Info collector

pumpkin.brisik.net (2016/08/23_17:30)

By on August 23, 2016 in Malware Domains

Host: pumpkin.brisik.net/rvgkm3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK Powered by WPeMatico

Continue Reading »

scanty.colormark.cl (2016/08/22_16:35)

By on August 22, 2016 in Malware Domains

Host: scanty.colormark.cl/rjavgx3.html, IP address: 93.190.140.163, ASN: 49981, Country: NL, Description: gateway to EK Powered by WPeMatico

Continue Reading »

Malware spam: "The office printer is having problems so I've had to email the UPS label"

By on August 18, 2016 in Latest SPAM

This fake UPS email has a malicious attachment. It appears to come from various countries UPS domains (e.g. ups.de, ups.co.uk), and from various senders. From     "Laurence lumb" [Laurence.lumb25@ups.de]Date     Thu, 18 Aug 2016 17:35:21 +0530Subject     Emailing: LabelGood afternoonThe office printer is having problems so I’ve had to email the UPS label,sorry for the […]

Continue Reading »

Malware spam: "Jen [Jen@purple-office.com]" / "Documents from Purple Office – IN00003993"

By on August 15, 2016 in Latest SPAM

These fake financial documents have a malicious attachment: From:    Jen [Jen@purple-office.com]Date:    15 August 2016 at 14:10Subject:    Documents from Purple Office – IN00003993Please find attached invoice/credit from Purple Office.Best regards,Purple Office  Attached is a randomly-named DOCM file which is almost definitely a variant of Locky ransomware as seen here and here. Powered by WPeMatico

Continue Reading »

Malware spam: "Emma Critchley (emmacritchley@advantage-finance.co.uk)" / "Emailing – 9104896607509"

By on August 15, 2016 in Latest SPAM

This fake financial spam has a malicious attachment. It does not come from Advantage Finance but is instead a simple forgery. Subject:     Emailing – 9104896607509From:     Emma Critchley (emmacritchley@advantage-finance.co.uk)Date:     Monday, 15 August 2016, 13:28 HiVicky has asked me to forward you the finance documents (Please see attached)Many Thanks  Attached is a DOCM file […]

Continue Reading »

Malware spam: "orderconfirmation@esab.co.uk" / "Order Confirmation-7069-2714739-20160815-292650"

By on August 15, 2016 in Latest SPAM

This fake financial spam does not come from ESAB but is instead a simple forgery with a malicious attachment. From:    orderconfirmation@esab.co.ukDate:    15 August 2016 at 10:37Subject:    Order Confirmation-7069-2714739-20160815-292650_________________________________________________________________This communication and any files transmitted with it contain information which is Powered by WPeMatico

Continue Reading »

coffeol.com (2016/08/13_10:47)

By on August 13, 2016 in Malware Domains

Host: coffeol.com/fend/raw_server.exe, IP address: 208.112.30.120, ASN: 20021, Country: US, Description: Trojan.Backdoor Powered by WPeMatico

Continue Reading »

www.pgathailand.com (2016/08/13_10:47)

By on August 13, 2016 in Malware Domains

Host: www.pgathailand.com/which.exe, IP address: 128.199.127.7, ASN: 133165, Country: GB, Description: Trojan.P0ny Powered by WPeMatico

Continue Reading »

Malware spam: This E-mail was sent from "CUKPR0329001" (Aficio MP C305).

By on August 12, 2016 in Latest SPAM

This spam comes with a malicious attachment: Subject:     Message from "CUKPR0317276"From:     scanner@victimdomain.tld (scanner@victimdomain.tld)To:     webmaster@victimdomain.tld;Date:     Friday, 12 August 2016, 14:00 This E-mail was sent from "CUKPR0329001" (Aficio MP C305).Scan Date: 17.11.2015 09:08:40 (+0000)Queries to: <scanner@victimdomain.tld The email appears to come from within Powered by WPeMatico

Continue Reading »

euro-vertrieb.com (2016/08/12_07:01)

By on August 12, 2016 in Malware Domains

Host: euro-vertrieb.com/hosteurope/KIS-Login.htm, IP address: 217.31.81.101, ASN: 29140, Country: DE, Description: Hosteurope phishing Powered by WPeMatico

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X