Rewterz Threat Alert – Emotet Targets Victims With New Email Templates

Severity

High

Analysis Summary

Emotet is a banking Trojan began being used since 2014. During December 2020, it slightly changed the way its client code checks into the C2 servers. The clients are now adding a path that, at first glance, appears to be a random string with a minimum length of four characters.  A slightly deeper investigation into this traffic shows the path is actually the key from the key/value pair in the posted form data. Besides, Emotet is back at using malicious URLs attached with different templates of malspam. These phishing emails use themes like Application for medical certificate, form for information update for 2020, emails from shipment companies and Open Enrollment 2020-themed insurance baits. Cofense also reports that Emotet has bypassed the gateways of Proofpoint, Microsoft EOP, Mimecast and Cisco IronPort.

By the looks of it, the Emotet actors are masters at creating email templates that timely exploit a user’s emotional response.

Impact

• Security Bypass
• Theft of financial information
• Credential Theft 
• Financial Loss 

Indicators of Compromise

Source IP

• 23.253.207.142
• 46.17.6.116
• 221.154.59.110
• 152.169.32.143
• 50.63.13.135
• 210.111.160.220
• 81.213.145.45
• 172.104.70.207
• 143.95.101.72
• 72.27.212.209
• 83.156.88.159
• 85.105.183.228
• 122.11.164.183
• 187.250.92.82
• 83.110.107.243
• 193.33.38.208
• 78.186.102.195
• 181.197.108.171
• 103.122.75.218
• 113.52.135.33
• 72.69.99.47
• 81.82.247.216
• 190.101.87.170
• 172.105.213.30
• 176.58.93.123
• 95.216.207.86
• 69.30.205.162

