2018-09-17 - QUICK POST: MALSPAM WITH PASSWORD-PROTECTED WORD DOC PUSHES NYMAIM
- 2018-09-17-malspam-with-password-protected-Word-doc-0021-UTC.eml.zip 31.9 kB (31,939 bytes)
- 2018-09-17-password-protected-Word-doc-pushes-Nymaim.pcap.zip 1.8 MB (1,806,049 bytes)
- 2018-09-17-malware-and-artifacts-from-infection.zip 808 kB (808,097 bytes)
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: Screenshot of the email.
Shown above: The password-protected Word doc after it's unlocked.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Some artifacts seen during this Nymaim infection.
Click here to return to the main page.