Filter by SEG

SEG

Tactic

Theme

Real Phishing Example: This attack relies on trust in a popular cloud storage provider and includes a link to a .js file that downloads and executes Ursnif.

ENVIRONMENTS: Proofpoint

TYPE: Ursnif

FOUND ON: 07/30/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This attack relies on trust in a popular cloud storage provider and includes a link to a .js file that downloads and executes Ursnif.

Real Phishing Example: This insurance-themed phish delivers an attached .zip archive. Enabling the macros in the provided Microsoft Office document will install the IcedID trojan.

ENVIRONMENTS: Proofpoint

TYPE: Iced-ID

FOUND ON: 07/30/2020

TACTIC: Attachment-ZIP

THEME: Insurance

PHISHING EXAMPLE DESCRIPTION: This insurance-themed phish delivers an attached .zip archive. Enabling the macros in the provided Microsoft Office document will install the IcedID trojan.

Learn More
Real Phishing Example: This spoofed voicemail notification uses an attached .htm file to mimic a Microsoft page to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/29/2020

TACTIC: Attachment-HTM

THEME: Voicemail

PHISHING EXAMPLE DESCRIPTION: This spoofed voicemail notification uses an attached .htm file to mimic a Microsoft page to steal credentials.

Learn More
Real Phishing Example: This spoofed voicemail notification uses an attached .htm file to mimic a Microsoft page to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Theft

FOUND ON: 07/29/2020

TACTIC: Attachment-HTM

THEME: Voicemail

PHISHING EXAMPLE DESCRIPTION: This spoofed voicemail notification uses an attached .htm file to mimic a Microsoft page to steal credentials.

Learn More
Real Phishing Example: This purchase-order themed attack delivers a Dropbox-hosted link to an archive holding the NanoCore Remote Access Trojan.

ENVIRONMENTS: Proofpoint

TYPE: NanoCore

FOUND ON: 07/28/2020

TACTIC: Link

THEME: Purchase Order

PHISHING EXAMPLE DESCRIPTION: This purchase-order themed attack delivers a Dropbox-hosted link to an archive holding the NanoCore Remote Access Trojan.

Learn More
Real Phishing Example: Posing as an email quarantine message, this attack delivers an embedded link to a credential phishing site.

ENVIRONMENTS: O365-ATP

TYPE: Credential Theft

FOUND ON: 07/28/2020

TACTIC: Link

THEME: Quarantine

PHISHING EXAMPLE DESCRIPTION: Posing as an email quarantine message, this attack delivers an embedded link to a credential phishing site.

Real Phishing Example: This logistics company spoof offers an invoice as a lure, delivering a .xxe archive that contains GuLoader, which will install the Remcos Remote Access Trojan.

ENVIRONMENTS: Proofpoint

TYPE: Remcos RAT

FOUND ON: 07/28/2020

TACTIC: Attachment-XXE

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: This logistics company spoof offers an invoice as a lure, delivering a .xxe archive that contains GuLoader, which will install the Remcos Remote Access Trojan.

Real Phishing Example: This phish delivers an attached PDF with embedded links to a credential phishing site.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/28/2020

TACTIC: Attachment-PDF

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: This phish delivers an attached PDF with embedded links to a credential phishing site.

Real Phishing Example: This phish spoofs a logistics company and, using an embedded URL, delivers the Smoke Loader that then downloads Raccoon Stealer and Avaddon Ransomware.

ENVIRONMENTS: Proofpoint

TYPE: Avaddon

FOUND ON: 07/27/2020

TACTIC: Link

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: This phish spoofs a logistics company and, using an embedded URL, delivers the Smoke Loader that then downloads Raccoon Stealer and Avaddon Ransomware.

Learn More
Real Phishing Example: This phish spoofs a logistics company and, using an embedded URL, delivers the Smoke Loader that then downloads Raccoon Stealer and Avaddon Ransomware.

ENVIRONMENTS: Ironport

TYPE: Avaddon

FOUND ON: 07/27/2020

TACTIC: Link

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: This phish spoofs a logistics company and, using an embedded URL, delivers the Smoke Loader that then downloads Raccoon Stealer and Avaddon Ransomware.

Learn More
Real Phishing Example: This phish spoofs a logistics company and, using an embedded URL, delivers the Smoke Loader that then downloads Raccoon Stealer and Avaddon Ransomware.

ENVIRONMENTS: Mimecast

TYPE: Avaddon

FOUND ON: 07/27/2020

TACTIC: Link

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: This phish spoofs a logistics company and, using an embedded URL, delivers the Smoke Loader that then downloads Raccoon Stealer and Avaddon Ransomware.

Learn More
Real Phishing Example: This finance-themed phish uses an embedded URL disguised as a PDF to deliver the Pyrogenic Stealer.

ENVIRONMENTS: Proofpoint

TYPE: Pyrogenic Stealer

FOUND ON: 07/27/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed phish uses an embedded URL disguised as a PDF to deliver the Pyrogenic Stealer.

