Cybercrime, Emotet still in Italy with a document-themed campaign
The email xls attachment contacts a link from an internal list and downloads the dll, using the epoch 4 botnet, starting the malware infection.
Cybercrime, double AgentTesla campaign with a courier / shipper theme
The emails contain a link that downloads an iso with the malware inside or directly a 7z with the malicious exe.
Cybercrime, AgentTesla spread by real emails from UAE engineering companies
AgentTesla spread by real emails from UAE engineering companies. All the messages have the same attachment: an img file with an exe inside, the malware itself. Stolen data is exfiltrated via FTP Someone is exploiting UAE engineering companies to convey…
Cybercrime, The mail “RE: Purchase Inquiry: KPC / PU-231 (MECH) NBI / 20-22” bait for Lokibot
The message rar attachment contains an exe file: the malware itself.
Cybercrime, new order-themed AgentTesla campaign from Iraq
The "New Order.xlsx" attachment contains an exe file: the malware itself. The stolen data is then stolen via SMTP.
Cybercrime, “RE: Inovice no MUMXX NPVPXX” bait for Formbook
The email xlsx attachment contacts a link and downloads the malware via DBatloader.
Cybercrime, fake purchase order from Malaysia bait for SnakeKeylogger
The cab attachment contains an exe file: the malware itself. Stolen data is exfiltrated via SMTP.
Cybercrime, the hotel-themed Formbook campaign is back
7z attachment of a fake booking confirmation email contains an exe file: the malware itself.
Cybercrime, “New Invoice (s) for C394381487 are Available to be Viewed” conveys IcedID
The xls attachment downloads and runs a dll, starting the malware infection.
Cybercrime, “RE: Purchase Inquiry:” conveys a new Lokibot campaign
The email rar attachment contains an exe file: the malware itself.