Filter by SEG

SEG

Tactic

Theme

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 06/19/2020

TACTIC: Attachment-Excel

DESCRIPTION: Malicious email with XLS attachment containing ZLoader malware.

ENVIRONMENTS: Proofpoint

TYPE: ZLoader

FOUND ON: 06/19/2020

TACTIC: Attachment-XLS

THEME: Invoice

DESCRIPTION: This invoice-themed phish delivers an XLS attachment that uses macros to deliver ZLoader via a VBS chain.

ENVIRONMENTS: Proofpoint

TYPE: TrickBot

FOUND ON: 06/18/2020

TACTIC: Link

THEME: Document

DESCRIPTION: Spoofing a state government office, this phish delivers macro-laden Microsoft Office documents via an embedded link to a SharePoint site requiring a password for access. The victim will download the TrickBot malware.

ENVIRONMENTS: O365

TYPE: TrickBot

FOUND ON: 06/18/2020

TACTIC: Link

THEME: Document

DESCRIPTION: Spoofing a state government office, this phish delivers macro-laden Microsoft Office documents via an embedded link to a SharePoint site requiring a password for access. The victim will download the TrickBot malware.

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/18/2020

TACTIC: Attachment-HTM

THEME: Document

DESCRIPTION: A document-themed attack delivering a web page (.htm) that spoofs a Microsoft login page to harvest credentials.

ENVIRONMENTS: Proofpoint

TYPE: TrickBot

FOUND ON: 06/17/2020

TACTIC: Attachment-JNLP

THEME: Coronavirus

DESCRIPTION: This Coronavirus-themed phishing attack uses Java shortcut files – .jnlp – that pull down a Java Archive (.jar) which then downloads and runs the Trickbot trojan.

ENVIRONMENTS: Kaspersky

TYPE: Remcos RAT

FOUND ON: 06/17/2020

TACTIC: Attachment-DOCX

THEME: Document

DESCRIPTION: This document-themed phish includes a Microsoft Word attachment that leverages a pair of Microsoft Office vulnerabilities (CVE-2017-0199 and CVE-2017-11882) to download a DotNETLoader to install the Remcos Remote Access Trojan.

Learn More

ENVIRONMENTS: O365

TYPE: TrickBot

FOUND ON: 06/17/2020

TACTIC: Attachment-JNLP

THEME: Coronavirus

DESCRIPTION: This Coronavirus-themed phishing attack uses Java shortcut files – .jnlp – that pull down a Java Archive (.jar) which then downloads and runs the Trickbot trojan.

ENVIRONMENTS: Proofpoint

TYPE: Ursnif

FOUND ON: 06/17/2020

TACTIC: Link

THEME: Response

DESCRIPTION: This response-themed attack makes use of Firefox Send to deliver a password-protected archive containing VBScripts that will download and run the Ursnif malware.

Learn More

ENVIRONMENTS: O365

TYPE: Ursnif

FOUND ON: 06/17/2020

TACTIC: Link

THEME: Response

DESCRIPTION: This response-themed attack makes use of Firefox Send to deliver a password-protected archive containing VBScripts that will download and run the Ursnif malware.

Learn More

ENVIRONMENTS: Proofpoint

TYPE: Remcos RAT

FOUND ON: 06/17/2020

TACTIC: Attachment-DOCX

THEME: Document

DESCRIPTION: This document-themed phish includes a Microsoft Word attachment that leverages a pair of Microsoft Office vulnerabilities (CVE-2017-0199 and CVE-2017-11882) to download a DotNETLoader to install the Remcos Remote Access Trojan.

Learn More

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 06/16/2020

TACTIC: Attachment-ZIP

THEME: Invoice

DESCRIPTION: Pretending to be an international logistics company with some shipment information, the attached .zip file contains a macro-enabled Microsoft Office document that displays a fake invoice while silently installing the Dridex malware.

ENVIRONMENTS: O365

TYPE: Dridex

FOUND ON: 06/16/2020

TACTIC: Attachment-ZIP

THEME: Invoice

DESCRIPTION: Pretending to be an international logistics company with some shipment information, the attached .zip file contains a macro-enabled Microsoft Office document that displays a fake invoice while silently installing the Dridex malware.

ENVIRONMENTS: O365

TYPE: Dridex

FOUND ON: 06/15/2020

TACTIC: Attachment-XLSM

THEME: Finance

DESCRIPTION: A finance-themed phish uses a macro-enabled Microsoft Excel attachment to deliver the Dridex malware.

Learn More

ENVIRONMENTS: Proofpoint

TYPE: Dridex

FOUND ON: 06/15/2020

TACTIC: Attachment-XLSM

THEME: Finance

DESCRIPTION: A finance-themed phish uses a macro-enabled Microsoft Excel attachment to deliver the Dridex malware.