Real Phishing Example: This phish pretends to be from the US Small Business Administration with details about an approved funding request. The embedded URL leads to a credential phishing page.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/27/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This phish pretends to be from the US Small Business Administration with details about an approved funding request. The embedded URL leads to a credential phishing page.

Learn More
Real Phishing Example: A document-themed email delivers a PDF containing an embedded link that downloads and executes the FormGrabber malware.

ENVIRONMENTS: Mimecast

TYPE: FormGrabber

FOUND ON: 07/23/2020

TACTIC: Attachment-PDF

THEME: Document

PHISHING EXAMPLE DESCRIPTION: A document-themed email delivers a PDF containing an embedded link that downloads and executes the FormGrabber malware.

Real Phishing Example: This Coronavirus-themed phishing attack spoofs the Human Resources department to encourage the recipient to click the link and give up their credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/23/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed phishing attack spoofs the Human Resources department to encourage the recipient to click the link and give up their credentials.

Learn More
Real Phishing Example: This Coronavirus-themed attack delivers an embedded link that leads to a credential phishing page.

ENVIRONMENTS: Ironport

TYPE: Credential Theft

FOUND ON: 07/23/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed attack delivers an embedded link that leads to a credential phishing page.

Real Phishing Example: This phishing attack uses a quotation theme to lure the recipient into clicking the image link to download the Agent Tesla keylogger

ENVIRONMENTS: Proofpoint

TYPE: Agent Tesla

FOUND ON: 07/22/2020

TACTIC: Link

THEME: Quotation

PHISHING EXAMPLE DESCRIPTION: This phishing attack uses a quotation theme to lure the recipient into clicking the image link to download the Agent Tesla keylogger

Real Phishing Example: This phishing attack uses an attached PDF with links to a macro-laden Microsoft Office document to deliver first Emotet and then QakBot.

ENVIRONMENTS: Proofpoint

TYPE: QakBot

FOUND ON: 07/21/2020

TACTIC: Attachment-PDF

THEME: Reply Chain

PHISHING EXAMPLE DESCRIPTION: This phishing attack uses an attached PDF with links to a macro-laden Microsoft Office document to deliver first Emotet and then QakBot.

Learn More
Real Phishing Example: This phishing attack uses an attached PDF with links to a macro-laden Microsoft Office document to deliver first Emotet and then QakBot.

ENVIRONMENTS: O365-EOP

TYPE: QakBot

FOUND ON: 07/21/2020

TACTIC: Attachment-PDF

THEME: Reply Chain

PHISHING EXAMPLE DESCRIPTION: This phishing attack uses an attached PDF with links to a macro-laden Microsoft Office document to deliver first Emotet and then QakBot.

Learn More
Real Phishing Example: This response-themed campaign delivers a password-protected Zip archive containing a macro-enabled Microsoft Office document that will download and execute the Iced-ID malware.

ENVIRONMENTS: O365-ATP

TYPE: Iced-ID

FOUND ON: 07/21/2020

TACTIC: Attachment-ZIP

THEME: Response

PHISHING EXAMPLE DESCRIPTION: This response-themed campaign delivers a password-protected Zip archive containing a macro-enabled Microsoft Office document that will download and execute the Iced-ID malware.

Real Phishing Example: This delivery-themed phish spoofs the United States Postal Service and delivers embedded URLs to download and execute the Ratty malware.

ENVIRONMENTS: O365-ATP

TYPE: Ratty

FOUND ON: 07/21/2020

TACTIC: Link

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: This delivery-themed phish spoofs the United States Postal Service and delivers embedded URLs to download and execute the Ratty malware.

Real Phishing Example: Using reply-chain tactics to trick a recipient into following the embedded links to the Pyrogenic Stealer malware, this phishing attack uses a finance theme to spoof an Accounts Payable department.

ENVIRONMENTS: Proofpoint

TYPE: Pyrogenic Stealer

FOUND ON: 07/20/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: Using reply-chain tactics to trick a recipient into following the embedded links to the Pyrogenic Stealer malware, this phishing attack uses a finance theme to spoof an Accounts Payable department.

Real Phishing Example: Using reply-chain tactics to trick a recipient into following the embedded links to the Pyrogenic Stealer malware, this phishing attack uses a finance theme to spoof an Accounts Payable department.

ENVIRONMENTS: O365-EOP

TYPE: Pyrogenic Stealer

FOUND ON: 07/20/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: Using reply-chain tactics to trick a recipient into following the embedded links to the Pyrogenic Stealer malware, this phishing attack uses a finance theme to spoof an Accounts Payable department.

Real Phishing Example: Posing as a Human Resources representative, this tax-themed phishing attack uses Infogram URLs to capture email login credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/20/2020

TACTIC: Link

THEME: Tax

PHISHING EXAMPLE DESCRIPTION: Posing as a Human Resources representative, this tax-themed phishing attack uses Infogram URLs to capture email login credentials.

