SAT NEWS: Active Email Spam Campaign

skull and crossbones 1518822

Over the past 24 hours, Nuspire Networks’s SAT team has been monitoring a spam campaign via our nuMail service. This campaign has been found attempting to deliver the GlobeImposter/726 ransomware to Nuspire customers with multiple, differing subject lines such as "Voice Message Attached from," "Voicemail From,” and "Invoice NIC837385." These emails contain a .ZIP attachment that contains a malicious .VBS script file.

Once the .VBS script file is unzipped and executed, the malware contacts one of the malicious domains preloaded into the script in order to download the ransomware payload. Once the ransomware is dropped onto the machine, it begins the encryption process and ultimately presents the user with a ransom screen that demands a 0.37 ($997.15) Bitcoin payment. As always, paying the ransom is never recommended and the best method for restoring files is a functioning backup solution.

Below are some Indicators of Compromise (IOC's) we were able to obtain.

MD5 Hashes:

3dd6a432bae88995e7912e1dfd47b2fb

7c7245123550d5a15bc6a86f201d04ec

132dda57d1f0456ec1c31405b1d4087f

Malicious Domains:

campuslinne[dot]com

maxmortgagenetwork[dot]com

delimaslina[dot]com

Bitcoin Payment Address:

13gKKDGFmkFXzZLrXs5smC6AYglcrm9eh5

More information will be added as further developments arise.

Click here to learn more about nuMail, Nuspire’s Managed Enterprise Email service. 


Nuspire Insights






Nuspire Infographic


Contact Us

Leave this empty: