Cybersecurity experts: The malware core infrastructure was originally located in Ukraine. After the Russian invasion, it has moved “at home” or in Belarus.
Cryptolaemus cybersecurity experts detect that Epoch 4 and 5 began spamming again. Malware infections passes by direct attached XLS files and zipped-password protected XLS.
Cryptolaemus cybersecurity experts detect new password-protected ZIP files and shortcuts. The command to create-execute VBS to install the malware works properly.