Cybercrime, Hancitor is back hidden in a DocuSign email
The doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown.
Cybercrime, Agent Tesla hidden in a fake payment invoice
Technical analysis by the Malware Hunter JAMESWT Cybercrime, Agent Tesla hidden in a fake payment invoice. The email contains an exe and a zip with the same executable inside. Both are the malware. Data is exfiltered via smtp A payment…
Cybercrime, Ursnif / Gozi back to Italy with a fake BRT courier email
The xls attachment contacts a single link and downloads the dll, which activates the malware infection. Provided that the IP is Italian and not on the blacklist.
Cybercrime, Agent Tesla goes through a fake order from a Turkish company
The email gz attachment contains an executable: the malware itself. If open, it activates the infection. The stolen data is then exfiltrated via ftp.
Cybercrime, new Remcos aggressive campaign via DHL
Three different emails in one day with the same xls attachment: the malware itself. The file, if opened, activates the infection chain.
Cybercrime, Hancitor is still hiding in a DocuSign mail
The doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown.
Cybercrime, the “Quotation”-themed SnakeKeylogger campaign is back
The email lzh attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp.
Cybercrime, new chapter of the Hancitor campaign via DocuSign
The email doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown.
Cybercrime, new Dridex campaign via invoice
The xlsb attachment contacts a random url from an internal list and downloads the dll, which activates the malware infection chain.
Cybercrime, triple Remcos attack via RFQ
Three emails have different request numbers, but identical text and tar attachment. Inside is an exe: the malware itself.