2017-12-06 - QUICK POST: UK VEHICLE VIOLATION-THEMED MALSPAM PUSHES NYMAIM
ASSOCIATED FILES:
- Zip archive of two pcaps: 2017-12-06-malspam-pushing-Nymain-pcaps.zip 1.9 MB (1,897,902 bytes)
- Zip archive of two emails: 2017-12-06-malspam-pushing-Nymain-emails.zip 4.6 kB (4,594 bytes)
- Zip archive of the malware: 2017-12-06-Nymaim-malware-examples.zip 1.0 MB (1,030,616 bytes)
NOTES:
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
- This is just a quick post with the emails/pcap/malware (and some images I created before running out of time for a full blog post).
- This post is related to My Online Security's 2017-12-06 blog post: fake UKPC Penalty Charge Notice delivers nymaim trojan
Shown above: Screenshot from the first email I saw.
Shown above: Screenshot from the second email I saw.
Shown above: Clicking on a link from the emails.
Shown above: The downloaded Word document.
Shown above: Infection traffic in Wireshark (first pcap).
Shown above: Infection traffic in Wireshark (second pcap).
Shown above: Alerts on the infection traffic from the Emerging Threats Pro (ET Pro) ruleset using Sguil on Security Onion.
Click here to return to the main page.