Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

On 24/04/2023 10:24 a.m., Niels Bakker wrote: * na...@ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]: Well, I eventually had a friend open the attachment on his Linux machine Not necessarily a safe idea:

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

On 4/24/23 9:24 AM, Niels Bakker wrote: * na...@ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]: Well, I eventually had a friend open the attachment on his Linux machine Not necessarily a safe idea:

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

* na...@ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]: Well, I eventually had a friend open the attachment on his Linux machine Not necessarily a safe idea: https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/ (scroll down to

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

Well, I eventually had a friend open the attachment on his Linux machine and once he confirmed it was safe to open and found there was nothing in it other than the list of IP addresses, user names and time stamps but there were a whole bunch of addresses listed I opened the attachment in Notepad.

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

Hi, Governmental services within DTAG (AS3320) ip space is pretty common in Germany. but FcrDNS matches. Scammers with access to the bka.de DNS? Regards Bjoern

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

Looks like scam to me, we are based in Germany and from time to time we are getting requests from BKA, all mails were originated from "*@bka.bund.de", never heard about ths "cyber.bka.de" Domain. Also I would expect something more like a specific criminal investigation from the BKA instead of

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

Any security “authority” that sends a warning email that requires opening _any_ attachment doesn’t deserve to be taken seriously. This include the MPAA et al. Also, if they don’t send it to your registered abuse email, into the trash it should go without a glance. -mel beckman On Apr 3,

Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

It appears legit. BKA.DE is the German Bundeskriminalamt (Federal Police) And the PTR records, SPF etc check out for the domain. Might as well check the IP in question for malware if they’ve provided date / timestamps and such --srs From: NANOG on behalf of Glen A. Pearce Date: Monday, 3

BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

Hi All: I received an E-mail with an attachment claiming something on my network is infected and that I should look at the attachment to find out what. Normally I think everything with an attachment is phishing to get me to run malware but: #1: The sites linked to in it seem to be legit German