This fake financial spam leads to Locky ransomware: From: Adrian SalinasDate: 6 October 2016 at 10:13Subject: Your OrderYour order has been proceeded. Attached is the invoice for your order A-6166964.Kindly keep the slip in case you would like to return or state your product’s warranty. Details will change from email to email. Attached is a […]
This fake financial spam leads to malware: From: invoices@[redacted].com Date: 6 October 2016 at 07:16 Subject: Invoice-365961-42888419-888-DE0628DA Dear Customer, Please find attached Invoice 42888419 for your attention. Should you have any Invoice related queries please do not hesitate to contact either your designated Credit Controller or the Main Credit Dept. on 01635 279370.
This spam email message has a malicious attachment that leads to Locky ransomware: Subject: complaint letter From: Jae Mason Date: Wednesday, 5 October 2016, 10:48 Dear [redacted], client sent a complaint letter regarding the data file you provided. The letter is attached. Please review his concerns carefully and reply him as soon […]
I have only received a single sample of this spam, presumably it comes from random senders. There is no body text in my sample. Subject: Document from PaigeFrom: Paige cuddie (Paige592035@gmail.com)Date: Wednesday, 5 October 2016, 9:37 In this case there was an attached file DOC-20161005-WA0002793.zip containing a malicious script [pastebin] DOC-20161005-WA0002715.wsf. Automated
Malware spam: "I have shipped your packet. Please check the report enclosed here to view more info."
This spam email leads to Cerber ransomware: From: Trevor David Date: 3 October 2016 at 13:46 Subject: Pede Industries Hello I have shipped your packet. Please check the report enclosed here to view more info. Word doc password: JqpcGrKK9 Pede Industries Company names and senders are randomly generated. Attached is a randomly-named .DOT file with […]
This fake document scan leads to Locky ransomware: From: DAMON ASHBROOKDate: 3 October 2016 at 10:56Subject: [Scan] 2016-1003 15:26:26–Sent with Genius Scan for iOS. The name of the sender, the subject and the attachment name (in this case 2016-1003 15-26-26.xls) will vary somewhat. This Malwr analysis shows some of the infection in action. Overall my […]
This fake financial spam leads to Locky ransomware: Subject: please signFrom: Ricardo BuchananDate: Monday, 3 October 2016, 10:27 Hi [redacted],I have made the paperwork you asked me to prepare two days ago.Please check the attachment. It just needs your signature.Best Wishes,Ricardo BuchananCEO In the only sample I have seen so far, the […]
This spam leads to Locky ransomware: From firstname.lastname@example.org Date Thu, 29 Sep 2016 21:07:46 +0800 Subject Receipt 103-526 I cannot tell if there is any body text, however there is an attachment Receipt.xls which contains malicious code [pastebin] that in the case of the sample I analysed downloads a binary from: opmsk.ru/g76ub76 […]