Cybercrime, the maxi Formbook campaign via Guloader comes from Nepal
All the emails, although the texts and rar attachments varied, were sent from a single server. The senders have been spoofed.
Cybercrime, massive global Guloader campaign
Compressed email attachments, as different as each message, contain an exe. This is the loader, which contacts a url and should download an unknown malware.
Cybercrime, AgentTesla campaign via Guloader with a payment theme
The gz attachment contains VBS which contacts 2 urls of the same domain and downloads scripts, executing the final malware. Data is exfiltrated via Telegram API.
Cybercrime, malware campaign via Guloader and Ziraat Bankasi
The r19 attachment of an email about a SWIFT transfer contains an exe: the loader, which should contact a link and download the final payload. At the moment, however, this is unknown.
Cybercrime, Azorult campaign via Guloader from Turkey
The r19 attachment of an email from the Ziraat bank contains an exe: the loader, which contacts a url and downloads the final malware.
Cybercrime, AgentTesla again through real companies in Turkey
The .bz attachment of the email about a purchase order contains the exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, AgentTesla now passes by a company in Portugal
Invoice-themed campaign. The rar attachment contains Guloader, that contacts a link and downloads the final malware.
Cybercrime, AgentTesla via Guloader and purchase order
The Gz attachment of the email contains an exe: the loader, which contacts another url and downloads the final malware.
Cybercrime, new order-themed malware campaign via Guloader
The gz attachment of the email contains an exe file: the loader, which should contact a link and download an unknown final payload.
Cybercrime, new AgentTesla DHL-themed campaign via Guloader
The Gz attachment of a fake courier email contains an exe: the loader, which contacts another url and downloads the final malware.