FYI...
Fake 'payment receipt' SPAM - delivers malware
- https://myonlinesecurity.co.uk/attac...ivers-malware/
15 Mar 2017 - "... an email with the subject of 'Document:36365' coming from random companies, names and email addresses with a semi-random named zip attachment which delivers what looks like Dridex banking Trojan ... One of the emails looks like:
From: Susie <Susie@ novayaliniya .com>
Date: Wed 15/03/2017 09:35
Subject: Document:36365
Attachment: document_3332.zip
Attached is the copy of your payment receipt.
Susie
document_3332.zip: Extracts to: file_356.js - Current Virus total detections 0/56*
MALWR** shows a download of a txt file from http ://mercurytdsconnectedvessel .com/hjg6657 which is renamed by the script to hjg6657.exe (VirusTotal 8/61***) MALWR[4]... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/d...9b79/analysis/
** https://malwr.com/analysis/NDA3MGE5Y...E1MjE0NWM0ZjQ/
*** https://www.virustotal.com/en/file/6...is/1489573275/
4] https://malwr.com/analysis/OGM5NDVmM...NkNmZkZDRlODQ/
mercurytdsconnectedvessel .com: 66.135.46.202: https://www.virustotal.com/en/ip-add...2/information/
> https://www.virustotal.com/en/url/08...5bf7/analysis/