How Mail Carrier Phishing Emails Tricked Businesses | Votiro
Tags
| country: | China Italy |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | c1426354-2122-4d45-818e-22c9ebe55534 |
| Fingerprint | ee5f8d1b3b17ea8e |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | May 5, 2020, 8:37 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 16, 2024, 7:04 p.m. |
| Headline | Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Campaign |
| Title | How Mail Carrier Phishing Emails Tricked Businesses | Votiro |
| Detected Hints/Tags/Attributes | 32/3/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | geronaga.com |
|
| Details | Domain | 2 | now.cn |
|
| Details | Domain | 1 | host242-180-static.131-212-b.business.telecomitalia.it |
|
| Details | Domain | 1 | zujohur.fodewox.njppsagent8.ups.com |
|
| Details | Domain | 5 | ups.com |
|
| Details | Domain | 7 | fedex.com |
|
| Details | Domain | 1 | pvma00009.prod.fedex.com |
|
| Details | Domain | 123 | ipinfo.io |
|
| Details | Domain | 6 | dhl.com |
|
| Details | 1 | 398094.20200420134554@zujohur.fodewox. |
||
| Details | 1 | billingonline@fedex.com |
||
| Details | 1 | firstname.lastname@dhl.com |
||
| Details | sha256 | 1 | e6c5862320ae7d8032fab1292121a98ca55e3842211112b8b9f2a2578b3e4dc0 |
|
| Details | sha256 | 1 | 8e06789e952991e6fc483ab0e6bbf08a123922ba354a75c9dc9dcc759c60c194 |
|
| Details | IPv4 | 1 | 116.17.62.149 |
|
| Details | Url | 1 | https://now.cn |
|
| Details | Url | 1 | https://ipinfo.io/116.17.62.149 |