Malicious Spam Campaign Delivers Static Phishing Page

Share On Facebook
Share On Twitter
Share On Linkedin

Author: Nathan Toporek

TLP: WHITE

On 20 September, Infoblox observed a malicious spam (malspam) campaign delivering a malicious HTML file capable of phishing for credentials. While threat actor(s) used generic lures in their emails, the HTML file specifically targeted WeTransfer, a file-sharing service.

Threat actors used a malicious HTML file in this campaign that is not related to any family of malware that Infoblox is aware of. The file harvests and exfiltrates WeTransfer credentials.

In this campaign, threat actors sent victims an email with a subject of Request for Quotation-Urgent!!!. While the message body was empty, the email did include an HTML file attachment named order – Copy.html.

Infoblox’s full report on this campaign will be available soon on our Threat Intelligence Reports page.

 

 

Labels:

Infoblox Threat Intel

Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access give us a backstage pass to the internet's inner workings. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox DNS Detection and Response solutions, so customers automatically get the benefits of it, along with ridiculously low false positive rates.

View All Posts

You might also be interested in

You might also be interested in

×