High
Trickbot operators are launching personalized and targeted spear phishing campaigns to lure victims into downloading Trickbot. The malspam campaign uses YOUR NAME (or Organization name) + PROVOCATIVE ADJECTIVES/VERB that will definitely get your attention. The Tricky tricksters from TrickBot used OSINT (Open-source intelligence) data (full name, their company, phone number, job title) to target professional at medium to large enterprise companies. Below is the email content.
Dear *Name_of_Victim*,
Private and Confidential
One of your workmates at Victim’s Workplace, has lodged a complaint with the Palos Hills division of the Equal Employment Opportunity Commission that you manifested behavior considered as sexual harrassment.
Seeing one’s name and organization’s name in an email doubles the likelihood of victims clicking on the malicious links attached in these malspam campaigns.I
Domain Name
ftpthedocgrp[.]com
Email Subject
Attn: Name_of_Victim – A grievance raised against you.
Filename
Name_of_Victim – Harassment complaint letter (phone 111-222-3333).doc
MD5
SH256
Source IP
URL
hxxp[:]//ftpthedocgrp[.]com/backup[.]msi%20/q