Initial Email Content
Subject
Re: [Hijacked Thread Subject]
Body
Good morning,
Take a look at this document and let me know your opinion.
Thank you
[Hijacked thread contents]
> From: [Internal Employee Name] <[External Third Party Email]>
> Sent: Thursday, April 1, 2021 3:45 PM
> To: [Recipient Name] <[Recipient Email Address] >
> Subject: Fwd: [Hijacked Thread Subject]
>
>
[Hijacked thread contents]
>
> From: [External Third Party Name] <[External Third Party Email]>
> Sent: Thursday, April 1, 2021 11:00:59 AM
> To: [Internal Employee Name] <[Internal Employee Email]>
> Subject: [Hijacked Thread Subject]
>
[Hijacked thread contents]
Attack Screenshots
No items found.
No items found.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This payload-based attack impersonates an external third party using a hijacked email thread and an external compromised account to deliver malware.
Analysis Overview
Type
Tactic
Hijacked Email Thread
External Compromised Account
Goal
Malware Delivery
Impersonated Party
External Party - Other
Vector
Payload-based
Theme
No items found.
Language