Fom: Accounts [hiqfrancistown910@gmail.com]
Date: 27 August 2014 09:51
Subject: Customer Statements
Good morning,attached is your statement.
My regards.
W ELIAS
Attached is a file Customer Statements.PDF which has a VirusTotal detection rate of 6/55. Analysis is pending.
Looking over several hundred of these in logs, all used the pattern
ReplyDeletehiqfrancistown + 3 numbers + @gmail.com as the sender.
Hi is it possible to get the pdf files?
ReplyDeleteWe saw this same campaign today. Also saw a recon event yesterday where many people received emails with varied literature but no links or attachments. The same people received the .pdf email today.
ReplyDeletearrived, thx
ReplyDelete@Kari Kuehneman
ReplyDeleteSame recon event a day earlier.
Can't confirm if the targets match up nicely here though.
Could have just been their first try was broken and didn't include a payload, which happens also.