Real Phishing Example: A voicemail-themed phishing attack leads to a Google Forms page that captures and exfiltrates login credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/19/2020

TACTIC: Link

THEME: Voicemail

PHISHING EXAMPLE DESCRIPTION: A voicemail-themed phishing attack leads to a Google Forms page that captures and exfiltrates login credentials.

Learn More
Real Phishing Example: A voicemail-themed phishing attack leads to a Google Forms page that captures and exfiltrates login credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Theft

FOUND ON: 07/19/2020

TACTIC: Link

THEME: Voicemail

PHISHING EXAMPLE DESCRIPTION: A voicemail-themed phishing attack leads to a Google Forms page that captures and exfiltrates login credentials.

Learn More
Real Phishing Example: This HR-themed phish delivers a link to a SharePoint site that hosts a credential phishing page.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/15/2020

TACTIC: Link

THEME: HR

PHISHING EXAMPLE DESCRIPTION: This HR-themed phish delivers a link to a SharePoint site that hosts a credential phishing page.

Learn More
Real Phishing Example: The attackers behind this phish spoof an email quarantine service to encourage the recipient to click and give up their credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/15/2020

TACTIC: Link

THEME: Quarantine

PHISHING EXAMPLE DESCRIPTION: The attackers behind this phish spoof an email quarantine service to encourage the recipient to click and give up their credentials.

Real Phishing Example: The attackers behind this phish spoof an email quarantine service to encourage the recipient to click and give up their credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Theft

FOUND ON: 07/15/2020

TACTIC: Link

THEME: Quarantine

PHISHING EXAMPLE DESCRIPTION: The attackers behind this phish spoof an email quarantine service to encourage the recipient to click and give up their credentials.

Real Phishing Example: The attackers behind this phish spoof an email quarantine service to encourage the recipient to click and give up their credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Theft

FOUND ON: 07/15/2020

TACTIC: Link

THEME: Quarantine

PHISHING EXAMPLE DESCRIPTION: The attackers behind this phish spoof an email quarantine service to encourage the recipient to click and give up their credentials.

Real Phishing Example: This Coronavirus-themed phish spoofs the World Health Organization to convince the recipient to click the link and enter login credentials and then directs to a Google Drive-hosted PDF.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/14/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed phish spoofs the World Health Organization to convince the recipient to click the link and enter login credentials and then directs to a Google Drive-hosted PDF.

Learn More
Real Phishing Example: This invoice-themed phish uses a linked URL masquerading as a PDF attachment to direct the recipient to a Microsoft SharePoint-hosted page designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/14/2020

TACTIC: Link

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed phish uses a linked URL masquerading as a PDF attachment to direct the recipient to a Microsoft SharePoint-hosted page designed to steal credentials.

Learn More
Real Phishing Example: A document-themed phish delivers an image link to a malicious Microsoft Office Document that deploys the Remcos Remote Access Trojan.

ENVIRONMENTS: Proofpoint

TYPE: Remcos RAT

FOUND ON: 07/13/2020

TACTIC: Link

THEME: Document

PHISHING EXAMPLE DESCRIPTION: A document-themed phish delivers an image link to a malicious Microsoft Office Document that deploys the Remcos Remote Access Trojan.

Learn More
Real Phishing Example: This invoice-themed phishing attack promises a booking invoice but delivers a macro-enabled Microsoft Word document inside a ZIP archive that downloads the Dridex malware.

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 07/13/2020

TACTIC: Attachment-DOC

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed phishing attack promises a booking invoice but delivers a macro-enabled Microsoft Word document inside a ZIP archive that downloads the Dridex malware.

Real Phishing Example: This purchase order-themed phish includes a macro-enabled Microsoft Excel Binary (.xlsb) to download and execute the LolKek ransomware.

ENVIRONMENTS: Proofpoint

TYPE: LolKek

FOUND ON: 07/12/2020

TACTIC: Attachment-XLSB

THEME: Purchase Order

PHISHING EXAMPLE DESCRIPTION: This purchase order-themed phish includes a macro-enabled Microsoft Excel Binary (.xlsb) to download and execute the LolKek ransomware.

Real Phishing Example: This fax-themed phish encourages the recipient to open the attached .htm file which is designed to look like a Microsoft login page, capturing login credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/10/2020

TACTIC: Attachment-HTM

THEME: Fax

PHISHING EXAMPLE DESCRIPTION: This fax-themed phish encourages the recipient to open the attached .htm file which is designed to look like a Microsoft login page, capturing login credentials.

Real Phishing Example: This attack uses a purchase order theme to entice the recipient into clicking the embedded link to download this malicious keylogger.

ENVIRONMENTS: Proofpoint

TYPE: Agent Tesla

FOUND ON: 07/10/2020

TACTIC: Link

THEME: Purchase Order

PHISHING EXAMPLE DESCRIPTION: This attack uses a purchase order theme to entice the recipient into clicking the embedded link to download this malicious keylogger.

