2017-12-06 - QUICK POST: UK VEHICLE VIOLATION-THEMED MALSPAM PUSHES NYMAIM

ASSOCIATED FILES:

 

NOTES:

 


Shown above:  Screenshot from the first email I saw.

 


Shown above:  Screenshot from the second email I saw.

 


Shown above:  Clicking on a link from the emails.

 


Shown above:  The downloaded Word document.

 


Shown above:  Infection traffic in Wireshark (first pcap).

 


Shown above:  Infection traffic in Wireshark (second pcap).

 


Shown above:  Alerts on the infection traffic from the Emerging Threats Pro (ET Pro) ruleset using Sguil on Security Onion.

 

Click here to return to the main page.