March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Fake Voicemail Phishing Campaigns
July 22, 2020
Rewterz Threat Advisory – CVE-2020-8207 – Citrix Workspace app for Windows Security Update
July 22, 2020
Rewterz Threat Alert – Fake Voicemail Phishing Campaigns
July 22, 2020
Rewterz Threat Advisory – CVE-2020-8207 – Citrix Workspace app for Windows Security Update
July 22, 2020
Severity
Medium
Analysis Summary
Researchers analyzed a phishing campaign using legitimate links to bypass detection. The initial email is generated when the attacker shares a file via Dropbox Transfer with the target user. The filename uses a purchase order theme to socially engineer the victim. Clicking the link to view the shared file will take the users to a download prompt on the the Dropbox Transfer website. If the user falls victim to this lure and downloads the file, an HTML file is saved to the system. Opening this file leads to the victim to a fake Microsoft login page hosted on Weebly, a free website builder, once again using a legitimate resource to avoid detection. Submitting credentials redirects users to the legitimate Microsoft Office webpage and likely exfiltrates the entered data to the attacker.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
IP
- 162[.]125[.]6[.]1
- 199[.]34[.]228[.]53
- 199[.]34[.]228[.]54
URL
- hXXps[:]//www[[.]]dropbox[[.]]com/l/AADOPQGXtuDK03QYuvJqI0MbDlDxBTV28Cs
- hXXps[:]//www[[.]]dropbox[[.]]com/l/AAAtWq-LVZcqXBnFLinUi9rB3LpEijuPo78
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.