Rewterz Threat Alert – Phishing with Worms – Unique Credential Theft
September 30, 2020Rewterz Threat Alert – Qakbot (Qbot) Active Campaign – IoCs
September 30, 2020Rewterz Threat Alert – Phishing with Worms – Unique Credential Theft
September 30, 2020Rewterz Threat Alert – Qakbot (Qbot) Active Campaign – IoCs
September 30, 2020Severity
Medium
Analysis Summary
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems but in reality, they are redirected to a fake Outlook login page that steals their credentials. The phishing emails in question, entitled “Re: Microsoft Windows Upgrade,” use the “re” prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade. The email tells recipients, “Your Office Windows computer is Outdated and an Upgrade is scheduled for replacement Today,” and includes a schedule. Below, it then tells users, “To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site,” pointing to a URL. This link then takes the recipient to the phishing landing page.
Impact
Credentials theft
Indicators of Compromise
Email Subject
- Re[:] Microsoft Windows Upgrade
IP
- 104[.]160[.]64[.]9
URL
- https[:]//app[.]getresponse[.]com/site2/ken23456789765?u=w3DxF&webforms_id=hlvzr
Remediation
- Block all threat indicators at your respective control.
- Always be suspicious about emails sent by unknown senders
- Never click on links/ attachments sent by unknown senders.