Cybercrime, purchase order from Spain bait for AgentTesla
The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, the “Re: Our Ref: MSS Urgent Order” email bait for AgentTesla
The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, “Re: Purchase Order ….>,” bait for HawkEye from South Korea
The compressed attachment contains an exe file: the malware. The stolen data is exfiltrated via FTP to a host in Russia.
Cybercrime, “Nieuwe bestelling 20230517/4500338579” bait for AgentTesla
The attachment contains a Tar file with an exe: the malware. Stolen data is exfiltrated via Telegram API to the same “Nieuwe bestelling–100 STUKS ELK” campaign C2.
Cybercrime, AgentTesla passes by a fake request for products from Dubai
The “Re: Revised Quotatio” email contains a zip file with an exe inside – the malware. It is not known how the stolen data is exfiltrated.
Cybercrime, AgentTesla hides in the “Nieuwe bestelling – 100 STUKS ELK” email
The lzh attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, “FQ quotations….>” carries HawkEye/MailPassView and AgentTesla
The zip attachment contains 2 exe: "LPO Samples Xls" and "Purchase Order Details XLs": the malware. AgentTesla exfiltrates stolen data via FTP.
Cybercrime, Formbook campaign via rtf from China
The “AWD-20-971-JA04Q7.doc” attachment of the “Рuгсhasе Огdег #AWD-20-971-JA04Q7” email, exploiting a vulnerability, contacts a link and downloads an exe: the malware.
Cybercrime, Formbook hidden in a fake purchase order from Zimbabwe
The gz attachment of the “ORDER 0736449574 ZWL0106245448” email contains an exe file: the malware.
Cybercrime, false DHL invoice baits for a Formbook campaign
The gz attachment of the email with the subject "COMMERCIAL INVOICE, BILL OF LADING, ETC DOC" contains an exe file: the malware.