URL

• http://3mbapparel.com/ce8p4mw/Scan/23sr2r3h-227136449-4100-o7f3aukln-5ek9w7yx/
• http://abbasghanbari.com/cgi-bin/m2gx-j9l-2674/
• http://abis.abis-dom.ru/wp-content/multifunctional-zone/external-portal/XKnI9c95VXtO-2koeL1odjG8e45/
• http://adrianoogushi.com.br/blogs/available-resource/test-forum/CO37HIcUG-4KiqqruHlj9/
• http://agramarket.com/wp-admin/554841538461/9igxpru22w-3404-624501945-dtenc-cvona7/
• http://agramarket.com/wp-admin/images/Document/
• http://aijiuli.com/wp-content/common-3644746801311-F61eGi6VrRfSERpV/guarded-722116w-9jx99j5uyog/2b51q65tivz
• 3f97-3vw70xy142675/
• http://alfaem.by/wp-includes/wcevu12a6j/ui13miem-1842496-647941-b1maguvyl7-0wm1/
• http://allgamers.ir/wp-content/6270900376591-TrHEgUBtm-sector/verified-portal/3rw-x42z0/
• http://aminulnakla.com/test/5mpub-u9jdh-1356/
• http://amoutleather.com/a/multifunctional_9313571_Y9mwVe/additional_forum/EAvHHxYA2_z07m8sM36w72/
• http://anantasquare.com/wp-content/Documentation/1yzenuu55v/zdx0oqd5mp-79785-92241-lqk84aode-i65yma2m1/
• http://andishkademedia.com/wp-includes/8vcppv-4l1-885316/
• http://anhjenda.net/wp-content/vmpyh5c3pi/
• http://anjumpackages.com/nrri/private_44709616882_WQZDa1KAyj/corporate_V6tkmPmj_jRcx2PfQ/on3_1v7649ys6t1/
• http://aquimero.net/wp-includes/8gdm6-y4kj-461/
• http://archinnovatedesigns.com/wp-includes/464728-V0rjOQkXZi4SSiW-disk/580333-3VP9JZcfWI6-cloud/028eeth-vu553
• tyw/
• http://arielcarter.com/j7foqo2/DOC/iqrh6hczo0cw/
• http://arttoliveby.com/yyrye/private_86192_eZoBMjbfcDvuPq/test_cloud/ws3uh67ha1tup_5128t108/
• http://auliskicamp.in/wp-admin/common_resource/verified_vZUVdO8ppY_CWfMSl2yMCEH/bgJEju1jvH_3iNK6o4Ii4G/
• http://awooddashacabka.com/yt46/open-box/individual-area/yNmy5HQif-8o8tG738h2/
• http://babdigital.com.br/wp-content/esp/6v5nej75l/
• http://bakeacake.com/wp-admin/available-disk/security-warehouse/z1XGaZ-NemjMNrc3a/
• http://bassigarments.com/wp-content/personal-592742204-WBrGGz/4469690-7SOBhN7gbB7s-area/b90h417-wtxsw/
• http://batdongsanhathanh.net/wp-admin/open-resource/568A8V-ILYyxINK-profile/jdux7bsdp-twyu179678t1/
• http://beiramarsushi.com.br/1g3ld9f/closed_n941_aUn1fAfrvX8Bhu/test_warehouse/6N1JhlV_M8oi1aM9Gyw/
• http://best-fences.ru/css/4ey-6v7y0-5856/
• http://betaoptimexfreze.com/bebkat/Reporting/9zooeodt/x827ofzp-289202990-87262-q99cri9-xr06/
• http://bgctexas.com/quietnightcompany/xb1k2g9/personal_zone/test_WlYEqat2Ie_OgiyQ9W40qCyP/bw54a4lhlrx_9636w
• 4uu0xsxt1/
• http://bilgigazetesi.net/a6lwm1m/open_sector/special_forum/Ej4oMEQf3AN_Gudt5tx97J/
• http://bimattien.com/wp-admin/eTrac/ld6u234c3/ga438o-5744266-474284-eejhd-5ctewz/
• http://blicher.info/wp-includes/KPrV/
• http://blog.inkentikaburlu.com/70jjm53klo/sites/2yd7bvuh-505209-64670737-fr4vs-t7zp3cjl0/
• http://blog.sawanadruki.pl/wp-content/uilb8dz6_hwpeyvx_sector/security_warehouse/0gKrzfjYpvFO_3yLM891Meliz/
• http://blogkolorsillas.kolorsillas.com/wordpress/xnq1k-rkkl-803/
• http://bluemedgroup.com/wp-admin/mnfd8_nbij_436575782_UQEO1IVCs4LqadTV/security_profile/XODmvThQGR7_H7vr
• zccMec5/
• http://bmrvengineering.com/wp-admin/FILE/
• http://bookitcarrental.com/wordpress/INC/iddp2ggtm/eccvup8c-3843-818470-69yg4b28wh-w1kxriyo/
• http://bupaari.com.pk/RoyalAdventureClub.com/eTrac/ncevpoamvlp0/
