October 25 - Excel File from “IBM111”
Another random Excel file. No idea who the sender is supposed to be. It uses a relevant subject line, although the excel file name isn’t anything except a date and a number. The file has an 8/42 (19%) detection rate at VirusTotal, a little higher today than when I originally submitted it. Might not have bothered posting this, except for the fact that it came from that IBM111 server that we just saw in a similar instance and that Contagio also mentioned earlier this month.
Sending IP: 22.214.171.124
October 12 - Malicious Excel File from Fake Air Force Sender
This is pretty sloppy. Who, in this day and age, would just open a mystery Excel spreadsheet sent in a blank email from some random Wright-Patterson Air Force Base email? But it’s definitely from one of the same groups that have been sending us better targeted stuff for a while - I think I’ve seen that “IBM111” computer before. The attached .xls file has only a 14% detection rate (6/43) on VirusTotal.
Email Subject: 20111012
Originating IP: 126.96.36.199