Details

_id 5fb061b66e308a5ed025f725
reference ['https://app.any.run/tasks/a794aba2-397c-4dad-81df-d6ef507b195d']
md5 []
sha1 []
sha256 []
mail ['support@dhl.com']
ip []
domain ['optionadd.ooguy.com']
url ['http://optionadd.ooguy.com']
user Racco42
tweet #malspam "Your package has arrived" spoofed from support@dhl.com with zipped .vbs attachment gives #vjw0rm https://app.any.run/tasks/a794aba2-397c-4dad-81df-d6ef507b195d C2: hxxp://optionadd.ooguy.com:1111/Vre The script tries to look like legit Microsoft script by added copyright comments :-)
id 1327570331670810624
retweets 3
link https://twitter.com/Racco42/status/1327570331670810624
mentions ['@dhl']
hashtags ['#malspam', '#vjw0rm']
date 2020-11-14 11:13:26
timestamp 1605348806

Tweet