• 02
      Nov - 2017

      Security | 2 min | 165

      #Security: Phishing with Macros once again!

      Security | 2 min | 165


      hybrid analysis
      macro virus
      office
      phishing
      virustotal

      And once again! Word files with Macro! But this time, I was the first one to report it to VirusTotal and Hybrid-Analysis! :)

      Virus Macro!
      Fig 1: VirusTotal report! Just only two: Fortinet sells hardware, and Qihoo-360 is in China (:S)...

      Here you have the e-mail. The sender is this time the "BOSS Last Name" (A nice improvement! :P) without address, or something like that!

      Guten Tag, Riva, Mauro 
      
      Bitte die gekennzeichneten Stellen ergänzen und unterschreiben, bitte mit Stempel außer das SEPA Formular. Für die Abbuchung. 
      
      http://docs.google.de/download/de_DE/doc/ -> with hyperlink (http://elp...
    • 24
      Aug - 2017

      Security | 2 min | 219

      #Security: Phishing with Macros! (updated)

      Security | 2 min | 219


      Hi!

      Yesterday I received an email from an address that should look like my boss email address. It was something like this: "Boss.Name@our-institute.uni-hannover.de nancy@hillstar.brcoxmail.com" with the subject: Rech QK - 163-DA7666 Riva, Mauro and a text saying:

      Guten Tag, Riva, Mauro
      
      Als Anhang erhalten Sie Ihre Rechnung. (something like "You receive your invoice as an attachment.")
      
      Rech:
      http://blackbox-es.com/Rechnung-26375407950/ (don't click this link --> read all the post!!!)
      
      Herzliche Grüße (Grüße: Grüße)
      
      boss.name@our-institute.uni-hannover.de
      

      As you see, there is a link to t...