Comments

Locky ransomware / Dridex banking Trojan trying to come back — 3 Comments

  1. I think we have dealt them severe blows.
    They can’t use these Base64 strings (decode them yourself) in their attachments
    BFdvcmtib29rX09wZW4M
    RG9jdW1lbnRfT3Blbs
    b2N1bWVudF9PcGVu
    ERvY3VtZW50X09wZW7
    AwBhdXRvb3Blbt
    GNkwAAgEYXV0b29wZW7Z
    ACARhdXRvb3Blbt
    AABhdXRvb3Blbg
    AQUBHgBhdXRvb3Blbs
    wAAgEYXV0b29wZW7
    VkaXRkYXRhLm1zb
    LmRvY8OsP+KXi3Q
    AwBEb2N1bWVudF9PcGVu
    DQREb2N1bWVudF9PcGVu
    DQpRV04wYVhabFRXbHRaUU
    QWN0aXZlTWltZQ
    UVdOMGFYWmxUV2x0WlFB
    QXV0b09wZW4C
    AHdvcmQvdmJhRGF0YS54bWxQSwEC
    G7EAAIBEF1dG9PcGVu
    1hAACARBdXRvT3Blbt
    dXRvb3Blbt
    BEF1dG9fT3BlblYg
    dXRvX09wZW5W
    MAAIBEF1dG9PcGVu
    YXV0b29wZW7
    AHdvcmQvdmJhUHJvamVjdC5iaW5QSwEC
    BGF1dG9vcGVu
    AACARhdXRvb3Blbt
    49wwAAgEYXV0b29wZW7
    IndpbmluZXQuZGxsIi
    d2luaW5ldC5kbGw
    SW50ZXJuZXRPcGVu
    ZWRpdGRhdGEubXNv
    AHdvcmQvX3JlbHMvdmJhUHJvamVj
    AFNoZWxsRXhlY3V0ZZ
    AABVUkxEb3dubG9hZFRvRmlsZUEAAP

    I do get the occasional punter using AutoOpen in a Word DOC and I release it
    This is why these pricks are zipping their docs. To get past the BASE64 check.

Leave a Reply

Your email address will not be published. Required fields are marked *