This report outlines the statistics, trends, and case details regarding phishing emails analyzed in February 2025, revealing that phishing remains the dominant type of threat. The threat actors often employ HTML scripts to deceive users into providing their credentials through fake webpages. Affected: phishing emails, users’ credentials, malware distribution
Keypoints :
- 78% of phishing email attachments were identified as phishing.
- Threat actors mimic legitimate pages using HTML scripts.
- Hyperlinks in documents, such as PDFs, lead to phishing websites.
- Statistics presented on attachment file formats for phishing emails.
- Distribution of phishing emails in Korean language was highlighted.
- Case studies focused on attachment formats including Script, Document, and Compress.
- Malware types distributed include downloader and infostealer.
- Executable files in .NET format are increasingly used in phishing attacks.
- External links in documents trigger malicious behavior when opened.
- The report includes additional data including C2 addresses and email body details.
MITRE Techniques :
- Phishing (T1566) – Threat actors use scripts in phishing emails to lure victims into entering credentials.
- Credential Dumping (T1003) – Credentials collected through phishing are sent to C2 servers.
- User Execution (T1203) – Users are prompted to execute malicious documents that trigger downloads.
- Abuse Elevation Control Mechanism (T1068) – Executables are packed to evade detection.
Indicator of Compromise :
- MD5 02d3d668592891bcf4f050e3d8c0f047
- MD5 03919b5ce5ee158a5b77585d30a26065
- MD5 0422f0de67654910c5e91ff2a49be7b9
- MD5 1be217456fa30b8b78bfb2043bbf7d0f
- MD5 1ee896eb5062be71b5a64050b1475a48
Full Story: https://asec.ahnlab.com/en/86685/
Views: 34