This article discusses the monitoring of phishing email threats by AhnLab Security Intelligence Center (ASEC) during the fourth quarter of 2024, highlighting the types and statistics of phishing emails with attachments. The primary focus is on the FakePage threat, which impersonates legitimate login pages. Affected: phishing emails
Keypoints :
- ASEC monitors phishing email threats using RAPIT and honeypots.
- The article focuses on phishing emails with attachments, excluding those with malicious links.
- FakePage is the most common phishing email attachment type at 74%.
- Trojans and downloaders follow, accounting for 12% and 10%, respectively.
- Phishing email attachments primarily use web page scripts (64%) and compressed files (21%).
- Notable changes in threat types compared to Q3 2024 include an increase in FakePage and a decrease in Downloader and Infostealer.
- Statistics on attachment extensions show a rise in HTML and script types for stealing accounts.
MITRE Techniques :
- Phishing (T1566) – Threat actors impersonate legitimate entities to deceive users into providing credentials.
- Credential Dumping (T1003) – Information collected from FakePage is transmitted to C2 servers.
- Malware (T1203) – Use of malicious attachments such as Trojans and downloaders to execute harmful code.
Indicator of Compromise :
- [file name] HTML
- [file name] SHTML
- [file name] HTM
- [file name] RAR
- [file name] ZIP
- Check the article for all found IoCs.
Full Research: https://asec.ahnlab.com/en/85700/