2018-10-24 Agent Telsa Malspam

This is a quick write-up of some Agent Telsa malspam that I was able to find within our email filters. For a good overview of what this malware is and how it works, please see the following links: https://krebsonsecurity.com/2018/10/who-is-agent-tesla/ https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html For the artifacts found from this investigation, please see my…

Continue reading

2018-07-07 Remcos Malspam

A quick write-up on this Remcos malspam. Some other previous entries that I have done aboutr Remcos can be found below: https://www.herbiez.com/?p=1106 https://www.herbiez.com/?p=1073 All the emails seem to come from the sender info@yusheng-wiremesh.com with the subject of “Returned Funds fort Invoice DFER4567 July Despatch.” The malspam also comes with an…

Continue reading

2018-06-20 Formbook Malspam

For this post, I was able to find some Formbook malspam within the email filters. Formbook malware is considered to be a data theft/form grabber with some other add-ons under it’s tool belt. Based on the following deep dives into Formbook from FireEye (https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html) and ThisIsSecurity (https://thisissecurity.stormshield.com/2018/03/29/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/), this malware sample…

Continue reading