This article provides information on phishing email attacks observed from December 22 to December 28, 2024, detailing email subjects, attachments, and URLs. It distinguishes between fake login pages and malware types, including information stealers and downloaders. The phishing emails discussed contain attachments, with the numbers in the email subjects and attachment names typically serving as unique IDs that may vary by recipient. Affected Platform: Email
Keypoints :
- Phishing email attacks were reported between December 22 and December 28, 2024.
- The article categorizes phishing emails into fake login pages and malware types.
- Only emails with attachments are considered in the phishing cases discussed.
- Email subjects and attachment names often contain unique ID values that can differ among recipients.
- Examples of phishing email subjects and their corresponding attachments are provided.
MITRE Techniques :
- Phishing (T1566) – The article details various phishing emails designed to deceive recipients into clicking malicious links or downloading harmful attachments.
- Credential Dumping (T1003) – Fake login pages are used to capture user credentials.
- Data Encrypted for Impact (T1486) – Malware types discussed can include information stealers that may encrypt stolen data.
Indicator of Compromise :
- [file name] 2024_Bonus_Distribution_Schedule.docx
- [file name] SELR005046808.html
- [file name] FACTURA-45789.zip
- [file name] IN27545R.z
- [file name] STATEMEN.zip
- Check the article for all found IoCs.
Full Research: https://asec.ahnlab.com/ko/85521/