Learn More
Real Phishing Example: This invoice-themed attack delivers a password-protected .zip file, with password provided, which contains a macro-enabled Microsoft Office document. From there, the Ursnif malware is downloaded and deployed.

ENVIRONMENTS: Proofpoint

TYPE: Ursnif

FOUND ON: 07/09/2020

TACTIC: Attachment-ZIP

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed attack delivers a password-protected .zip file, with password provided, which contains a macro-enabled Microsoft Office document. From there, the Ursnif malware is downloaded and deployed.

Real Phishing Example: This invoice-themed phish uses a complex attack with Microsoft Excel macros and a VBS downloader to install ZLoader on the recipient’s machine.

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 07/09/2020

TACTIC: Attachment-XLS

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed phish uses a complex attack with Microsoft Excel macros and a VBS downloader to install ZLoader on the recipient’s machine.

Learn More
Real Phishing Example: This invoice-themed attack uses a macro-enabled Microsoft Excel file to deliver the Dridex malware.

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 07/08/2020

TACTIC: Attachment-XLSM

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed attack uses a macro-enabled Microsoft Excel file to deliver the Dridex malware.

Real Phishing Example: This invoice-themed attack uses image links pretending to be invoices to drive the recipient to download the Pyrogenic stealer malware.

ENVIRONMENTS: Proofpoint

TYPE: Pyrogenic Stealer

FOUND ON: 07/07/2020

TACTIC: Link

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed attack uses image links pretending to be invoices to drive the recipient to download the Pyrogenic stealer malware.

Real Phishing Example: This invoice-themed attack uses image links pretending to be invoices to drive the recipient to download the Pyrogenic stealer malware.

ENVIRONMENTS: Symantec

TYPE: Pyrogenic Stealer

FOUND ON: 07/07/2020

TACTIC: Link

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed attack uses image links pretending to be invoices to drive the recipient to download the Pyrogenic stealer malware.

Real Phishing Example: This attack uses a purchase order theme to deliver an attached .html file that will direct the recipient to download the Agent Tesla malware.

ENVIRONMENTS: Proofpoint

TYPE: Agent Tesla

FOUND ON: 07/07/2020

TACTIC: Attachment-HTML

THEME: Purchase Order

PHISHING EXAMPLE DESCRIPTION: This attack uses a purchase order theme to deliver an attached .html file that will direct the recipient to download the Agent Tesla malware.

Learn More
Real Phishing Example: This mail storage-themed attack directs the recipient to a credential harvesting page customized with the recipient’s email domain name, lending a sense of veracity to the site.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/06/2020

TACTIC: Link

THEME: Mail Storage

PHISHING EXAMPLE DESCRIPTION: This mail storage-themed attack directs the recipient to a credential harvesting page customized with the recipient’s email domain name, lending a sense of veracity to the site.

Real Phishing Example: This finance-themed attack uses Microsoft OneDrive to host a malicious OneNote document that steals Office365 credentials before redirecting the recipient to a real Microsoft page.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/06/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed attack uses Microsoft OneDrive to host a malicious OneNote document that steals Office365 credentials before redirecting the recipient to a real Microsoft page.

Real Phishing Example: This finance-themed attack spoofs a popular brand to convince the recipient to click and targets banking credentials, potentially giving the attackers access to the bank account of the recipient.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/06/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed attack spoofs a popular brand to convince the recipient to click and targets banking credentials, potentially giving the attackers access to the bank account of the recipient.

Real Phishing Example: This finance-themed attack spoofs a popular brand to convince the recipient to click and targets banking credentials, potentially giving the attackers access to the bank account of the recipient.

ENVIRONMENTS: Mimecast

TYPE: Credential Theft

FOUND ON: 07/06/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed attack spoofs a popular brand to convince the recipient to click and targets banking credentials, potentially giving the attackers access to the bank account of the recipient.

Real Phishing Example: This Coronavirus-themed phish delivers a link hosted on a trusted SharePoint site to capture login credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/01/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed phish delivers a link hosted on a trusted SharePoint site to capture login credentials.

Real Phishing Example: This finance-themed phishing attack delivers attached .html files to steal corporate credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/01/2020

TACTIC: Attachment-HTML

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed phishing attack delivers attached .html files to steal corporate credentials.

Real Phishing Example: This Coronavirus-themed phish uses SharePoint URLs to host credential-stealing pages.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 07/01/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed phish uses SharePoint URLs to host credential-stealing pages.

Learn More
Real Phishing Example: This Coronavirus-themed phish uses an embedded URL which prompts for login credentials then sends the recipient to a legitimate-looking PDF.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/29/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed phish uses an embedded URL which prompts for login credentials then sends the recipient to a legitimate-looking PDF.

Real Phishing Example: This notification-themed phish spoofs a European provider of credit and payment cards to trick victims into turning over their credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/28/2020

TACTIC: Link

THEME: Notification

PHISHING EXAMPLE DESCRIPTION: This notification-themed phish spoofs a European provider of credit and payment cards to trick victims into turning over their credentials.

