Discover and read the best of Twitter Threads about #Totbrick

Most recents (1)

Profile picture
Microsoft Security Intelligence
@MsftSecIntel
Today we’re seeing a massive "Incoming transfer" spam campaign. The email body is blank, but the attachment is a document with malicious PowerShell that connects to malicious URLs to download a new variant of banking Trojan #Totbrick (#Trickbot). Image
Microsoft Word opens the document in Protected View, hence the instructions to "unlock the document" by clicking "Enable Editing". Don't! (SHA-256: 12dbd0cba4d5caf353f57a5d31ebb14d56d71ff410d58ef69391724ffef3002f, 7ea2df3db0c33dcca5a5634d6433f42d0ea4d9e0a23b865f27b39994cc20c4a3) Image
Windows Defender AV detects and blocks the document as TrojanDownloader:O97M/Powdow.KE. The payload is detected and blocked as Trojan:Win32/Totbrick (SHA-256: fc259872826dbe0cf623abbb2e886e4d877641add6d41b0121c121ade916c446)
Read 3 tweets

Related hashtags

#Trickbot #Totbrick

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!