These executables were a Monero cryptocurrency miner, Phorpiex spambot malware, and GandCrab ransomware. The Phorpiex spambot malware caused the victim host to be joined to a botnet and begin emailing out copies of the malicious zip file to additional targets. Meanwhile the victim host was infected with ransomware and leveraged to mine cryptocurrency.
Indicators of Compromise
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.