Real Phishing Example: This finance-themed attack delivers OneDrive URLs to the unsuspecting victim, leading them to download the Mass Logger malware.

ENVIRONMENTS: Proofpoint

TYPE: Mass Logger

FOUND ON: 06/28/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed attack delivers OneDrive URLs to the unsuspecting victim, leading them to download the Mass Logger malware.

Learn More
Real Phishing Example: This voicemail-themed email delivers a .htm file pretending to be a short voice message but instead spoofs Microsoft URLs with the intent to harvest login credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/26/2020

TACTIC: Attachment-HTM

THEME: Voicemail

PHISHING EXAMPLE DESCRIPTION: This voicemail-themed email delivers a .htm file pretending to be a short voice message but instead spoofs Microsoft URLs with the intent to harvest login credentials.

Real Phishing Example: This purchase order-themed phish delivers an embedded URL to the FireBird Remote Access Trojan variant known as Hive.

ENVIRONMENTS: Proofpoint

TYPE: Hive

FOUND ON: 06/25/2020

TACTIC: Link

THEME: Purchase Order

PHISHING EXAMPLE DESCRIPTION: This purchase order-themed phish delivers an embedded URL to the FireBird Remote Access Trojan variant known as Hive.

Real Phishing Example: This invoice themed attack uses an old XLS format with macros to trick its victims into opening the attachment to deliver ZLoader

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 06/25/2020

TACTIC: Attachment-XLS

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice themed attack uses an old XLS format with macros to trick its victims into opening the attachment to deliver ZLoader

Real Phishing Example: This phish leverages a trusted cloud storage service to capture login credentials from the Danish-speaking victim.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/24/2020

TACTIC: Link

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This phish leverages a trusted cloud storage service to capture login credentials from the Danish-speaking victim.

Learn More
Real Phishing Example: This finance-themed attack uses an embedded URL to compromise victims, delivering the NetWire Remote Access Trojan.

ENVIRONMENTS: Proofpoint

TYPE: NetWire

FOUND ON: 06/24/2020

TACTIC: Link

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: This finance-themed attack uses an embedded URL to compromise victims, delivering the NetWire Remote Access Trojan.

Learn More
Real Phishing Example: This invoice-themed phish includes an embedded URL to download a .7z archive. Inside the archive is the ever-popular Agent Tesla.

ENVIRONMENTS: Proofpoint

TYPE: Agent Tesla

FOUND ON: 06/24/2020

TACTIC: Link

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed phish includes an embedded URL to download a .7z archive. Inside the archive is the ever-popular Agent Tesla.

Learn More
Real Phishing Example: This phishing attack used Microsoft Excel documents to deliver Dridex to the inbox.

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 06/22/2020

TACTIC: Attachment-XLSM

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This phishing attack used Microsoft Excel documents to deliver Dridex to the inbox.

Learn More
Real Phishing Example: This profile-themed phish spoofs a state agency to capture credentials that are exfiltrated using Google forms.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/22/2020

TACTIC: Link

THEME: Profile

PHISHING EXAMPLE DESCRIPTION: This profile-themed phish spoofs a state agency to capture credentials that are exfiltrated using Google forms.

Real Phishing Example: This invoice-themed phish delivers an XLS attachment that uses macros to deliver ZLoader via a VBS chain.

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 06/19/2020

TACTIC: Attachment-XLS

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This invoice-themed phish delivers an XLS attachment that uses macros to deliver ZLoader via a VBS chain.

Real Phishing Example: Malicious email with XLS attachment containing ZLoader malware.

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 06/19/2020

TACTIC: Attachment-Excel

PHISHING EXAMPLE DESCRIPTION: Malicious email with XLS attachment containing ZLoader malware.

Real Phishing Example: This attack uses the long outdated file type to execute macros that download ZLoader via a VBS chain.

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 06/19/2020

TACTIC: Attachment-XLS

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: This attack uses the long outdated file type to execute macros that download ZLoader via a VBS chain.

Learn More
Real Phishing Example: A document-themed attack delivering a web page (.htm) that spoofs a Microsoft login page to harvest credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/18/2020

TACTIC: Attachment-HTM

THEME: Document

PHISHING EXAMPLE DESCRIPTION: A document-themed attack delivering a web page (.htm) that spoofs a Microsoft login page to harvest credentials.

Real Phishing Example: Spoofing a state government office, this phish delivers macro-laden Microsoft Office documents via an embedded link to a SharePoint site requiring a password for access. The victim will download the TrickBot malware.

ENVIRONMENTS: Proofpoint

TYPE: TrickBot

FOUND ON: 06/18/2020

TACTIC: Link

THEME: Document

PHISHING EXAMPLE DESCRIPTION: Spoofing a state government office, this phish delivers macro-laden Microsoft Office documents via an embedded link to a SharePoint site requiring a password for access. The victim will download the TrickBot malware.

