2017-11-03 - MALSPAM PUSHING NYMAIM

ASSOCIATED FILES:

  • 2017-11-03-malspam-pushes-Nymaim.pcap   (803,489 bytes)
  • Invoice.doc   (95,744 bytes)
  • 1.exe   (715,264 bytes)
  • 2017-11-03-Nymaim-malspam.txt   (4,992 bytes)
  • 2017-11-03-Nymaim-malspam-notes.txt   (2,830 bytes)

 

NOTES:

 

IMAGES


Shown above:  Screenshot from the email.

 


Shown above:  Infection traffic in Wireshark.

 


Shown above:  Alerts on the infection traffic from the Emerging Threats Pro (ET Pro) ruleset using Sguil on Security Onion.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.