2017-10-03 Nemucod Maldoc Leads to Locky (Ykcol) Infection

Quick post for today. I have been seeing a lot of malspam with malicious Javascript attachments zipped inside a 7zip archive for the past couple of days. The emails themselves all seem to revolve around the theme of a receipt or invoice as seen below. From what I can tell, the scripts are all about the same and the binary downloaded from each of the sites are exactly the same file. I am not sure if this is the case with the other emails from yesterday or the day before, but I can only assume it is. All the scripts…

Continue reading