Well, it was gone for a while, and here it back 🙂
Email message sample:
Actually code looks like:
Attack, actually, run for about 48 hours already at least. You may see traces of it on URLQuery [36 entries by now]
When clicked – lead to BHEK2
BHEK2 payload – Cridex [22/46] and Fareit.
Second binary is interesting one, yes 🙂 Wait for updates.