• http://buyrealdocumentonline.com/wp/Documentation/d7mz-688402499-7314933257-fkwggnu-t4ybrvaf7/
• http://cabosanlorenzo.com/wp-load/protected-resource/verifiable-tk2c-3kfk3g9iz/ebub24rmzo8-9u88717yx935/
• http://cacimbanoronha.com.br/wp-content/Scan/
• http://caotruongthanh.com/wp-admin/qeku-4ys4-83891/
• http://carolscloud.com/media/public/
• http://carolzerbini.com.br/6ttp7t0/Overview/qoawf12j0jbp/
• http://carvalhopagnoncelli.com.br/lvqhz/Overview/0rrnguk8z/lg4qyh7-338411-43458560-pp7dts1ba-3msz/
• http://cas.biscast.edu.ph/updates/personal_sector/verifiable_warehouse/D3buvGg_1yyMJGrM6gp/
• http://casaquintaletcetal.com.br/e6viur/04383245_xZw1ZKxX_41063_29gQlRhcVl5eGs/additional_area/4004h_s035tt6461/
• http://casinovegas.in/cgi-bin/protected_module/additional_warehouse/NzQU7EbxmY_mLobpJqHn8Lh8/
• http://catchraccoons.com/wp-admin/open_9135304_x3VG052S9vjEZN/external_warehouse/AgnasV_o0M4JIrNt67j/
• http://caughtonthestreet.com/sh5bne/available_sector/test_mhc3xk01u_if5a3isqhztj4/fwpqcd9admvnur_yuu17s15/
• http://cetpro.harvar.edu.pe/dup-installer/2i5i_r76gl3x5v6vge_disk/individual_profile/NrWPp5_3Hj0zszymw/
• http://championretrievers.com/wp-admin/paclm/mdjx-81327-4043-zujiz-uoi7hp59w4/
• http://charger-battery.co.uk/chargerimages/Reporting/
• http://chatnwax.com/dir/RRETX2MC9ZE7/syc01o4x/
• http://cheappigeontraps.com/wp-admin/personal-resource/guarded-gueidxaiga-544/a4hko1sshe-6530yx62/
• http://cheapraccoontraps.com/wp-admin/parts_service/zn6iszxroew/0vqf-97169-6342681145-z9iyge-xws5/
• http://cherrypointanimalhospital.com/new/parts_service/po53iyxo22m/
• http://chintamuktwelfare.com/wuvke31kdk/open-array/open-space/j2hg7S-Mseglc5d/
• http://chongthamhoanglinh.com/cgi-bin/Reporting/
• http://chooseyourtable.sapian.co.in/wp-includes/x3qc-azmz9-340871/
• http://clurit.com/matematika/images/content/open-array/additional-portal/open-array/additional-portal/3qZqx-tb7HH2Kc
• NhHi82/
• http://collegebolo.in/wp-content/OCT/i91smxgw72t/iayid-933690-003423-pxhqzu7z4-e9fxqjnvn/
• http://collegiatevideoscout.com/piq88y/multifunctional-zone/verifiable-portal/vzwsusvfoq2kbmt-y496uwt7xz68uy/
• http://compworldinc.com/browse/4ni6zf2fq/
• http://contestshub.xyz/wp-content/evfch-p40-368725/
• http://cosmeticsurgeoninkolkata.in/wp-content/multifunctional-zone/security-space/oG7v7CkLAl-jz0rugqbjvi73/
• http://cosmicconsultancy.in/custom-icons/Reporting/
• http://cp.3rdeyehosting.com/wp-includes/esp/
• http://crazyroger.com/cgi-bin/1710496674006_01bd6Zeef0mCJ_disk/external_forum/4dwy_zxz36x4/
• http://creatitif.com/wp-admin/Reporting/
• http://croptool.com/theblackjackmob/Documentation/
• http://crownedbynature.com/jtaa6jtb/LLC/
• http://csa.cries.ro/ckjca7/11206-JdwhXBh41Cj8irAC-resource/individual-warehouse/ay7fc9ll3dnke7e-4yw99s2t6w/
• http://csrngo.in/alfacgiapi/15vu8s-c85u1-9139/
• http://daisybucketdesigns.com/pocketframes/images/aci32rk/eTrac/5w4kiwqito3r/
• http://dalao5188.top/wp-content/open-sector/test-forum/f0pqn-5328/
• http://dastsaz.shop/wordpress/private_array/verifiable_forum/BpajlMaeH_297iwG6jj7pGc/
• http://datrienterprise.com/wp-content/eTrac/7qzoqzrkjyuc/
• http://demo.bragma.com/site/pt48-pk3089b-682065491-ZkL2pS9yz/open-warehouse/LXWiJKrI-62Hui1o9a/
• http://demo.podamibenepal.com/superior/t2c-jpip6-22/
• http://demo.tanralili.com/apehhpf/INC/
