Category Archives: Malicious Email

Locky JS and URL Revealer

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , , , | Comments Off on Locky JS and URL Revealer

Deobfuscating a Hideous-Looking JS Downloader

One of my readers, Stefano from zanna.it (thanks!), sent me this little gem: In the midst of seemingly random strings, there are clues to its structure but there’s very little to go on. I started off by grabbing a portion … Continue reading

Posted in Malicious Email, Malscript | Tagged , | Comments Off on Deobfuscating a Hideous-Looking JS Downloader

Malicious Word Macro Caught Using Sneaky Trick

There has been a slew of malicious Word documents attached to email purporting to be invoices, receipts, etc. This particular one caught my eye but I’m not sure if this is an old trick. I just haven’t seen this method … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , , , | Comments Off on Malicious Word Macro Caught Using Sneaky Trick

Revelo Updated

A colleague of mine received the following email in their Gmail in-box and wondered how it got past their filters and what it does. What almost tricked him was the fact that it called out his name. Only after looking … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , | Comments Off on Revelo Updated

Dissecting a Malicious Word Document

In a recent spearphish campaign, a malicious Word document was used to infect the email recipient. I was able to find an interesting tool and used it to recreate the Word document. Before we get to that, let’s do a … Continue reading

Posted in Malicious Email, Tools | Tagged , , , , | 16 Comments