Comments

return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload — 8 Comments

  1. “… Sites involved in this campaign found so far this week:
    resedaplumbing .com > 166.62.58.18
    modx.mbalet .ru> 95.163.101.104
    artdecorfashion .com > 107.180.0.125
    eventbon .nl > 109.106.167.212
    elita5 .md > 217.26.160.15
    goldwingclub .ru > 62.109.17.210
    www .gloszp .pl > 87.98.239.19
    natiwa .com > 115.84.178.83
    desinano .com.ar > 190.183.59.228
    amis-spb .ru > 77.222.61.227
    perdasbasalti .it > 94.23.64.3
    120.109.32.72: https://www.virustotal.com/en/ip-address/120.109.32.72/information/
    calendar-del .ru > 77.222.61.227
    indexsa.com .ar > 190.183.59.228 …”

    //

  2. Pingback: June 30th 2017 - Week in Ransomware ~ Cyber Reflect

  3. Pingback: June 2017: The Month in Ransomware

  4. Pingback: Technical Analysis of the Malspam Pushing Kovter Payload & Numucode Ransomware – Part I – Infosec Topics

  5. Pingback: NemucodAES and the malspam that distributes it, (Fri, Jul 14th) |

  6. Pingback: NemucodAES and the malspam that distributes it, (Fri, Jul 14th) | Fortify 24x7

  7. Pingback: NemucodAES and the malspam that distributes it, (Fri, Jul 14th) | Jeremy Murtishaw, Inc.

  8. Pingback: Decrypted: Emsisoft Releases a Decryptor for NemucodAES Ransomware | Murray Computer Repair

Leave a Reply

Your email address will not be published. Required fields are marked *