From: Fax [fax@victimdomain.com]The link in the email downloads an archive file Message_Document_pdf.zip from the same estudiocarraro.com.br site. This has a VirusTotal detection rate of 3/54. The ThreatTrack report shows that the malware attempts to phone home to:
Date: 17 September 2014 09:32
Subject: You've received a new fax
New fax at SCAN6405035 from EPSON by https://victimdomain.com
Scan date: Wed, 17 Sep 2014 16:32:29 +0800
Number of pages: 2
Resolution: 400x400 DPI
You can secure download your fax message at:
http://estudiocarraro.com.br/hpmdkvpvge/hljaejzkql.html
(Google Disk Drive is a file hosting service operated by Google, Inc.)
denis-benker.de/teilen/1709uk1.hit
188.165.204.210/1709uk1/NODE01/0/51-SP3/0/
188.165.204.210/1709uk1/NODE01/1/0/0/
188.165.204.210/1709uk1/NODE01/41/5/4/
Recommended blocklist:
188.165.204.210
denis-benker.de
estudiocarraro.com.br
No comments:
Post a Comment