Your Swift PrePaymaent Order is Actually CVE-2017-11882

Introduction Last week I came across an interesting email address with an Excel Spreadsheet attachment: There was no content in this email other than FYI and regards. The sender of this email was info@radheshyamcorp.community and the email header consisted of the following: Received: from server.radheshyamcorp.community (unknown [162.241.204.238]) by mail.impexron.de (Postfix) with ESMTPS id 1902D1BE1B5D for […]

Analysis and Deobfuscation of Malicious VBScript URSnif Dropper

Introduction On June 25, 2020 I came across the following Tweet posted by @ps66uk emails have an originating IP of 165.138.96.21 WHOIS: Indiana Department of Education@EducateIN pic.twitter.com/6MNjTOmQZz — ps66uk (@ps66uk) June 25, 2020 It appears that the victims received a phishing email with a  link to download a ZIP file through Firefox Send. Upon downloading […]