This fake document scan appears to originate from within the victim's own organisation, but doesn't. Instead it comes with a malicious attachment.
From: DocuCentre-V C6675 T2 [reception@victimdomain.com]
Reply-to: reception@victimdomain.com
Date: 23 October 2015 at 09:23
Subject: Scan Data from FX-D6DBE1
Number of Images: 1
Attachment File Type: DOC
Device Name: DocuCentre-V C6675 T2
Device Location:
Attached is a file
22102015160213-0001.doc which comes in a few different versions. The payload is Dridex and all the files and downloaded binaries are the same as used in
this spam run.
No comments:
Post a Comment