Info collector

cristian

kiwifarms.net (2017/10/17_17:40)

By on October 17, 2017 in Malware Domains

Host: kiwifarms.net/js/Jawsh/xmr/cryptonight-worker.js, IP address: 104.24.17.94, ASN: 13335, Country: US, Description: crypto mining

Continue Reading »

Evil network: Fast Serv Inc / Qhoster.com

By on October 17, 2017 in Latest SPAM

Checking these IOCs for this latest Flash 0-day came up with an interesting IP address of 89.45.67.107 which belongs to Fast Serv Inc aka Qhoster, probably of Bulgaria but masquerading themselves as a Belize outfit. I came across Fast Serv / Qhoster a lot last year during the Angler EK epidemic, where they had entire […]

Continue Reading »

Scam: “Help Your Child To Be A Professional Footballer.” / info@champ-footballacademyagency.co.uk

By on October 8, 2017 in Latest SPAM

This spam email is a scam: Subject:       Help Your Child To Be A Professional Footballer.From:       “FC Academy” [csa@sargas-tm.eu]Date:       Sun, October 8, 2017 10:30 amTo:       “Recipients” [fcsa@sargas-tm.eu]Priority:       NormalHello,Does your child desire to become a professional footballer?Our football academy are currently scouting for young football player to participate in 3-6

Continue Reading »

Malware spam: “Emailing: Scan0xxx” from “Sales” delivers Locky or Trickbot

By on September 28, 2017 in Latest SPAM

This fake document scan delivers different malware depending on the victim’s location: Subject:       Emailing: Scan0963 From:       “Sales” [sales@victimdomain.tld] Date:       Thu, September 28, 2017 10:31 am Your message is ready to be sent with the following file or link attachments: Scan0963 Note: To protect against computer viruses, e-mail programs may prevent sending or […]

Continue Reading »

izeselet.hu (2017/09/28_08:11)

By on September 28, 2017 in Malware Domains

Host: izeselet.hu/wp-content/uploads/2016/03/ch.js, IP address: 87.229.63.171, ASN: 62292, Country: HU, Description: coin mining

Continue Reading »

Malware spam: “AutoPosted PI Notifier”

By on September 26, 2017 in Latest SPAM

This spam has a .7z file leading to Locky ransomware. From:      “AutoPosted PI Notifier” [NoReplyMailbox@redacted.tld] Subject:      Invoice PIS9344608 Date:      Tue, September 26, 2017 5:29 pm Please find Invoice PIS9344608 attached. The number referenced in the spam varies, but attached is a .7z archive file with a matching filename. In turn, this contains […]

Continue Reading »

Malware spam: “Invoice RE-2017-09-21-00xxx” from “Amazon Marketplace”

By on September 21, 2017 in Latest SPAM

This fake Amazon spam comes with a malicious attachment: Subject:       Invoice RE-2017-09-21-00794 From:       “Amazon Marketplace” [yAhbPDAoufvZE@marketplace.amazon.co.uk] Date:       Thu, September 21, 2017 9:21 am Priority:       Normal ————- Begin message ————- Dear customer, We want to use this opportunity to first say “Thank you very much for your purchase!”

Continue Reading »

Malware spam: “Status of invoice” with .7z attachment

By on September 18, 2017 in Latest SPAM

This spam leads to Locky ransomware: Subject:       Status of invoiceFrom:       “Rosella Setter” ordering@[redacted]Date:       Mon, September 18, 2017 9:30 amHello,Could you please let me know the status of the attached invoice? Iappreciate your help!Best regards,Rosella SetterTel: 206-575-8068 x 100 Fax: 206-575-8094*NEW*   Ordering@[redacted].com* Kindly note we will be closed Monday in

Continue Reading »

QTUM Cryptocurrency spam

By on September 6, 2017 in Latest SPAM

This spam email appears to be sent by the Necurs botnet, advertising a new Bitcoin-like cryptocurrency called QTUM. Necurs is often used to pump malware, pharma and data spam and sometimes stock pump and dump. There is no guarantee that this is actually being sent by the people running QTUM, it could simply be a […]

Continue Reading »

Malware spam: “Scanning” pretending to be from tayloredgroup.co.uk

By on September 5, 2017 in Latest SPAM

This spam email pretends to be from tayloredgroup.co.uk but it is just a simple forgery leading to Locky ransomware. There is both a malicious attachment and link in the body text. The name of the sender varies. Subject:       ScanningFrom:       “Jeanette Randels” [Jeanette.Randels@tayloredgroup.co.uk]Date:       Thu, May 18, 2017 8:26 pmhttps://dropbox.com/file/9A30AA– Jeanette Randels

Continue Reading »

Top