Learn More

ENVIRONMENTS: Proofpoint

TYPE: Agent Tesla

FOUND ON: 06/15/2020

TACTIC: Link

THEME: Delivery

DESCRIPTION: The delivery-themed phishing example targets organizations in Thailand promising shipping information at the embedded link. The victim will end up with a case of Agent Tesla.

Learn More

ENVIRONMENTS: O365

TYPE: Agent Tesla

FOUND ON: 06/15/2020

TACTIC: Link

THEME: Delivery

DESCRIPTION: The delivery-themed phishing example targets organizations in Thailand promising shipping information at the embedded link. The victim will end up with a case of Agent Tesla.

Learn More

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 06/12/2020

TACTIC: URL

DESCRIPTION: Phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: NanoCore

FOUND ON: 06/11/2020

TACTIC: Attachment-Zipx

THEME: Purchase Order

DESCRIPTION: This purchase order-themed phish delivered a .zipx attachment that was actually a RAR archive. The attackers were kind enough to instruct the recipient what software to use to access the NanoCore Remote Access Trojan within.

Learn More

ENVIRONMENTS: O365

TYPE: NanoCore

FOUND ON: 06/11/2020

TACTIC: Attachment-Zipx

THEME: Purchase Order

DESCRIPTION: This purchase order-themed phish delivered a .zipx attachment that was actually a RAR archive. The attackers were kind enough to instruct the recipient what software to use to access the NanoCore Remote Access Trojan within.

Learn More

ENVIRONMENTS: Proofpoint

TYPE: Credential Theft

FOUND ON: 06/11/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: This Coronavirus-themed attack delivers an HTML attachment that spoofs Adobe to steal credentials.

Learn More

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 06/9/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 06/9/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: IceID

FOUND ON: 06/8/2020

TACTIC: Attachment-Word

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish delivering a malicious Word attachment.

ENVIRONMENTS: O365-ATP

TYPE: IceID

FOUND ON: 06/8/2020

TACTIC: Attachment-Word

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish delivering a malicious Word attachment.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 06/1/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 06/1/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 06/1/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/19/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: Attachment-Image w/URL

DESCRIPTION: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: Attachment-Image w/URL

DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 05/19/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: Attachment-Image w/URL

DESCRIPTION: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: Attachment-Image w/URL

DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: DocuSign

FOUND ON: 05/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to direct victim to a malicious website.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: Attachment-Image w/URL

DESCRIPTION: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: Attachment-Image w/URL

DESCRIPTION: Phishing attack includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: TrendMicro

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE:

FOUND ON: 05/20/2020

THEME: Sextortion

DESCRIPTION: Sextortion-themed phish designed to intimidate a user to pay a ransom.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE:

FOUND ON: 05/20/2020

THEME: Sextortion

DESCRIPTION: Sextortion-themed phish designed to intimidate a user to pay a ransom.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/6/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: TrendMicro

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into performing a financial transaction.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/5/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 05/13/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into performing a financial transaction.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 05/4/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 05/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 05/19/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Lime njRAT

FOUND ON: 04/3/2020

TACTIC: Attachment-VBS

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a bzipped VPS attachment that delivers the Lime njRAT malware.

ENVIRONMENTS: O365

TYPE: Keylogger - Agent Tesla

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a link to an Agent Tesla installer.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/16/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into assisting with a financial transaction.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/28/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: FormBook

FOUND ON: 04/7/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/2/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: BEC / CEO Fraud

FOUND ON: 04/10/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into performing a wire transfer.

ENVIRONMENTS: O365

TYPE: Lime njRAT

FOUND ON: 04/3/2020

TACTIC: Attachment-VBS

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a bzipped VPS attachment that delivers the Lime njRAT malware.

ENVIRONMENTS: Mimecast

TYPE: Malware via Dropbox

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish delivers a link to a Dropbox-hosted malware installer.

ENVIRONMENTS: Symantec

TYPE: BEC / CEO Fraud

FOUND ON: 04/16/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into assisting with a financial transaction.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/28/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential; FormGrabber

FOUND ON: 04/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials and install the FormGrabber keylogger.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/2/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: zloader

FOUND ON: 04/10/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: Proofpoint

TYPE: Malicious Payload

FOUND ON: 04/3/2020

TACTIC: Attachment-Word

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes a password-protected Word attachment designed to deliver malware.

ENVIRONMENTS: O365

TYPE: Malware via Dropbox

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish delivers a link to a Dropbox-hosted malware installer.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/16/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/28/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365

TYPE: FormBook

FOUND ON: 04/15/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: Proofpoint

TYPE: Credential; FormGrabber

FOUND ON: 04/7/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials and install the FormGrabber keylogger.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/23/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/2/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: O365

TYPE: zloader

FOUND ON: 04/10/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: O365

TYPE: Malicious Payload

FOUND ON: 04/3/2020

TACTIC: Attachment-Word

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes a password-protected Word attachment designed to deliver malware.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: BEC / CEO Fraud

FOUND ON: 04/16/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into sending financial documents.

