Rewterz Threat Alert – Shipping Themed Malspam – IoCs
March 8, 2019Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 8, 2019Rewterz Threat Alert – Shipping Themed Malspam – IoCs
March 8, 2019Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 8, 2019Severity
Medium
Analysis Summary
A recent campaign of chase themed phishing emails has been observed and is being sent actively to different users containing an embedded url.
The body of the email looks like this:
******** INTERNET EMAIL SECURITY ADVISORY ******** Think Before You Click! Suspicious? Contact Tech Support! ******** INTERNET EMAIL SECURITY ADVISORY ********
This is a secure message from Chase Smallbusiness.
Hello ,
You scheduled a payment of $2,110.64 for your account ending in Regular Personal Checking-4077.
hxxps://secmail[.]Chase[.]com/formpostdir/securereader?id=wKBgK-4O7ktmM5dO5tT3_gXeQFACuH-xY&brand=04044160 <Embedded URL>
You scheduled a payment of $2,110.64 for your account ending in Regular Personal Checking-4077.
Banking, credit card, automobile loans, mortgage and home equity products are provided by Chase, N.A. and affiliated banks, Members FDIC and wholly owned subsidiaries of Chase Corporation. Credit and collateral are subject to approval. Terms and conditions
apply. This is not a commitment to lend. Programs, rates, terms and conditions are subject to change without notice.
Questions about banking, mortgage, and investment services?
Call 1-800-869-3557, 24 hours a day – 7 days a week
Small business customers 1-800-225-5935
24 hours a day – 7 days a week
Indicators of Compromise
IP(s) / Hostname(s) | 185.162.31[.]140 |
URLs | hxxp://alegriavzw[.]be/tmp/sendincverif/messages/sec/En_en/032019/ |
Email Subject | Chase Smallbusiness |
Remediation
- Block the threat indicators at their respective controls.
- Always be suspicious of the emails being sent from users that are unknown.
- Never click on the links/ attachments sent on emails by unknown senders.