Ransomware delivered via spam, there is a detailed article here about sage https://isc.sans.edu/forums/diary/Sage+ ... are/21959/
i found that by error, mail is disguised as Paypal and leading user on malware download and so it was positive to my my phishing filters, i wasn't expecting this. :ugeek:
hostile link: https://www.virustotal.com/en/url/2d5d2 ... 486767022/
js downloader: https://www.virustotal.com/en/file/e66b ... 486767034/ leading on https://www.virustotal.com/en/url/68d26 ... 486817871/
sage: https://www.virustotal.com/en/file/ac3f ... 486754324/
call home: mbfce24rgn65bx3g.op7su2.com - https://www.virustotal.com/en/ip-addres ... formation/
i found that by error, mail is disguised as Paypal and leading user on malware download and so it was positive to my my phishing filters, i wasn't expecting this. :ugeek:
hostile link: https://www.virustotal.com/en/url/2d5d2 ... 486767022/
js downloader: https://www.virustotal.com/en/file/e66b ... 486767034/ leading on https://www.virustotal.com/en/url/68d26 ... 486817871/
sage: https://www.virustotal.com/en/file/ac3f ... 486754324/
call home: mbfce24rgn65bx3g.op7su2.com - https://www.virustotal.com/en/ip-addres ... formation/
Attachments
infected
(228.64 KiB) Downloaded 170 times
(228.64 KiB) Downloaded 170 times