Dynamoo's Blog

This fake document scan delivers different malware depending on the victim's location: Subject :       Emailing: Scan0963 From :  ...

This spam has a .7z file leading to Locky ransomware. From :      "AutoPosted PI Notifier" [NoReplyMailbox@redacted.tld] Subj...

This fake Amazon spam comes with a malicious attachment: Subject :       Invoice RE-2017-09-21-00794 From :       "Amazon Marketp...

This spam leads to Locky ransomware: Subject :       Status of invoice From :       "Rosella Setter" ordering@[redacted] Da...

This spam email appears to be sent by the Necurs botnet, advertising a new Bitcoin-like cryptocurrency called QTUM. Necurs is often used t...

This spam email pretends to be from tayloredgroup.co.uk but it is just a simple forgery leading to Locky ransomware. There is both a mali...

The jumble of numbers in this spam is a bit confusing. Attached is a malicious RAR file that leads to Locky ransomware. Subject :      ...

This fake Sage invoice leads to Locky ransomware. Quite why Sage are picked on so much by the bad guys is a bit of a mystery. Subject ...

Two massive fake "Bill" spam runs seem to be under way, one claiming to be from BT and the other being more generic. Subject ...

This fairly generic spam leads to the Locky ransomware: Subject :       Copy of Invoice 3206 From :       "Customer Service" ...

This fake voice mail message leads to malware. It comes in two slightly different versions, one with a RAR file download and the other wit...

This fake voicemail leads to malware: Subject :       [PBX]: New message 46 in mailbox 461 from "460GOFEDEX" <8476446077...

I only have a couple of samples of this spam, but I suspect it comes in many different flavours.. Subject :       images From :       ...

Yesterday I saw a series spam emails from Necurs apparently attempting to collect replies to super.testtesttest2018@yahoo.com . Although t...

This email is sent from the Necurs botnet and appears to be collecting automatic replies, using a Reply-To email address of super.testtest...

This fake invoice comes with a malicious attachment: From :    invoices@ebillinvoice.com Date :    18 July 2017 at 09:37 Subject :   ...

It's been a little while since we've since an illegal pump-and-dump spam from the Necurs botnet, but here is a new one pushing a ...

This spam pretends to come from John Miller Ltd (but doesn't) and comes with a malicious payload. The domain mentioned in the email d...

Currently underway is a malicious spam run with various subjects, for example: Scan_5902 Document_10354 File_43359 Senders are random,...

Another day and another fake DHL message leading to an evil .js script. From : DHL Parcel UK [redacted] Sent : 02 May 2017 09:30 To : [...