FYI...

Fake 'Scanned image' SPAM - delivers Locky
- https://myonlinesecurity.co.uk/scann...ivers-locky-2/
4 July 2016 - "An email with the subject of 'Scanned image' pretending to come from random names at your own email domain or company with a malicious word doc macro attachment delivers Locky Ransomware... The email looks like:
From: Random names at your own email domain
Date: Mon 04/07/2016 11:33
Subject: Scanned image
Attachment: 04-07-2016_rndnum(4,9)}}.docm
Image data has been attached to this email.


4 July 2016: 04-07-2016_rndnum(4,9)}}.docm - Current Virus total detections 6/54*
.. MALWR** shows a download from http ://clear-sky .tk/nb4vervge which is Locky Ransomware although not showing in the sandbox analysis. This means that once again the Locky gang have upped the stakes and changed their anti-analysis/ anti-sandbox protections to make it more difficult to detect and protect against (VirusTotal 3/53***).. DO NOT follow the advice they give to enable macros or enable editing to see the content... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/9...is/1467628388/

** https://malwr.com/analysis/ZTJmMTIwO...I0NmRlNjAxOTY/
Hosts
213.239.227.58: https://www.virustotal.com/en/ip-add...8/information/
>> https://www.virustotal.com/en/url/25...1d09/analysis/

*** https://www.virustotal.com/en/file/0...is/1467627485/