Collaborate Disseminate
A spam campaign leveraged malicious RTF documents to distribute notorious infostealers including Agent Tesla and Lokibot. While digging through a few other spam campaigns, Lastline observed unusual use of the C# compiler from the command line in some s… Continue reading Spam Campaign Leveraged RTF Documents to Spread Infostealers
Popular trojan is sneaking its way onto PCs via malspam campaign that uses three levels of encryption to sneak past cyber defenses. Continue reading AZORult Campaign Adopts Novel Triple-Encryption Technique
Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or… Continue reading Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.
Another Hawkeye keylogger attempt that has problems with the delivery system. The email pretends to be a purchase order from a company called Bath Trends, who might or might not actually exist. It pretends to come from a Gmail address. It is supposed … Continue reading Yet another attempted Hawkeye delivery that fails.
Another malware campaign using malformed RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Azorult via fake inquiry email using Microsoft Office Equation Editor exploits
Another day and yet another malformed. malicious word doc attachment that is a renamed RTF file delivering Lokibot malware. These criminal gangs are really playing around with RTF files and constantly changing the header control word to try to bypass A… Continue reading Fake Quotation Request with malformed RTF file attachments delivering Lokibot
I can’t remember previously seeing a malware delivery campaign using a malformed, malicious RTF file like this one. It definitely is using one of the multiple Equation Editor exploits.There is some dispute on VirusTotal whether it is CVE-2017-11… Continue reading Formbook via fake Unicredit Bank swift transfer using different malformed RTF files
It looks like the summer holidays are over and the malware scumbags are trying out new and different delivery methods to catch us all unawares. This latest one is an email pretending to be a bank transfer notification with the subject of “Re: Pay… Continue reading Formbook malware delivered via RTF exploit downloading MSI file
Today’s first example of malware received overnight is a slightly less usual delivery method for Lokibot. The email is a common lure pretending to be a quote / Inquiry request and is nothing special. The subject is “Re: Inquiry / Quotes&… Continue reading Slightly different Lokibot delivery via embedded ole objects in rtf word doc
This month’s Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks.
Read more in my article on the Tripwire State of Security blog.
Continue reading Zero-day flaw exploited in targeted attacks is fixed by Microsoft