• http://designers-platform.com/binzbc/FILE/a69zlr8/
• http://dev.consolidationexpress.co.uk/wp-admin/closed_sector/924553_1wSxAW2z_portal/2EI6ej9js5j_15M1p7xI9Gov/
• http://diamondbreeze.com/wp-content/docs/ig220w-64348062-050708-0o2ix-nk0skuh0/
• http://diecinuevebn.com/cgi-bin/protected-disk/verified-forum/ah7hwmjvvuuy84mx-t467s/
• http://diegojmachado.com/cgi-bin/open_sector/CLp2Etz_eUR1Q6uDDBgHkI_area/bDuOHXDda_cgI6sNcjl1gK/
• http://dishekimieroluzun.com/wp-content/DOC/
• http://dreammotokolkata.com/cqye/iaft92-6lplx-826/
• http://drsudhirhebbar.com/minds/private-sector/open-portal/rb2vj1kuwjbb-swuys/
• http://dubit.pl/site2/pxre-ns-297/
• http://dumann.com.br/z3gy5lb/sites/7bg1i8n2/jvsjhn3j-868085891-343651-sgosfko-20u4kmz2cb/
• http://elitexpressdiplomats.com/cgi-bin/available-array/guarded-5UJi7-pIM1v1g3Q6k6/whf6zxh-txsts2/
• http://empowerlearning.online/wp-admin/ruh006-rgkj-590/
• http://especialistassm.com.mx/inoxl28kgldf/docs/l5rbj6g/iibea-032709148-341719111-6r6auusna-6j9m/
• http://euonymus.info/twxppk/Document/7uo0t4osm95p/
• http://evokativit.com/TEST777/YHErlTl/
• http://evolvedself.com/dir/azpdj41_sugzd3yhwwsy_3709679_Rvta29FrYib/special_QDPYSSWZ1L_PJAv0ICNK1P/2Edulb_98mGeuzy3ty2Lz/
• http://extend.stijlgenoten-interactief.nl/test/Pages/w6014u-84395-6469-hthslxcbne-8vj2et4/
• http://finndonfinance.com/wp-content/Document/wjswrn1s/qgltg-85747767-49820504-2gz892-ydp6o4o4e/
• http://fooladshahr.simamanzar.ir/dup-installer/closed_box/interior_portal/0f6j5b5bga_06zs0/
• http://fozet.in/wp-content/eTrac/hb6yb86ei36/yrqsf32-172576671-4195092231-c97ty6f-5cu2q8hj8/
• http://freestyle.hk/picture_library/eTrac/s9shv2eo/
• http://frezydermusa.com/wp-content/parts_service/fisq814goap0/fhyl68-5565-326796-rr55j9spg-ug9mfyg/
• http://galeriariera.cat/assets/lm/g9zkvryjwq-0524005005-0333576-k58dqx5-326yx/
• http://gameonline11.com/wordpress/pqOAPS/
• http://gargchaat.com/phpmailo/lm/538skcfoe/7vps0iy-66657310-44075-q2gbc4-2vhp2c/
• http://gayweddingsarasota.com/cgi-bin/esp/68f6yd4ehwdr/
• http://gayweddingtampabay.com/cgi-bin/private-2828581710383-rNH3ETP8sT2ggXrt/additional-forum/DEsne0OE5vz-K
• mmglLMf/
• http://geekmonks.com/cgi-bin/common_sector/special_forum/9cfuf_ts9y4twzx0709/
• http://germxit.mu/calendar/4rxl-2932-78/
• http://gestto.com.br/wp-lindge/Scan/
• http://getabat.in/wp-content/closed_module/test_88i6oai_sjwnuscqjjl/abgyQKwZhv6i_inKjGl8hG98/
• http://globalstudymaterial.com/pdf/available-zone/individual-warehouse/vWOq8gdCRu0-ra1nf24iHayat/
• http://goldinnaija.com/wp-admin/sites/xaz6-030261-0911995608-sm9u-99rd1/
• http://gomaui.co/wp-includes/personal-resource/test-area/a9kj-wsuyvw59t/
• http://grace2hk.com/b6vg89hb/common_sector/security_forum/4tx_uu501xxxs/
• http://grahaksatria.com/towed/private_box/additional_forum/x1T0kdo_q89uLjatbqJ8/
• http://greatercanaan.org/wp-admin/Document/kqfz63hy/
• http://grocery2door.com/nkpk/97_dwi59_03276182_sJsjrqR/corporate_warehouse/13wrnaGqqET_lIy0l5eJsNdIc/
• http://groovy-server.com/masjid/backend/web/assets/rhhl/
• http://group8.metropolitanculture.net/wp-admin/multifunctional-sector/verifiable-cloud/l0q-4vww/
• http://haoyun33.com/wordpress/browse/9kmt2hi/
• http://hasung.vn/wp-includes/1bvxk7fvre5_lnci6bcnim_resource/special_forum/5BZ0CZ_p4052N871e/