Real Phishing Example: This Coronavirus-themed phishing attack uses Java shortcut files – .jnlp – that pull down a Java Archive (.jar) which then downloads and runs the Trickbot trojan.

ENVIRONMENTS: Proofpoint

TYPE: TrickBot

FOUND ON: 06/17/2020

TACTIC: Attachment-JNLP

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed phishing attack uses Java shortcut files – .jnlp – that pull down a Java Archive (.jar) which then downloads and runs the Trickbot trojan.

Real Phishing Example: This document-themed phish includes a Microsoft Word attachment that leverages a pair of Microsoft Office vulnerabilities (CVE-2017-0199 and CVE-2017-11882) to download a DotNETLoader to install the Remcos Remote Access Trojan.

ENVIRONMENTS: Proofpoint

TYPE: Remcos RAT

FOUND ON: 06/17/2020

TACTIC: Attachment-DOCX

THEME: Document

PHISHING EXAMPLE DESCRIPTION: This document-themed phish includes a Microsoft Word attachment that leverages a pair of Microsoft Office vulnerabilities (CVE-2017-0199 and CVE-2017-11882) to download a DotNETLoader to install the Remcos Remote Access Trojan.

Learn More
Real Phishing Example: This response-themed attack makes use of Firefox Send to deliver a password-protected archive containing VBScripts that will download and run the Ursnif malware.

ENVIRONMENTS: Proofpoint

TYPE: Ursnif

FOUND ON: 06/17/2020

TACTIC: Link

THEME: Response

PHISHING EXAMPLE DESCRIPTION: This response-themed attack makes use of Firefox Send to deliver a password-protected archive containing VBScripts that will download and run the Ursnif malware.

Learn More
Real Phishing Example: Pretending to be an international logistics company with some shipment information, the attached .zip file contains a macro-enabled Microsoft Office document that displays a fake invoice while silently installing the Dridex malware.

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 06/16/2020

TACTIC: Attachment-ZIP

THEME: Invoice

PHISHING EXAMPLE DESCRIPTION: Pretending to be an international logistics company with some shipment information, the attached .zip file contains a macro-enabled Microsoft Office document that displays a fake invoice while silently installing the Dridex malware.

Real Phishing Example: A finance-themed phish uses a macro-enabled Microsoft Excel attachment to deliver the Dridex malware.

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 06/15/2020

TACTIC: Attachment-XLSM

THEME: Finance

PHISHING EXAMPLE DESCRIPTION: A finance-themed phish uses a macro-enabled Microsoft Excel attachment to deliver the Dridex malware.

Learn More
Real Phishing Example: The delivery-themed phishing example targets organizations in Thailand promising shipping information at the embedded link. The victim will end up with a case of Agent Tesla.

ENVIRONMENTS: Proofpoint

TYPE: Agent Tesla

FOUND ON: 06/15/2020

TACTIC: Link

THEME: Delivery

PHISHING EXAMPLE DESCRIPTION: The delivery-themed phishing example targets organizations in Thailand promising shipping information at the embedded link. The victim will end up with a case of Agent Tesla.

Learn More
Real Phishing Example: This purchase order-themed phish delivered a .zipx attachment that was actually a RAR archive. The attackers were kind enough to instruct the recipient what software to use to access the NanoCore Remote Access Trojan within.

ENVIRONMENTS: Proofpoint

TYPE: NanoCore

FOUND ON: 06/11/2020

TACTIC: Attachment-Zipx

THEME: Purchase Order

PHISHING EXAMPLE DESCRIPTION: This purchase order-themed phish delivered a .zipx attachment that was actually a RAR archive. The attackers were kind enough to instruct the recipient what software to use to access the NanoCore Remote Access Trojan within.

Learn More
Real Phishing Example: This Coronavirus-themed attack delivers an HTML attachment that spoofs Adobe to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/11/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: This Coronavirus-themed attack delivers an HTML attachment that spoofs Adobe to steal credentials.

Learn More
Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 06/9/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish delivering a malicious Word attachment.

ENVIRONMENTS: O365-ATP

TYPE: IceID

FOUND ON: 06/8/2020

TACTIC: Attachment-Word

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish delivering a malicious Word attachment.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 06/1/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 06/1/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 6/9/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish delivering a malicious Word attachment.

ENVIRONMENTS: O365-EOP

TYPE: IceID

FOUND ON: 6/8/2020

TACTIC: Attachment-Word

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish delivering a malicious Word attachment.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 6/1/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Sextortion-themed phish designed to intimidate a user to pay a ransom.

ENVIRONMENTS: Mimecast

TYPE:

FOUND ON: 05/20/2020

THEME: Sextortion

PHISHING EXAMPLE DESCRIPTION: Sextortion-themed phish designed to intimidate a user to pay a ransom.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: TrendMicro

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 5/13/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/4/2020

TACTIC: Attachment-Image w/URL

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/13/2020

TACTIC: Attachment-Image w/URL

PHISHING EXAMPLE DESCRIPTION: Phishing attack includes image link designed to steal credentials.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/4/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/13/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/19/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/6/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Sextortion-themed phish designed to intimidate a user to pay a ransom.

