Here's a couple more "notice to appear" files:
https://www.virustotal.com/en/file/ac757dbceb00337faff1d44e7385ab223c1fc28035fe
58be3997ede9fd25bda3/analysis/1412979983/
https://www.virustotal.com/en/file/31267d898c2dd85110e678f0f91be5996c21ba1845ec
a73881c8fc8a9ed169fe/analysis/1412983728/
Download your copies here:
http://filepost.com/files/eb1med74/Note_9584_copy.rar/
The detection ratio for them are 27/55 and 37/55.
One of them came in Wed. Oct 8 / 7 pm, the other at 1 am today.
VT hadn't seen these before I uploaded them.
Identified variously as:
Kuluoz
BCUZ
Asprox
Zortob
Kuluo
Aspxor
Picsys
Zbot
(when in doubt, call it Zbot I guess...)
Sending IP's:
70.97.1.181
70.114.178.120
Return-Paths: (which I know are just creative garbage)
operatorNNN@lawyersinthecloud.com
referenceNNN@lawyerscfo.com
Trend with this campaign is that Subject is always "Notice to appear"
and return-path always contains "lawyers" in the domain.
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|