Your Swift PrePaymaent Order is Actually CVE-2017-11882

Introduction Last week I came across an interesting email address with an Excel Spreadsheet attachment: There was no content in this email other than FYI and regards. The sender of this email was and the email header consisted of the following: Received: from (unknown []) by (Postfix) with ESMTPS id 1902D1BE1B5D for […]

Analysis and Deobfuscation of Malicious VBScript URSnif Dropper

Introduction On June 25, 2020 I came across the following Tweet posted by @ps66uk emails have an originating IP of WHOIS: Indiana Department of Education@EducateIN — ps66uk (@ps66uk) June 25, 2020 It appears that the victims received a phishing email with a  link to download a ZIP file through Firefox Send. Upon downloading […]