From: Herb Castro [CastroHerb70608@essgee.com]Sender names, references and values vary. Attachments are named in a format remit_acc-1603154.doc and have detection rates of about 2/55 [1] [2] [3]. The Malwr reports [4] [5] [6] shows the documents communicating with:
Date: 19 January 2016 at 10:29
Subject: A/c 1762881 - Remittance Advice
Hi
Please see attached remittance.
Can you please supply a copy of invoice 06438632660 dated 19.11.15., which we appear to be missing.
Regards
Herb Castro
Industrial Electronic Wiring Ltd
91.223.88.206/victor/onopko.php
5.34.183.127/victor/onopko.php
179.60.144.19/victor/onopko.php
This drops a file aarab.exe which is identical to the payload in this spam run.
No comments:
Post a Comment