RECIBIDOS VARIOS MAILS CON ANEXADO NEUTRINO QUE DESCARGA RANSOMWARE LOCKY ASASIN MEDIANTE TECNICA DDE

Con diferentes formas, pero algunos sin apenas texto, hemos recibido varios mails que son mas de lo mismo, anexan un fichero doc (SIN MACROS) que mediante la tecnica del DDE descargan variantes del Ransomware LOCKY asasin

Ejemplos de dichos mails son los siguientes:

Asunto: Invoice
De: Tammy Marquet <aMarquet@jimmynicholson.co.uk>
Fecha: 01/11/2017 13:18
Para: “destinatario”

The attached file is your latest invoice in DOC (Microsoft Word) format. To view the report you will need Microsoft Office Word.

ANEXADO: 286009_Invoice.DOC

_____________

Asunto: Emailing: 655399749.doc
De: “Ashlee” <Ashlee.Scull@ellwoodmusic.co.uk>
Fecha: 31/10/2017 19:44
Para: “destinatario”

Your message is ready to be sent with the following file or link
attachments:

655399749.doc

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments. Check your e-mail
security settings to determine how attachments are handled.

____________

Asunto: Invoice
De: Laurie Sophia <aSophia@walkerdecor.co.uk>
Fecha: 01/11/2017 11:20
Para: “destinatario”

The attached file is your latest invoice in DOC (Microsoft Word) format. To view the report you will need Microsoft Office Word.

_____________

Asunto: Emailing: KA970 – 02.11.2017
De: John Wismer <John_dhiman@viescolaire.org>
Fecha: 01/11/2017 20:14
Para: “destinatario”

Your message is ready to be sent with the following file or link
attachments:
KA970 – 02.11.2017

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments. Check your
e-mail security settings to determine how attachments are handled.

—
Thanks & Regards

______________

Asunto: Emailing: ZRK4916 – 02.11.2017
De: Terry Cosper <Terry_dhiman@suerichardson.biz>
Fecha: 02/11/2017 2:27
Para: “destinatario”

Your message is ready to be sent with the following file or link
attachments:
ZRK4916 – 02.11.2017

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments. Check your
e-mail security settings to determine how attachments are handled.

—
Thanks & Regards
Terry Cosper
Senior Officer
Accounts & Finacne

John Wismer
Senior Officer
Accounts & Finacne

______________

tos DOC anexados ofrece este informe en virustotal:

__________

NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________

Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.