ENVIRONMENTS: Cisco Ironport

TYPE: Credential Phish

FOUND ON: 04/28/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-virus themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365

TYPE: Chantor

FOUND ON: 04/14/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to install the Chantor malware.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/6/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/23/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/2/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: FormBook

FOUND ON: 04/15/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/8/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/28/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-virus themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Chantor

FOUND ON: 04/14/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to install the Chantor malware.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/6/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: Remcos RAT

FOUND ON: 04/23/2020

TACTIC: Attachment-ISO

DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment that installs the Remcos RAT

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/17/2020

TACTIC: BEC

THEME: Coronavirus

DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into changing direct deposit information.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/8/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/30/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Remcos RAT

FOUND ON: 04/23/2020

TACTIC: Attachment-ISO

DESCRIPTION: Coronavirus-themed phishing attack delivers an iso attachment that installs the Remcos RAT

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/17/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into changing direct deposit information.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/8/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Netwire RAT

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to install the Netwire Remote Access Trojan

ENVIRONMENTS: Cisco Ironport

TYPE: Credential Phish

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Malware

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to install malware.

ENVIRONMENTS: Proofpoint

TYPE: BEC / CEO Fraud

FOUND ON: 04/22/2020

TACTIC: BEC

THEME: Remote Work

DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/17/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/8/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Netwire RAT

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to install the Netwire Remote Access Trojan

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Malware

FOUND ON: 04/3/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to install malware.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/22/2020

TACTIC: BEC

THEME: Remote Work

DESCRIPTION: Business Email Compromise attempts to lure victim into purchasing gift cards.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/16/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: Attachment-PDF w/ Links

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes a pdf attachment designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/29/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 04/21/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: zloader

FOUND ON: 04/7/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/20/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 04/16/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/29/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Qarallax RAT-via Google Drive

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a link to a Google-hosted Qarallax Remote Access Trojan installer.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: zloader

FOUND ON: 04/7/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to deliver the zLoader malware.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Malicious Zip

FOUND ON: 04/2/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a malicious zip file.

ENVIRONMENTS: O365

TYPE: TrickBot

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to install the TrickBot malware.

ENVIRONMENTS: Cisco Ironport

TYPE: Credential Phish

FOUND ON: 04/3/2020

TACTIC: Attachment-Excel

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an Excel attachment designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Keylogger - Agent Tesla

FOUND ON: 04/22/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a link to an Agent Tesla installer.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/16/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 04/1/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 04/28/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Qarallax RAT-via Google Drive

FOUND ON: 04/21/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a link to a Google-hosted Qarallax Remote Access Trojan installer.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/15/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: FormBook

FOUND ON: 04/7/2020

TACTIC: Attachment-ISO

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an iso attachment designed to install the FormBook malware.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 04/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: TrendMicro

TYPE: Malicious Zip

FOUND ON: 04/2/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phishing attack delivers a malicious zip file.

ENVIRONMENTS: Proofpoint

TYPE: TrickBot

FOUND ON: 04/13/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to install the TrickBot malware.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 03/25/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 03/16/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/27/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/17/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/25/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 03/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

DESCRIPTION: Phishing attacked designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/27/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Malware

FOUND ON: 03/17/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: BEC / CEO Fraud

FOUND ON: 03/24/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/23/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work and Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/27/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Malware

FOUND ON: 03/17/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: BEC / CEO Fraud

FOUND ON: 03/24/2020

TACTIC: BEC

DESCRIPTION: Business Email Compromise attempts to lure victim into responding.

ENVIRONMENTS: Mimecast

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/23/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work and Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/26/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Cisco Ironport

TYPE: Malware

FOUND ON: 03/17/2020

TACTIC: URL

DESCRIPTION: Phishing attack delivers a malicious link.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/19/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 03/26/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Malware

FOUND ON: 03/17/2020

TACTIC: URL

DESCRIPTION: Phishing attack delivers a malicious link.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365-ATP

TYPE: Credential Phish-Dropbox

FOUND ON: 03/30/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/19/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/26/2020

TACTIC: URL

THEME: Remote Work

DESCRIPTION: Remote Work-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/16/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/31/2020

TACTIC: Attachment-HTML

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an html attachment designed to steal credentials.

ENVIRONMENTS: Proofpoint

TYPE: Credential Phish

FOUND ON: 03/24/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish

FOUND ON: 03/11/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: O365

TYPE: Credential Phish-Dropbox

FOUND ON: 03/30/2020

TACTIC: URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish designed to steal credentials.

ENVIRONMENTS: Symantec

TYPE: Credential Phish

FOUND ON: 03/19/2020

TACTIC: Attachment-Image w/URL

THEME: Coronavirus

DESCRIPTION: Coronavirus-themed phish includes an image link designed to steal credentials.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.