Targeted Email Attacks

This blog provides examples of socially engineered and/or specifically targeted spear phishing emails, intended to spread trojans and malware. These examples are generally focused on the China/Taiwan analyst community in Washington, D.C. (More Background)

October 25 - Excel File from “IBM111”

Another random Excel file. No idea who the sender is supposed to be. It uses a relevant subject line, although the excel file name isn’t anything except a date and a number. The file has an 8/42 (19%) detection rate at VirusTotal, a little higher today than when I originally submitted it. Might not have bothered posting this, except for the fact that it came from that IBM111 server that we just saw in a similar instance and that Contagio also mentioned earlier this month.

Subject: US-TAIWAN
MD5: 97ff2338e568fc382d41c30c31f89720
Sending IP: 60.249.219.82

7 notes Source: lottaworld.com #xls #attachment #ngo #IBM111

October 12th, 2011 at 9:27PM

October 12 - Malicious Excel File from Fake Air Force Sender

This is pretty sloppy. Who, in this day and age, would just open a mystery Excel spreadsheet sent in a blank email from some random Wright-Patterson Air Force Base email? But it’s definitely from one of the same groups that have been sending us better targeted stuff for a while - I think I’ve seen that “IBM111” computer before. The attached .xls file has only a 14% detection rate (6/43) on VirusTotal.

Email Subject: 20111012
MD5: 5fd848000d68f45271a0e1abd5844493
Originating IP: 60.249.219.82

12 notes Source: lottaworld.com #air force #attachment #military #sloppy #xls #IBM111