Monthly Archives: September 2015

Malware Email: “Credit Note CN-20029 from Budget Group, Inc. for hacktheplanet.tips (8341)”/”Accounts[[email protected]]”

Today we have received another spam email that contained a malicious file FROM: Accounts<[email protected]> TO: SUBJECT:Credit Note CN-20029 from Budget Group, Inc. for hacktheplanet.tips (8341) Date:Wed, 30 Sep 2015 08:54:04 -0500

The spam email contained a compressed file named “Credit Note CN-20029.zip“ which contained a malicious executable : Credit Note CN-20029.scr File name: Credit Note CN-20029.scr… Read More »

Spam Email: “Incoming voice mail – 5:28AM” / “WhatsAppNotifier [[email protected]]”

Today we have received a suspicious email From: WhatsAppNotifier <[email protected]> To: [redacted] Subject: Incoming voice mail – 5:28AM Date: Sun, 27 Sep 2015 05:28:11 +0000 If the potential victim clicks “Listen” then they are directed to xaydungbanme.com[.]vn/wp-content/uploads/tomahawk.php on 104.28.20.115 . HTTP request/response below:

The HTTP response above contains a javascript which contains the String.fromCharCode function. Beautifying the javascript code using http://jsbeautifier.org… Read More »