This is an advisory on a reported phishing attempt involving a pdf document, which redirects user to a malicious site when opened.
A team member reported a phishing attempt involving a PDF attachment which, when clicked, redirects the user to the URL lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php. This URL leads to a malicious site. The PDF was labelled as “Offer for Purchase.PDF”.
Last night, one of our team members observed a phishing attempt. They reported having received a PDF attachment from paulo[@]novahometeam[.]com. Clicking on the PDF redirected them to the URL lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php which is a malicious site capable of transferring malware to your system.
The attachment is named “Offer for Purchase.PDF”. The IP analysis of the source of this phishing attempt produced the IP: 80.211.69[.]217.
The phishing attempt was made from Europe, with a country code of Italy.
It is recommended to avoid clicking all such PDFs received from unusual sources. Moreover, members are advised to block the following threat indicators.
paulo[@]novahometeam[.]com
hxxp://lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php
80.211.69[.]217.
If you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.