FBR Service “Tiket alert” email will download trojan Upatre


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Tiket alert”.

This email is send from the spoofed address “FBR service <jon.wo@fbi.com>” and has the following body:

Look at the link file for more information.

hxxp://madeinsiping.com/ticket/fsb.html

Assistant Vice President, FBR service
Management Corporation

The downloaded file ticket8724_pdf contains the 28 kB large file ticket8724_pdf.

The trojan is known as Upatre.EP, Artemis!01077BEB9EEE, PE:Malware.FakePDF@CV!1.9E18 or Mal/Generic-S.

At the time of writing, 4 of the 56 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: 131855bdd2832705bf8c90f30efd43a22956ca86bab19f3a9941158fd33291af

2 thoughts on “FBR Service “Tiket alert” email will download trojan Upatre

  1. Thee other dɑy ӏ was with a friend of mine whho ɦad LASIK and we have besen reading some thing
    on her iPad collectively and shе sayѕ, “I cannot study that, it’s also small,”
    and іt wass cߋmpletely readable tօ me (mind yyou with glasses on).

Comments are closed.