Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Can I trust SonicWall's analysis?

LarryLarry Cybersecurity Overlord ✭✭✭

Received the following email, with attachment ORDER_1910802.pdf.

Dear customer,

Thank you for choosing us and our products! processing your order.

Please note that your parcel might get in late due to COVID-19 alert. Your order № is WF50G0Y5W

We would like to let you know that your order may include a couple of packages with various conveyance dates.

It will be shipped out within 4 business days via DHL, per your request.

Your charge incorporates the whole cost and shipping costs. We really hope you will stay pleased with our products.

By any chance that you might want to change or drop the order, feel free to contact us through our Customer Service Center at: +1(716)-3094-249.

Respectfully yours, sport nutrition online store MegaBody Nutritions US.

This email has been checked for viruses by avast antivirus software

Clearly this is a scam.

I saved the PDF file and uploaded it to Capture ATP for analysis. The report came back clean.

I am curious to know what the contents of this file are so that I can write an article about this kind of thing and warn my clients. But...

I really need to know if I can trust the C-ATP result.

Any thoughts?

Category: Firewall Security Services
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @Larry,

    Could you try to scan the file on https://www.virustotal.com/gui/ to check if the file is reported as Malicious? If so, we can raise concern to the respective team.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • LarryLarry Cybersecurity Overlord ✭✭✭

    Good suggestion. Here's the result:


    Of note, however, are the "unreported" entities at the bottom of the list:


    Of particular concern is SentinelOne - which is the basis for SonicWall's Capture Client.

    Triple-checking now with the folks at Cynet.

  • SaravananSaravanan Moderator

    @Larry - SonicWall Capture Client uses SentinelOne agent for analysis. Our CATP service uses Sandboxing technology at Cloud for analysis.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • LarryLarry Cybersecurity Overlord ✭✭✭

    It turns out that the PDF file contained a very nicely formatted invoice - quite unlike the very badly formatted email.

    I'm guessing a script kiddie didn't quite create the payload the way it should have been.

    All good.

  • SaravananSaravanan Moderator

    @Larry - Sounds interesting. Glad to know that all good for now. Cheers!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.