• http://hfn-inc.com/mail/available-box/security-PgUqz6ktI-GY00tgjAgbFSr5/zy5escaf56fzw5y-y78s2tzu60v7z4/
• http://homecarehvac.com/wp-includes/open_resource/guarded_profile/eshftvv0ht_61x297v2/
• http://indusautotec.com/n8l7suy/open-xNFfQ20VO-FjqtokyzbQ6HGF/security-jdEM-dDzAJO2Ccnx/G3P8qq-MmI2GLf3JdK/
• http://jgx.xhk.mybluehost.me/scarcelli/multifunctional_098152347732_CYNEZ9DFQ/guarded_space/2qq1r_29xuz/
• http://jurness2shop.com/cgi-bin/private_disk/individual_ufyGUNB_QRlHjxmYMMbuaY/30lpuw22llwzm_vx60vx4s/
• http://kallinsgate.com/cw6vmaj/common-2561851-hLdPAOsBNVrNeE/open-space/5irmsa8-8x82zv7t2zw2x/
• http://kanntours.com/wp-security/Overview/yprr0k8-808004671-920995225-dc1d7q7-trbbwtd/
• http://kayzer.yenfikir.com/quadra.goldeyestheme.com/lm/
• http://kelurahanraya.ulvitravel.com/tmp/eTrac/wpag9c-3294986-0565941971-rbtkv0yr0p-rs604o/
• http://kpu.dinkeskabminsel.com/wp-admin/available_229278636_TO7LG1kXBWax3/847166_Zm9B3oXaP_portal/ZcAtrKA
• nB_nJGzswNc/
• http://kyrmedia.com/whnh/closed_zone/test_warehouse/o1yvycunyw222_tz6z71svs35/
• http://lalletera.cat/bootstrap/closed-array/test-warehouse/9y3rm68-7251/
• http://lastminuteminicab.com/l56mcv/Scan/qrg67fldazss/cd38ot-8952552-5429276851-63g720il-z2uwrr/
• http://lindamarstontherapy.com/psqlud/common_1810413_gc4qCpSFYbBM/additional_forum/4kmyjjijspz85_tt20x6w/
• http://liveleshow.com/cgi-bin/open-sEVbZ-kyyyJcjMY/verified-area/n7tk0nygk2up7j-7824vz2y/
• http://lsperennial.com/tnnfxu/545533028378/ofzt2ll4a-4754801-8569215-64d2t-rbtsi5ylgq/
• http://masspaths.org/transcyclist/open-array/69537295-LwrlRuR-portal/riy-u5984475/
• http://mistyvillage.com/inoxl28kgldf/open-sector/individual-forum/TC1AThq8D-H4iKcw9erMc8a7/
• http://monoclepetes.com/disneyworldclassroom/browse/
• http://mosaiclabel.com/4f9xnykaf/common-box/corporate-a30njr6-34dhllfehbjex6/14rm3hr6k358-x32zy5/
• http://myclarkcounty.com/wp-includes/open-resource/open-forum/o6a3exwvzfo-4wwxx8uts7/
• http://myfamilyresearch.org/dir/paclm/
• http://nisanurkayseri.com/fhiq04sgna7/a683w-an3x-4946/
• http://norikkon.com/administrator/16542-fBTLcdbEyJr-sector/VFCLsV-bAwgBBBeBqaJ-forum/fft2z7gdyzqee-8z80w6z68vs/
• http://nunes.ca/s59nlj/DOC/
• http://pascalterjanian.com/logs/multifunctional-2519534-Fs87CEgtQY82H6/verifiable-forum/2iFKNGyl-Ksmyn3gyI/
• http://plaestudio.com/wp-admin/multifunctional-zone/verified-space/zftkjoaw-xzuwtu1228/
• http://pmnmusic.com/backup-1540795171-wp-includes/Document/
• http://productorad10.cl/cdn-cgi/lm/6bwolkvw/
• http://radigio.com/qcloid/Pages/aveebb8ri/
• http://rememberingcelia.com/cgi-bin/private-box/additional-cloud/WoMAYyGYPic-ejGtLw5zKk9132/
• http://richardciccarone.com/watixl/Pages/iwq2bcuhtc/fpl5dh7-1085-7485017905-7upoox-mmwh5rr/
• http://rkpd.ulvitravel.com/cgi-bin/s0pgy-yg3-606/
• http://rozziebikes.com/tshirts/7XOEME6DSPI/l6bpob8m-8104-0278018-y6o222jln-fsxji7gy9l/
• http://safiryapi.net/mainto/private-zone/9977527-TGAtxV-space/noliIDq-ffuwzjN5H8zj/
• http://sakuralabs.com/4gubn/personal-zone/interior-forum/rye8idbdwx6uiw9-vtw0y35413/
• http://scottproink.com/wp-includes/LLC/3nm06yz1og/
• http://sigepromo.com/fonts/multifunctional-sector/security-kojbhnhsfxht47-4qgj/xznv8-35sz95t0t7/
• http://sofiarebecca.com/ybfm/multifunctional-XhmwQuIS-uBXA6FSMcoaXT2/7427993-1AJW4cmy-profile/P0jkvy-gwgs3qvm/
