Just want to inform you that there is a new bagle on the round.
It arrives as a zipped attachment to an email with the MD5 hash of 2BBA44B82D6E37069BF53C8A806A7DAE. It attempts to download files from 99 different domain names all pointing to “nul.php”.
Possible attachment names:
- Ales.zip
- Alice.zip
- Andrew.zip
- Androw.zip
- Ann.zip
- Anna.zip
- Anne.zip
- Annes.zip
- Anthony.zip
- Anthonye.zip
- Avis.zip
- Bennet.zip
- Bennett.zip
- Christean.zip
- Christian.zip
- Cybil.zip
- Daniel.zip
- Dorithie.zip
- Dorothee.zip
- Dorothy.zip
- Edmond.zip
- Edmonde.zip
- Edmund.zip
- Edward.zip
- Edwarde.zip
- Elizabeth.zip
- Elizabethe.zip
- Ellen.zip
- Emanual.zip
- Emanuel.zip
- Ester.zip
- Francis.zip
- Gabriell.zip
- Geoffraie.zip
- Grace.zip
- Harry.zip
- Henrie.zip
- Henry.zip
- Henrye.zip
- Humphrey.zip
- Isabel.zip
- Isabell.zip
- James.zip
- Jeames.zip
- Jeffrey.zip
- Johen.zip
- John.zip
- Josias.zip
- Judith.zip
- Judithe.zip
- Katheryne.zip
- Leonard.zip
- Margaret.zip
- Margerie.zip
- Margerye.zip
- Margrett.zip
- Marie.zip
- Martha.zip
- Mary.zip
- Marye.zip
- Michael.zip
- Nathanyell.zip
- Nicholas.zip
- Nicholaus.zip
- Peter.zip
- Rebecka.zip
- Richard.zip
- Robert.zip
- Roberte.zip
- Roger.zip
- Rose.zip
- Rycharde.zip
- Samuell.zip
- Sybell.zip
- Sybyll.zip
- Syndony.zip
- Thomas.zip
- William.zip
- Winifred.zip
- Wynefreed.zip
- Wynnefreede.zip
Sample Email:
