Trusted Design

Japanese corporations targeted with active malware spam campaign

概要

Since the early hours of October 8, employees of various corporations in Japan started to receive suspicious-looking emails which turned out to carry malicious attachments. These emails are part of a wave of malware-ridden spam attacks that are currently active in Japan. There are two variations of the emails: one is an order confirmation from a Japanese equipment supplier and the other pretends to come from a local printing company. The emails come with an attached Microsoft Word document file. The document contains a malicious macro, which attempts to download the same executable file (65g3f4.exe) from multiple remote locations. The multiple downloads is probably a redundancy measure in case some sources are taken down. We have observed download attempts from the following domains:

Created: 2026-02-23

Indicators

• URL - http://www.profes-decin.kvalitne.cz/345gfc334/65g3f4.exe -
• URL - http://rockron.com/~rockron/345gfc334/65g3f4 -
• FileHash-MD5 - dec80a4e5d88a73ff1527e0a2f0de26f -
• URL - http://leelazarow.com/345gfc334/65g3f4.exe -
• FileHash-MD5 - 192ec79c4506e32ea95b2dbcf6989473 -
• FileHash-MD5 - cf80cb5b16c8021ae2feecef25f53370 -

類似Pulses

• Spam Delivering Malicious Word Document (score: 0.66)
• Infy Malware Active In Decade of Targeted Attacks (score: 0.64)
• Phishing Email Serving W97M/Dropper.cu via Office Doc with Macro (score: 0.63)
• Enterprises Hit by BARTALEX Macro Malware (score: 0.63)
• W97M/Downloader: Macro-enabled Microsoft Word Trojan (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る