Cybercrime, Rig Exploit Kit actors swapped Raccoon Steeler for Dridex
Bitdefender cybersecurity experts: The campaign changed malware in February when one of the lead developers was killed in the Russian invasion of Ukraine.
Cybercrime, Emotet via real stolen email conversation is back
The zip attachment contains an xls file, which contacts an internal list of URLs and downloads the dll, starting the malware infection.
Cybercrime, second Emotet campaign via real stolen email conversation
The xls attachment directly contacts an internal list of URLs and downloads the dll, starting the malware infection.
Cybercrime, a real stolen email conversation spread Emotet
The zip attachment contains a file that runs a PS and downloads the dll from an internal list of url, starting the malware infection.
Cybercrime, new Emotet campaign in Italy via botnet Epoch 5
The xlsm attachment of the email contacts a single url and downloads the dll, starting the malware infection chain.
Cybercrime, new Emotet campaign in Italy via EA Arpa
The zip attachment contains an xls file that contacts an internal list of URLs and downloads the dll from Epoch5 botnet, starting malware infection.
Cybercrime, Biden in Georgia decoy for unknown malware
The email attachment, sometimes a real stolen conversation, contains a zip with an xlsb, which contacts 1 of the 3 urls and downloads the dll. Now, however, it is inactive.
Cybercrime, fake flu vaccine email conveys IcedID in Italy
The xlsb file in the zip attachment, created with EtterSilent, contacts 3 url and downloads the dll, starting malware infection. But only if the IP is not blacklisted.
Cybercrime, Emotet again in Italy via “RE: email @”
The zip attachment contains an xlsm file: This contacts url from a list of 4 and downloads the dll, activating the malware infection.
Cybercrime, Emotet returns to Italy via “RE: Email” email
The zip attachment contains an xls file: This starts a powershell script, which contacts various URLs and downloads the dll, activating the malware infection chain.