isaac_w@highgatelimited.com” with a malicious word doc attachment eventually delivers some sort of malware that looks like a keylogger or password ste… Continue reading Fake ” ENQUIRY NO-64743″ malspam using multiple exploits delivers malware.
Over the last week of so, there has been a bit of a change to the Trickbot delivery system. For quite a while they used the Microsoft Equation Editor Exploit CVE-2017-11882 in word docs to deliver the payload. Sometimes using 2 or 3 different exploit… Continue reading Slight changes to Trickbot delivery system
An email with the subject of “FW: URGENT PAYMENT FOR OVERDUE INVOICES” pretending to come from FINANCE <salgar@dgkw.com> with both a malicious word doc and an Excel XLS spreadsheet attachment delivers Formbook. These attachments… Continue reading Fake URGENT PAYMENT FOR OVERDUE INVOICES delivers formbook