Trickbot Downloaded Via VBS. Email Blank Subject Noreply@

caution malware

Just starting to see the second run of today’s Trickbot downloaders coming in. Same sites and payload as the earlier run. This later one comes from noreply@random email addresses. ( all spoofed) Has a blank subject line and a zip attachment containing a VBS file

One of the email looks like:


Date: Tue 18/07/2017 11:25



Body content:

Your Payment is attached. extracts to doc000799723147922720821.vbs Current Virus total detections: Payload Security shows a download of an encrypted text file from which is converted to nbVXsSxirbe.exe ( VirusTotal)