Mr Jones wants you to appear in court!
Wondering what the Costco / Walmart malware (yesterday's diary) was up to, we ran it in a lab environment. It happily connected to its Command&Control (C&C), and soon after started spamming the next round of bait. The upcoming scam email apparently looks like this:
and it comes complete with an EXE, named something like "Court_Notice_Jones_Day_Washington.exe", current MD5 84fae8803a2fcba2d5f868644cb55dd6 (Virustotal)
The C&C of the original Costco sample was at 89.32.145.12:443 and 188.40.130.18:8080. A supplemental binary was pulled from 50.31.146.101:8080. If you have additional information on this scam or yesterday's Costco/Walmart version, please share in the comments below. Thanks to Francis Trudeau of Emerging Threats for help with the analysis and gathering the C&C traffic.
https://www.sans.edu
