{"id":16564,"date":"2022-07-12T13:56:33","date_gmt":"2022-07-12T13:56:33","guid":{"rendered":"https:\/\/myonlinesecurity.co.uk\/?page_id=16564"},"modified":"2023-04-06T10:04:34","modified_gmt":"2023-04-06T10:04:34","slug":"trickbot-downloaded-via-vbs-email-blank-subject-noreply","status":"publish","type":"page","link":"https:\/\/myonlinesecurity.co.uk\/trickbot-downloaded-via-vbs-email-blank-subject-noreply\/","title":{"rendered":"Trickbot Downloaded Via VBS. Email Blank Subject Noreply@"},"content":{"rendered":"<p>Just starting to see the second run of today\u2019s Trickbot downloaders coming in. Same sites and payload as the earlier run. This later one comes from noreply@random email addresses. ( all spoofed) Has a blank subject line and a zip attachment containing a VBS file<\/p>\n<p>One of the email looks like:<\/p>\n<p>From: no-reply@alandsarah.co.uk<\/p>\n<p>Date: Tue 18\/07\/2017 11:25<\/p>\n<p>Subject:<\/p>\n<p>Attachment: doc00042714507507789135.zip<\/p>\n<p>Body content:<\/p>\n<p>Your Payment is attached.<\/p>\n<p>doc00042714507507789135.zip extracts to doc000799723147922720821.vbs Current Virus total detections: Payload Security shows a download of an encrypted text file from http:\/\/pluzcoll.com\/56evcxv? which is converted to nbVXsSxirbe.exe ( VirusTotal)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just starting to see the second run of today\u2019s Trickbot downloaders coming in. Same sites and payload as the earlier run. This later one comes from noreply@random email addresses. ( all spoofed) Has a blank subject line and a zip attachment containing a VBS file One of the email looks like: From: no-reply@alandsarah.co.uk Date: Tue&#8230;<\/p>\n","protected":false},"author":4,"featured_media":13446,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"default","_kad_post_title":"default","_kad_post_layout":"default","_kad_post_sidebar_id":"","_kad_post_content_style":"default","_kad_post_vertical_padding":"default","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"taxonomy_info":[],"featured_image_src_large":["https:\/\/myonlinesecurity.co.uk\/wp-content\/uploads\/2022\/03\/caution-malware.jpg",1000,707,false],"author_info":{"display_name":"myonlinesecurity","author_link":"https:\/\/myonlinesecurity.co.uk\/author\/myonlinesecurity\/"},"comment_info":0,"_links":{"self":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages\/16564"}],"collection":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/comments?post=16564"}],"version-history":[{"count":1,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages\/16564\/revisions"}],"predecessor-version":[{"id":29036,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages\/16564\/revisions\/29036"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/media\/13446"}],"wp:attachment":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/media?parent=16564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}