November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Gear up for WannaCry 2.0
June 25, 2018Rewterz Threat Advisory – New Variant of Satan Ransomware
July 5, 2018Gear up for WannaCry 2.0
June 25, 2018Rewterz Threat Advisory – New Variant of Satan Ransomware
July 5, 2018
This is an advisory on a reported phishing attempt involving a pdf document, which redirects user to a malicious site when opened.
IMPACT: Normal
PUBLISH DATE: 26-06-2018
OVERVIEW
A team member reported a phishing attempt involving a PDF attachment which, when clicked, redirects the user to the URL lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php. This URL leads to a malicious site. The PDF was labelled as “Offer for Purchase.PDF”.
BACKGROUND INFORMATION
Last night, one of our team members observed a phishing attempt. They reported having received a PDF attachment from paulo[@]novahometeam[.]com. Clicking on the PDF redirected them to the URL lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php which is a malicious site capable of transferring malware to your system.
The attachment is named “Offer for Purchase.PDF”. The IP analysis of the source of this phishing attempt produced the IP: 80.211.69[.]217.
The phishing attempt was made from Europe, with a country code of Italy.
RESOLVE
It is recommended to avoid clicking all such PDFs received from unusual sources. Moreover, members are advised to block the following threat indicators.
paulo[@]novahometeam[.]com
URL
hxxp://lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php
IP
80.211.69[.]217.
If you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.