Rewterz Threat Alert – Multiple Phishing Campaigns Dropping Emotet Malware and Stealing Information
February 15, 2019Rewterz Threat Alert – The TRITON Malware Framework – Reverse-Engineering a Recent ICS Cyberattack
February 19, 2019Rewterz Threat Alert – Multiple Phishing Campaigns Dropping Emotet Malware and Stealing Information
February 15, 2019Rewterz Threat Alert – The TRITON Malware Framework – Reverse-Engineering a Recent ICS Cyberattack
February 19, 2019Severity: Medium
Analysis Summary
A new malspam campaign has been observed dropping malicious links. This phishing campaign uses the subject of “Transaction Refund” and the emails contain a link which looks harmless when checked on VirusTotal. Upon closer analysis, the link contains another URL embedded within itself which was detected as malware when searched separately.
Impact
Malware Infection
Indicators of Compromise
IP(s) / Hostname(s)
188[.]165[.]243[.]10
www[.]elkhebar[.]net
URLs
hxxps://clicktime[.]cloud[.]postoffice[.]net/clicktime[.]php?u=http%3a%2f%2fwww[.]elkhebar[.]net%2fdoc%2fyfxeyep2y_pyaqjsbgt-xdr&e=
hxxp[:]//www.elkhebar[.]net/doc/yfxey-ep2y_pyaqjsbgt-xdr&e=
Email Subject
Transaction Refund
Remediation
- Block the threat indicators at their respective controls.
- Do not download email attachments and do not click on links attached in emails from unknown sources.