Fake Packing List and LPO delivers malware via onedrive

  I am not completely sure what we have got here today.  An email with the subject of  Packing List and LPO  coming from  Jidapa Dongbang <[email protected]>  with a link to download a rar file from a onedrive address I am being told it is possibly a new Netwire RAT, although existing yara detections are not firing off on it. There are some known Netwire strings in running memory. Update a revised Anyrun does confirm netwire. It looks like the C2 was down on the original run, but is live now. Probably we were too quick for them & they … Continue reading →

Article Link: https://myonlinesecurity.co.uk/fake-packing-list-and-lpo-delivers-malware-via-onedrive/