• http://southeasternamateurchampionships.com/0ng1en8p/common-57GaJ-JU2y57Cw9wWp/test-area/1CP3gWMySaac-iixIpxfJ216/
• http://southernlights.org/wp-includes/attachments/13iqe8n/
• http://stlaurentpro.com/25bd/Overview/qnrlmvj/
• http://stluketupelo.net/sermon/Document/
• http://technosolarenergy.com/wpk0/esp/xcggf7f/l41sd6-372903-111521309-pe7nqblm-rnbcyph7/
• http://thebeaversinstitute.org/m6zxne/open_sector/verifiable_grIwVfcE_JNkyS1ABG7O/JOr8Y2_c0N5pfizn8tqv/
• http://thecityglobal.com/creative/DOC/tmi48tldo/8fcpm52kxc-1823-224157721-0k5g3-2ntwz3u/
• http://theconsciouslivingguide.com/w63gh/NQOOE7ZE6E/
• http://theordeal.org/2hqr15/71028031_i0jDg_array/verified_profile/M17xNfJi_afcjbJ9y2/
• http://tinystudiocollective.com/tvtepc/parts_service/c5hlpnbm/04yte-92982998-989677-xuln504d-wj8wr99a0r/
• http://trinituscollective.com/wp-admin/DOC/3k2yxczqa-017872-15130767-6fcy299dtf-5p8y1zk/
• http://turbinetoyz.com/inc/available_sector/open_cloud/7gDaxLdZntQO_f54w1mdqt/
• http://vektra-grude.com/components/sites/xyj3oy2f/
• http://wolvesinstitute.org/wp-admin/INC/muosryq6917p/uozxo9-82202-738575-fbm4hisdv-0q5dy3ciz/
• http://www.africanswoo.com/wp-includes/IOG/
• http://www.bonfireholidays.in/efqog/Documentation/
• http://www.demarplus.com/19sn7/Overview/
• http://www.southwayhomes.co.uk/wp-admin/lm/5x8c1xywx2h/
• http://xhd.qhv.mybluehost.me/Maidentiffany/a4wnq/INC/be5oryde748n/877iw8k2-5677720-10188-kjqm-al3ax20hth/
• http://xn--3jsp48bswaq48h.com/binzbc/protected_disk/WsgEuoVh6_GLg1uIsNZxocly_tdagf_sb0hy87m9gi/jWdMxTd9_a73ophNx/
• http://yourdirectory.website/Mccracken/eTrac/rpiglgay-1418052884-1524951880-uuys-0fxj/
• https://bipinvideolab.com/wp-admin/51917864823222027/b0n0hcp4sl83/
• https://crossworldltd.com/wp-includes/48p5-o3ih-71/
• https://flexwebsolution.com/assets/multifunctional_disk/external_forum/7aa8z9os32iqygd_3gp4h/
• https://gurukool.tech/assets/t85vawx7s2xbi3q-1mvazihmr-module/interior-forum/gEwMX8-s0pLx8jJMLhGN/
• https://keshavalur.com/css/WRssOm/
• https://makmursuksesmandiri.com/wp-content/e3tpt3cph1wncut-ika4etq8sml6-sector/interior-htMCj-UR5CVYGd/bnb5oaopu0ptx-0wyytzw7u5/
• https://misterglobe.org/generall/Overview/i9y202-334800485-67760472-jj04w2e19-xppp1/
• https://mountainstory.pk/qoaij52hfs1d/common_FOQqDSi_Q50ORC3MzecY/guarded_9ode8j8xa3q9fa_3a14tqqj/x1e_418t92/
• https://murraysautoworks.com/contact/6VE37Q01O/50v2q5af8tv/y27daizl9-678276-439755027-2i7xojwpjd-ryyu/
• https://nhakhoachoban.vn/wp-includes/paclm/
• https://power-charger.co.uk/faq/Reporting/g30g4b8wvh/0w5c-2857976-135390-1dg1e-bjus2/
• https://risefoundations.in/rise/8448397_cee81q_jftx3_eseQqSx/corporate_pfmWWf_7uk8kfJTJvUrTR/OvdwZPUQy_ntycKI1ipM2/
• https://sharefoundation.in/wp-admin/multifunctional_module/test_cloud/oJuKHM3ik_Mee0ttbGc/
• https://summit2018.techsauce.co/startup/sYHAteT/
• https://timestampindia.com/citech/Document/
• https://twincitiesfrugalmom.com/wp-admin/eTrac/9porgmi/ul99a0-5568735694-75056-vt6wk395a-yymz6f/
• https://www.jadegardenmm.com/engl/docs/h85me2-45331562-6525577-0c62dwu3hl-mk47l/
• https://www.u4web.com/bnkddo/open_disk/guarded_kzfciuyy_v4gqdp/1dOq8z5_ILk0gJmw/

Remediation

• Block the threat indicators at their respective controls.
• Do not click on URLs attached in emails coming from untrusted sources, even if they look harmless and appealing.