I published the following diary on isc.sans.org: “Common Patterns Used in Phishing Campaigns Files“:
Phishing campaigns remain a common way to infect computers. Every day, I’m receiving plenty of malicious documents pretending to be sent from banks, suppliers, major Internet actors, etc. All those emails and their payloads are indexed and this morning I decided to have a quick look at them just by the name of the malicious files. Basically, there are two approaches used by attackers:
- They randomize the file names by adding a trailing random string (ex: aaf_438445.pdf) or the complete filename.
- They make the filename “juicy†to entice the user to open it by using common words.
[Read more]
It would be helpful if you could list the filenames that need to be altered. I have downloaded the Full_HD version and there are no xml files included, yet in-game all text is cyrillic on the sight itself.