Just a quick heads up warning. We are starting to see Locky, Kovter delivery emails trickling in this morning. The sites and payloads are the same as described in this post https://myonlinesecurity.co.uk/spoofed-fedex-and-usps-kovter-and-locky-sites/ It looks like the Locky gangs are gearing up for a mass malspam, but are getting the delivery systems fine tweaked and having a few problems.
We always see errors and problems before a mass Locky onslaught. If they keep to the sites they have been using for the last month or so, it will be relatively easy to track them & block malware.
Date: Mon 16/01/2020 23:30 ( arrived 07:35 utc 17 /01/ 2020)
Attachment: 38168891.zip extracts to 38168891.doc.zip extracts to 38168891.doc.jse VirusTotal | Payload Security
1bin Locky – https://www.virustotal.com/en/file/2d193757baa6dfc600931ceeb0d8ffb690d57b403633c0c6c57833e4b6d5d618/analysis/1484631951/
2.bin Kovter https://www.virustotal.com/en/file/a1f770ddd4a0dcdfd481112708586aae857060909cbc4e93a802ae4b0359d965/analysis/1484642102/