Cybercrime, HTML phishing campaign from China
The lure is a fake “Payment from last shipment” image, that points to a false admin login page. The goal is to steal as many credentials as possible.
Cybercrime, the email “Request Quotation PO.230029” conveys Vjw0rm
The js in the rar attachment contacts a url to download and run an exe: the malware. The mail provider is the same as yesterday's Remcos campaign.
Cybercrime, the maxi Formbook campaign via Guloader comes from Nepal
All the emails, although the texts and rar attachments varied, were sent from a single server. The senders have been spoofed.
Cybercrime, Remcos “YOUR INQUIRY” campaign from China
The message z attachment contains an exe file: the malware.
Cybercrime, fake email from UAE bait for AgentTesla
The “PAYMENT/62,842.51 USD and 31,101.87 EUR” rar attachment contains an exe: the malware. The stolen data is exfiltrated via SMTP to an email.
Cybercrime, AgentTesla is back with a campaign on couriers
The doc attachment, using Equation Editor, contacts a url and downloads an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, AgentTesla campaign via Guloader with a payment theme
The gz attachment contains VBS which contacts 2 urls of the same domain and downloads scripts, executing the final malware. Data is exfiltrated via Telegram API.
Cybercrime, very “heavy” AgentTesla carried by a RFQ
The email xls attachment contacts an url and downloads e 320,5 MB tar file. Inside there is an exe: the malware. Stolen data is exfiltered via Telegram API.
Cybercrime, false payment spread zgRAT via AgentTesla
The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Cybercrime, new zgRAT campaign via AgentTesla and fake offer list
The rar attachment contains an exe file: the first malware, that downloads the second payload.