Telegram API

The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.

Cybercrime, Blustealer campaign from Lithuania simulating China

The compressed attachment of the “Order_list_30052023” message contains an exe file: the malware. Stolen data…

Cybercrime, Blustealer campaign from Lithuania simulating China

The compressed attachment of the “Order_list_30052023” message contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, the “Re: Our Ref: MSS Urgent Order” email bait for AgentTesla

The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram…

Cybercrime, the “Re: Our Ref: MSS Urgent Order” email bait for AgentTesla

The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, “Nieuwe bestelling 20230517/4500338579” bait for AgentTesla

The attachment contains a Tar file with an exe: the malware. Stolen data is exfiltrated…

Cybercrime, “Nieuwe bestelling 20230517/4500338579” bait for AgentTesla

The attachment contains a Tar file with an exe: the malware. Stolen data is exfiltrated via Telegram API to the same “Nieuwe bestelling–100 STUKS ELK” campaign C2.

Cybercrime, false invoice request from UK is the bait for BluStealer

The compressed attachment of the “Order-Urgent” email contains an exe file – the malware. The…

Cybercrime, false invoice request from UK is the bait for BluStealer

The compressed attachment of the “Order-Urgent” email contains an exe file – the malware. The stolen data is exfiltrated via Telegram API.

Cybercrime, AgentTesla hides in the “Nieuwe bestelling – 100 STUKS ELK” email

The lzh attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram…

Cybercrime, AgentTesla hides in the “Nieuwe bestelling – 100 STUKS ELK” email

The lzh attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, a “Purchase Order” email from Lebanon carries Blustealer

The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram…

Cybercrime, a “Purchase Order” email from Lebanon carries Blustealer

The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, the mysterious malware from Türkiye is SnakeKeylogger/StormKitty

The lnk “Alıntı 2589984” email attachment starts the infection chain by running a Powershell script.…

Cybercrime, the mysterious malware from Türkiye is SnakeKeylogger/StormKitty

The lnk “Alıntı 2589984” email attachment starts the infection chain by running a Powershell script. Stolen data is exfiltrated via Telegram API.

Cybercrime, double AgentTesla campaign via China and Türkiye

The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an…

Cybercrime, double AgentTesla campaign via China and Türkiye

The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.

Cybercrime, Stormkitty/SnakeKeylogger campaign via Garanti BBVA

2 identical “Hesap hareketleriniz” emails contain the same r01 attachment, inside which there is an…

Cybercrime, Stormkitty/SnakeKeylogger campaign via Garanti BBVA

2 identical “Hesap hareketleriniz” emails contain the same r01 attachment, inside which there is an exe file: the malware. Stolen data is exfiltrated via Telegram API.