PO Archivi - Difesa e Sicurezza (difesaesicurezza.com)

The link in the photo of the “Purchase Order No. 4500016771 Dtd 10/03/2023” email points to a url that downloads an exe: the malware. Stolen data is exfiltrated via SMTP to an email.

Cybercrime, BluStealer is back with a campaign on Purchase Order

The gz attachment of a fake email from the UAE contains an exe file: the…

Cybercrime, BluStealer is back with a campaign on Purchase Order

The gz attachment of a fake email from the UAE contains an exe file: the malware. The stolen data is then exfiltrated via Telegram API.

Cybercrime, double failed malware campaign via PO

The emails contain an xls which, using the Equation Editor, contacts a url and downloads…

Cybercrime, double failed malware campaign via PO

The emails contain an xls which, using the Equation Editor, contacts a url and downloads the final payload. However, the exe is unreachable.

Cybercrime, false order from Bangladesh carries AgentTesla

The zip attachment of the email contains an exe file: the malware. The stolen data…

Cybercrime, false order from Bangladesh carries AgentTesla

The zip attachment of the email contains an exe file: the malware. The stolen data is then exfiltrated via SMTP.

Cybercrime, Avemaria / WarZone RAT is back via false PO

The gz attachment contains an exe file: the malware itself. Objective: to steal information from…

Cybercrime, Avemaria / WarZone RAT is back via false PO

The gz attachment contains an exe file: the malware itself. Objective: to steal information from the victim.