Hi Alain, I've just submitted another zero-day
$ sha1sum FNZQ480465.doc
bd7ca51a6ff67bfcb83b863595f21432ef9071d9 FNZQ480465.doc
This is from a spam/malware campaign that involves a direct-download
Word macro file. Here's an example.
Pay your invoice here:
http://sdeflores.com/PHJC579907/
If yo
Hi there,
On Tue, 18 Jul 2017, Alex wrote:
Hi guys, just submitted an "ace" archive with a .cmd inside.
# sha1sum PROFORMA\ INVOICE_xls.ace
97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
We've now disabled "ace" files (who even knew they existed?)
...
mail6:~$ >>> grep b
On Mon, July 17, 2017 10:22 pm, Alex wrote:
> Hi guys, just submitted an "ace" archive with a .cmd inside.
>
>
> # sha1sum PROFORMA\ INVOICE_xls.ace
> 97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
>
Hi,
I've added Sanesecurity.Malware.27099.AceHeur.Cmd to the detections...
Hi guys, just submitted an "ace" archive with a .cmd inside.
# sha1sum PROFORMA\ INVOICE_xls.ace
97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
We've now disabled "ace" files (who even knew they existed?)
On Thu, Jul 13, 2017 at 4:36 AM, wrote:
>
>
> 13.07.2017 05:32, Alex
13.07.2017 05:32, Alex пишет:
> On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba
> wrote:
>> Signature will be going out shortly.
>
> It's now detected thanks to the amazing work by Steve from
> sanesecurity. Also appreciate your help - perhaps his sig just hits
> first.
>
> I've also just sub
On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba
wrote:
> Signature will be going out shortly.
It's now detected thanks to the amazing work by Steve from
sanesecurity. Also appreciate your help - perhaps his sig just hits
first.
I've also just submitted another unrelated to investigate.
$ sha1s
Signature will be going out shortly.
On Wed, Jul 12, 2017 at 2:52 PM, Alex wrote:
> Hi, we've received a word virus that isn't currently being detected by
> any scanners. I've submitted the FN, but would like to see if we can
> get that pushed out as soon as possible.
>
> $ sha1sum Invoice_SKMBT
Hi, we've received a word virus that isn't currently being detected by
any scanners. I've submitted the FN, but would like to see if we can
get that pushed out as soon as possible.
$ sha1sum Invoice_SKMBT_20170501.doc
6cc1dd12fbc79311ebaf59e19e562ff63141f457 Invoice_SKMBT_20170501.doc
It's not c