From: Administrator [admin@victimdomain.tld]All the attachments that I saw were corrupt, but it appears to be trying to download a script that installs Locky ransomware, as seen here.
Date: 17 March 2016 at 12:54
Subject: PDFPart2.pdf
Sent from my Samsung Galaxy Note 4 - powered by Three
Sent from my Samsung Galaxy Note 4 - powered by Three
2 comments:
The messages I have seen delivered so far did not contain any type of attachment.
We too only saw ones without attachments. It appears that some of the bot networks that have been leveraged lately are within enterprises that leverage outbound scanning of email. We were hit with one last Thursday, 3/10, where the .ZIP attachments were either removed or had their payloads replaced with 0_Warning.htm files.
Post a Comment