On Monday morning I came across a domain which has directory listening open for several subfolders. In most of the folders a Office Word document called “decoy.doc”, a PDF document named “p.doc” (yes, really), an exe and a Python script called “prothemusL_H.py” could be found: That Python script made me curious and I decided to […]
Continue ReadingCompromised Arabic Domain Hosting Malicious Files
Today I came across a suspicious Word document when browsing Hybrid Analysis (which is always fun to see what is going on). The document caught my eye for the single reason that it was called “swift message 1.docx” (c07fb4ab07e439463117cd7d060109cb814d928304e8828c3884ac2b88fece78). Since I work for a bank, I always have an urge to checkout banking related stuff […]
Continue Reading