By opening the link in the email, you download a doc file that contacts a url from an internal list and download the dll, which starts the malware infection.
The email contains a link that downloads a .doc attachment. This contacts a random url from an internal list of 9 and downloads a DLL, which starts malware infection.
Juniper Threat Labs cybersecurity experts: the malware uses GitHub and Pastebin for housing component code and has at least 12 different attack modules available.
New messages with compressed attachment, which contains a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet.
The “Threat Landscape 2020” has just been released. Malware is in first place, followed by web-based attack and phishing. COVID-19 fuelled cyber aggressions.
The bait is always real stolen email conversations. The doc attachment contacts the first available url from a list within it to start the malware infection.
Bleeping Computer: The aim is to lure victims into enabling Excel macros. Threat actors also continue using signed campaigns for distributing the malware.
Cryptolaemus cyber security experts find new links in the botnet that download the malware. The continuous evolution of the worldwide campaign confirms that it will continue.
The cyber security experts: Someone hacked into the malware's distribution sites and replaced payloads with memes and images. Criminals paused the spamming, but the war is not over.