Welcome to My New Security Blog
Originally posted at malwarebreakdown.com Follow me on Twitter I received some malspam on 03/22/18 that contained two .doc file attachments. The subject of the email was “Order 2018-048 & 049, Please Confirm”. The attached exploit documents were named similarly to the subject of the email, “PO2018-048.doc” and “PO 2018-049.doc”. Below is an image of the email:… Read more
Originally posted at malwarebreakdown.com Follow me on Twitter Traffic from 03/21/18: The first part of the redirection chain shown above would be from the Fobos decoy site. The decoy site contains the following Base64 encoded string: The decoded string on the decoy site points to the next step in the redirection chain, the pre-landing page: Unpacked… Read more
Follow My Blog
Get new content delivered directly to your inbox.