ENVIRONMENTS: O365-EOP

TYPE:

FOUND ON: 5/20/2020

THEME: Sextortion

PHISHING EXAMPLE DESCRIPTION: Sextortion-themed phish designed to intimidate a user to pay a ransom.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: Attachment-Image w/URL

PHISHING EXAMPLE DESCRIPTION: Phishing attack includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/19/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/11/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/19/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/11/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into performing a financial transaction.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into performing a financial transaction.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 5/19/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/11/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/19/2020

TACTIC: Attachment-Image w/URL

PHISHING EXAMPLE DESCRIPTION: Phishing attack includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to direct victim to a malicious website.

ENVIRONMENTS: O365-EOP

TYPE: DocuSign

FOUND ON: 5/11/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to direct victim to a malicious website.

Real Phishing Example: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: Attachment-Image w/URL

PHISHING EXAMPLE DESCRIPTION: Phishing attack includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/5/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: Attachment-Image w/URL

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 5/13/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: TrendMicro

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 5/4/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into performing a financial transaction.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 5/13/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into performing a financial transaction.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: O365-EOP

TYPE: zloader

FOUND ON: 4/7/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

Real Phishing Example: Coronavirus-themed phishing attack delivers a malicious zip file.

ENVIRONMENTS: O365-EOP

TYPE: Malicious Zip

FOUND ON: 4/2/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a malicious zip file.

Real Phishing Example: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: Cisco Ironport

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

Real Phishing Example: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/28/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers a bzipped VPS attachment that delivers the Lime njRAT malware.

ENVIRONMENTS: O365-ATP

TYPE: Lime njRAT

FOUND ON: 04/3/2020

TACTIC: Attachment-VBS

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a bzipped VPS attachment that delivers the Lime njRAT malware.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/16/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish delivers a link to a Dropbox-hosted malware installer.

ENVIRONMENTS: O365-EOP

TYPE: Malware via Dropbox

FOUND ON: 4/22/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish delivers a link to a Dropbox-hosted malware installer.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to install the TrickBot malware.

ENVIRONMENTS: Proofpoint

TYPE: TrickBot

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to install the TrickBot malware.

Real Phishing Example: Coronavirus-themed phish includes an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: O365-EOP

TYPE: FormBook

FOUND ON: 4/7/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an iso attachment designed to install the FormBook malware.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/2/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers a link to a Google-hosted Qarallax Remote Access Trojan installer.

ENVIRONMENTS: Mimecast

TYPE: Qarallax RAT-via Google Drive

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a link to a Google-hosted Qarallax Remote Access Trojan installer.

Real Phishing Example: Remote Work-virus themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/28/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-virus themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: O365-EOP

TYPE: FormBook

FOUND ON: 4/15/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment designed to install the FormBook malware.

Real Phishing Example: Coronavirus-themed phish includes a password-protected Word attachment designed to deliver malware.

ENVIRONMENTS: Proofpoint

TYPE: Malicious Payload

FOUND ON: 04/3/2020

TACTIC: Attachment-Word

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes a password-protected Word attachment designed to deliver malware.

Real Phishing Example: Business Email Compromise attempts to lure victim into assisting with a financial transaction.

ENVIRONMENTS: Symantec

TYPE: BEC / CEO Fraud

FOUND ON: 04/16/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into assisting with a financial transaction.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/21/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into performing a wire transfer.

ENVIRONMENTS: Symantec

TYPE: BEC / CEO Fraud

FOUND ON: 04/10/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into performing a wire transfer.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials and install the FormGrabber keylogger.

ENVIRONMENTS: O365-EOP

TYPE: Credential; FormGrabber

FOUND ON: 4/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials and install the FormGrabber keylogger.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/2/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/24/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to install the Chantor malware.

ENVIRONMENTS: O365-EOP

TYPE: Chantor

FOUND ON: 4/14/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to install the Chantor malware.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: Symantec

TYPE: BEC / CEO Fraud

FOUND ON: 04/16/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

Real Phishing Example: Business Email Compromise attempts to lure victim into changing direct deposit information.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/21/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into changing direct deposit information.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: Proofpoint

TYPE: zloader

FOUND ON: 04/10/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/6/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/17/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/8/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/24/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: Cisco Ironport

TYPE: FormBook

FOUND ON: 04/15/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment designed to install the FormBook malware.

Real Phishing Example: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/21/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/23/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/30/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/17/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/8/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/24/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers a link to a Google-hosted Qarallax Remote Access Trojan installer.

ENVIRONMENTS: O365-EOP

TYPE: Qarallax RAT-via Google Drive

FOUND ON: 4/21/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a link to a Google-hosted Qarallax Remote Access Trojan installer.

