Comments

return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload — 8 Comments

  1. “… Sites involved in this campaign found so far this week:
    resedaplumbing .com > 166.62.58.18
    modx.mbalet .ru> 95.163.101.104
    artdecorfashion .com > 107.180.0.125
    eventbon .nl > 109.106.167.212
    elita5 .md > 217.26.160.15
    goldwingclub .ru > 62.109.17.210
    www .gloszp .pl > 87.98.239.19
    natiwa .com > 115.84.178.83
    desinano .com.ar > 190.183.59.228
    amis-spb .ru > 77.222.61.227
    perdasbasalti .it > 94.23.64.3
    120.109.32.72: https://www.virustotal.com/en/ip-address/120.109.32.72/information/
    calendar-del .ru > 77.222.61.227
    indexsa.com .ar > 190.183.59.228 …”

    //

  2. Pingback: June 30th 2017 - Week in Ransomware ~ Cyber Reflect

  3. Pingback: June 2017: The Month in Ransomware

  4. Pingback: Technical Analysis of the Malspam Pushing Kovter Payload & Numucode Ransomware – Part I – Infosec Topics

  5. Pingback: NemucodAES and the malspam that distributes it, (Fri, Jul 14th) |

  6. Pingback: NemucodAES and the malspam that distributes it, (Fri, Jul 14th) | Fortify 24x7

  7. Pingback: NemucodAES and the malspam that distributes it, (Fri, Jul 14th) | Jeremy Murtishaw, Inc.

  8. Pingback: Decrypted: Emsisoft Releases a Decryptor for NemucodAES Ransomware | Murray Computer Repair

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close