Hijacked Email Thread
External Compromised Account
Spoofed Display Name
Hijacked Email Thread
Fake Document
Fake Document
Back to All Attacks
Attack Details
Attack Date:
Jun 22, 2022

Fake Document Link-based Malware Attack

Initial Email Content

Subject
Re: AMENDED SALE AGREEMENT
Body

Good day!


You can look on a complete list of the needed documents here in one document:


hXXp://rsmzi[.]com/et/uiutsotsn


File password: U523


Hi [Impersonated Employee First Name],


This is received will revert soonest.


Regards


[Recipient Name]

¨"¨


From: [Impersonated Employee Name] <[Impersonated Employee Email Address]>

Sent: Tuesday, September 28, 2021 9:25 AM

To: [Hijacked Thread Recipients]

Subject: RE: AMENDED SALE AGREEMENT


 [Hijacked Thread Contents]

 


Attack Screenshots

No items found.
No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This link-based attack impersonates an employee using a hijacked email thread, an external compromised account, a spoofed display name, and a fake document theme to deliver malware.

Analysis Overview

Type
Malware
Tactic
Hijacked Email Thread
External Compromised Account
Spoofed Display Name
Goal
Malware Delivery
Impersonated Party
Employee - Other
Vector
Link-based
Theme
Fake Document
Language