Real Phishing Example: Coronavirus-themed phishing attack delivers an iso attachment that installs the Remcos RAT

ENVIRONMENTS: Cisco Ironport

TYPE: Remcos RAT

FOUND ON: 04/23/2020

TACTIC: Attachment-ISO

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment that installs the Remcos RAT

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Remote Work-themed phish designed to install malware.

ENVIRONMENTS: O365-EOP

TYPE: Malware

FOUND ON: 4/3/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to install malware.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/16/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: Cisco Ironport

TYPE: zloader

FOUND ON: 04/7/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

Real Phishing Example: Coronavirus-themed phish designed to install the Netwire Remote Access Trojan

ENVIRONMENTS: O365-ATP

TYPE: Netwire RAT

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to install the Netwire Remote Access Trojan

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/24/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to install the TrickBot malware.

ENVIRONMENTS: O365-EOP

TYPE: TrickBot

FOUND ON: 4/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to install the TrickBot malware.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/29/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/21/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/22/2020

TACTIC: BEC

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/3/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into assisting with a financial transaction.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/16/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into assisting with a financial transaction.

Real Phishing Example: Coronavirus-themed phish includes an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: Cisco Ironport

TYPE: FormBook

FOUND ON: 04/7/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an iso attachment designed to install the FormBook malware.

Real Phishing Example: Coronavirus-themed phishing attack delivers a malicious zip file.

ENVIRONMENTS: TrendMicro

TYPE: Malicious Zip

FOUND ON: 04/2/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a malicious zip file.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/23/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: O365-EOP

TYPE: zloader

FOUND ON: 4/10/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

Real Phishing Example: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/28/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/21/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

Real Phishing Example: Coronavirus-themed phishing attack delivers a link to an Agent Tesla installer.

ENVIRONMENTS: Mimecast

TYPE: Keylogger - Agent Tesla

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a link to an Agent Tesla installer.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers a bzipped VPS attachment that delivers the Lime njRAT malware.

ENVIRONMENTS: O365-EOP

TYPE: Lime njRAT

FOUND ON: 4/3/2020

TACTIC: Attachment-VBS

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers a bzipped VPS attachment that delivers the Lime njRAT malware.

Real Phishing Example: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/16/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials and install the FormGrabber keylogger.

ENVIRONMENTS: Proofpoint

TYPE: Credential; FormGrabber

FOUND ON: 04/7/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials and install the FormGrabber keylogger.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/2/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phishing attack delivers an iso attachment that installs the Remcos RAT

ENVIRONMENTS: O365-EOP

TYPE: Remcos RAT

FOUND ON: 4/23/2020

TACTIC: Attachment-ISO

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment that installs the Remcos RAT

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/1/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/28/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/20/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish delivers a link to a Dropbox-hosted malware installer.

ENVIRONMENTS: Mimecast

TYPE: Malware via Dropbox

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish delivers a link to a Dropbox-hosted malware installer.

Real Phishing Example: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

PHISHING EXAMPLE DESCRIPTION: Phishing attacked designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes a password-protected Word attachment designed to deliver malware.

ENVIRONMENTS: O365-EOP

TYPE: Malicious Payload

FOUND ON: 4/3/2020

TACTIC: Attachment-Word

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes a password-protected Word attachment designed to deliver malware.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/6/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/2/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365-EOP

TYPE: BEC / CEO Fraud

FOUND ON: 4/22/2020

TACTIC: BEC

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/1/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/28/2020

TACTIC: BEC

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

Real Phishing Example: Coronavirus-themed phish designed to install the Chantor malware.

ENVIRONMENTS: Symantec

TYPE: Chantor

FOUND ON: 04/14/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to install the Chantor malware.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/8/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to install the Netwire Remote Access Trojan

ENVIRONMENTS: O365-EOP

TYPE: Netwire RAT

FOUND ON: 4/20/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to install the Netwire Remote Access Trojan

Real Phishing Example: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/3/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/15/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Remote Work-themed phish designed to install malware.

ENVIRONMENTS: Mimecast

TYPE: Malware

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-themed phish designed to install malware.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/17/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/22/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes a pdf attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/1/2020

TACTIC: Attachment-PDF w/ Links

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes a pdf attachment designed to steal credentials.

Real Phishing Example: Remote Work-virus themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: Credential Phish

FOUND ON: 04/28/2020

TACTIC: URL

THEME: Remote Work

PHISHING EXAMPLE DESCRIPTION: Remote Work-virus themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: Credential Phish

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/8/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

Real Phishing Example: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-EOP

TYPE: Credential Phish

FOUND ON: 4/20/2020

TACTIC: URL

THEME: Coronavirus

PHISHING EXAMPLE DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

Real Phishing Example: Business Email Compromise attempts to lure victim into changing direct deposit information.

ENVIRONMENTS: Cisco Ironport

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

PHISHING EXAMPLE DESCRIPTION: Business Email Compromise attempts to lure victim into changing direct deposit information.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.