otx.alienvault.com Open in urlscan Pro
99.86.7.79  Public Scan

URL: https://otx.alienvault.com/pulse/623d76297b2f9f69cbfdf151
Submission: On March 25 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (180527)
Suggest Edit
Clone
Embed
Download
Report Spam



BAD ACTORS TRYING TO CAPITALIZE ON CURRENT EVENTS VIA SHAMELESS EMAIL SCAMS

   
 * Created 36 minutes ago by AlienVault
 * Public
 * TLP: White

Malicious email and phishing scams are usually topical and follow a pattern of
current events. They are usually crafted around calendar and/or trending issues
as attackers realize that victims are interested in all things relevant to the
moment. Threat actors are aware that not all recipients will bite, but some
will, hence the origination of the term “phishing.”

Reference:
https://www.fortinet.com/blog/threat-research/bad-actors-capitalize-current-events-email-scams
Tags:
emotet, ukraine, email phishing, geopolitical conflict, office macros
Industries:
Political, Defense, Government
Targeted Countries:
Ukraine , United States of America , Japan
Malware Family:
Emotet
Att&ck IDs:
T1566 - Phishing , T1114 - Email Collection , T1176 - Browser Extensions , T1102
- Web Service , T1569 - System Services , T1137 - Office Application Startup ,
T1027 - Obfuscated Files or Information , T1193 - Spearphishing Attachment

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (37)
 * Related Pulses (6)
 * Comments (0)
 * History (0)

URL (6)Hostname (1)FileHash-MD5 (5)email (1)FileHash-SHA1 (5)FileHash-SHA256
(19)

TYPES OF INDICATORS

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

hostnameecres231.servconfig.comMar 25, 2022, 7:58:34 AM2

emailinfo@seca.camMar 25, 2022, 7:58:34 AM2

URLhttps://justforanime.com/stratose/PonwPXCl/PE32 executable (DLL) (GUI) Intel
80386, for MS WindowsMar 25, 2022, 7:58:34 AM3

URLhttps://getlivetext.com/Pectinacea/AL5FVpjleCW/Mar 25, 2022, 7:58:34 AM2

URLhttp://piajimenez.com/Fox-C/dS4nv3spYd0DZsnwLqov/Mar 25, 2022, 7:58:34 AM2

URLhttp://janshabd.com/Zgye2/HTML document, ASCII text, with CRLF line
terminatorsMar 25, 2022, 7:58:34 AM2

URLhttp://inopra.com/wp-includes/3zGnQGNCvIKuvrO7T/PE32 executable (DLL) (GUI)
Intel 80386, for MS WindowsMar 25, 2022, 7:58:34 AM2

FileHash-SHA256feec12c64c8bf47ae20dc197ac1c5f0c087c89e9a72a054ba82a20bf6266b447Mar
25, 2022, 7:58:34 AM2

FileHash-SHA256e5a1123894f01197d793d1fe6fa0ecc2bf6167a26ec56bab8c9db70a775ec6bcMar
25, 2022, 7:58:34 AM2

FileHash-SHA2569f2686b83570b7940c577013d522b96ba19e148dac33b6983267470be6a6064bMar
25, 2022, 7:58:34 AM2


SHOWING 1 TO 10 OF 37 ENTRIES
1
2
3
4
Next


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2022 AlienVault, Inc.
   
 * Legal
   
 * Status