From [accounts@phoenixorganics.ltd.uk]I have only seen one sample of this, with an attachment named Customer statement.doc - this has a VirusTotal detection rate of 2/54 and the Malwr report shows a download from:
Date Thu, 21 Jan 2016 13:09:43 +0300
Subject statement - payment due
Please can you send a payment to clear the August invoices.
Thank you
Regards
Liz
Phoenix Organics Ltd
phaleshop.com/8h75f56f/34qwj9kk.exe
This is one of the locations used in this earlier spam run, and it marks it out as being the Dridex banking trojan spammed out by botnet 220.
No comments:
Post a Comment