GreenSpot APT phishing campaigns target 163.com users, attempting to steal credentials through fake login pages without embedding malicious attachments. While currently not direct threats, future modifications could introduce risks. Affected: 163.com, users of GreenSpot phishing campaigns
Keypoints :
- GreenSpot APT is conducting phishing campaigns.
- Fake login pages prompt users to enter credentials twice.
- The intention behind these sites is to confirm user password accuracy.
- GreenSpot’s focus is primarily on credential theft, with no immediate malicious software in attachments.
- The tactics of GreenSpot are considered sophisticated and professional.
- Future updates to attachments could pose potential threats.
MITRE Techniques :
- T1071 – Application Layer Protocol: Utilized by communicating with phishing sites to lure victims.
- T1566 – Phishing: Employed to trick users into providing personal credentials through fake login pages.
- T1083 – File and Directory Discovery: Access to attach files for potential downloading.
Indicator of Compromise :
- [URL] hxxp[:]//mail.eco163[.]com/
- [URL] hxxps[:]//l2024163[.]com/
- [URL] hxxps[:]//chamber.icu/
- [MD5] f205b862f6e72b5eaf303de4c6c61df1
- [SHA-1] cd5f033a40b739f2e7ab5b4ffbfeea72
Full Story: https://malwareanalysisspace.blogspot.com/2025/02/greenspot-apt-phishing-campaigns-with.html
Views: 41