FYI...

Fake 'Outstanding Statement' SPAM - delivers ransomware
- https://myonlinesecurity.co.uk/fake-...er-ransomware/
22 Dec 2017 - "... malware downloaders from the Necurs botnet... an email with the subject of 'Outstanding Statement' pretending to come from Prime Express Oldham <sales62@ primeexpressuk .com> (random numbers after sales) delivering Globeimposter ransomware...

Screenshot: https://myonlinesecurity.co.uk/wp-co...2_11-48-59.png

Customer Statement (122017_6816162).7z: Extracts to: Customer Statement (122017_51767638).js
Current Virus total detections 16/55*. Hybrid Analysis**...
This js file downloads from
http ://www.upperlensmagazine .com/tOldHSYW??DVTCGAtym=DVTCGAtym (VirusTotal 11/68[3]). As usual there will be 6 or 8 other download sites... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/7...is/1480616575/
-6dt874p53077.js

** https://www.hybrid-analysis.com/samp...ironmentId=100
DNS Requests
45.126.209.154
Contacted Hosts
45.126.209.154

3] https://www.virustotal.com/en/file/d...is/1513941343/
GWMadFzby2.exe

upperlensmagazine .com: 45.126.209.154: https://www.virustotal.com/en/ip-add...4/information/
> https://www.virustotal.com/en/url/3d...ae1b/analysis/