Subj : another one phishing for a bite
To : mark lewis
From : August Abolins
Date : Tue Mar 31 2020 08:33 pm
Hello mark!
** 31.03.20 - 18:30, mark lewis wrote to August Abolins:
AA>>>> (but I obscured a few things here with #### so no one inadvertently
AA>>>> clicks on a link):
ml>>>just change http to hxxp or similar ;)
AA>> Six or one half dozen of the other. :)
ml>not really because now others of us cannot look up that information and
ml>set blocks or filters in our IDS/IPS ;)
Oh.. I see. Good point. But couldn't
http://march262020.* work in a
filter?
But, FYI, replace "####" with "club". No point keeping it a secret if
the goal is to help protect others.
BTW, although it is far easier to just drop the phishing email/attachment
with the delete key, we can parse the file, extract the clear-text and
share the http:// strings found therein.
Obviously, the macro in the original .xls file relied on Excel functions
to run a macro to fetch a bot from a website and launch the payload.
../|ug
--- OpenXP 5.0.43
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)