2017-12-06 - QUICK POST: UK VEHICLE VIOLATION-THEMED MALSPAM PUSHES NYMAIM

ASSOCIATED FILES:

• Zip archive of two pcaps:  2017-12-06-malspam-pushing-Nymain-pcaps.zip   1.9 MB (1,897,902 bytes)
• Zip archive of two emails:  2017-12-06-malspam-pushing-Nymain-emails.zip   4.6 kB (4,594 bytes)
• Zip archive of the malware:  2017-12-06-Nymaim-malware-examples.zip   1.0 MB (1,030,616 bytes)

 

NOTES:

• Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.
• This is just a quick post with the emails/pcap/malware (and some images I created before running out of time for a full blog post).
• This post is related to My Online Security's 2017-12-06 blog post:  fake UKPC Penalty Charge Notice delivers nymaim trojan

 

Shown above:  Screenshot from the first email I saw.

 

Shown above:  Screenshot from the second email I saw.

 

Shown above:  Clicking on a link from the emails.

 

Shown above:  The downloaded Word document.

 

Shown above:  Infection traffic in Wireshark (first pcap).

 

Shown above:  Infection traffic in Wireshark (second pcap).

 

Shown above:  Alerts on the infection traffic from the Emerging Threats Pro (ET Pro) ruleset using Sguil on Security Onion.

 

Click here to return to the main page.