The zip attachment of the "PURCHASE ORDER" email contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP.
Syria, civilian real estate in Deir Ezzor targeted by pro-Iran militias
Civilian real estate in Deir Ezzor targeted by pro-Iran militias. Objective: to reduce the risks that infrastructures, used as weapons and ammunition depots or as command centers, are attacked by unknown drones
Pro-Iran militias in eastern Syria try to react to raids with unknown drones, which destroy their stockpiles of weapons, ammunition and missiles. In recent days, the seizures of real estate belonging to civilians in Deir Ezzor have experienced a surge, reaching almost two thousand since the beginning of the year. The areas most affected are Deir Ezzor city, al-Ashara, al-Qurayyah, Mohsin, al – Maray’iya, al-Bulail, al-Majra, Mayadeen, Doblan, Boqros, Al-Taiybah, Al-Bukamal, Sabaikhan and others urban centers. The main beneficiaries, however, are LiwaaFatemiyoun, Liwaa Abu al-fadl al-Abbas, Hezbollah and the Revolutionary Guards (IRGC). According to local sources, the seized buildings and properties are used as temporary hiding places for weapons and missiles, which are periodically moved between them. This is to reduce the risk of being detected and then attacked by hostile air assets. Some houses, on the other hand, are used as command centers. These are also “mobile” for added safety.