"ask huntress : fake. xps invoice leading to credential phishing every so often, the huntress threatops team receives questions from our partners asking for our perspective on it security and malware related issues. we typically respond with quick / tactical feedback and close the…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
88%
". on windows, the built - in xps viewer software will natively open these for you. based on the attachment file name “ victimcompany _ 6 _ 4 _ 2018 67389 _ pdf. xps ”, it appeared the attacker attempted to convince recipients that this file was actually a form of. pdf file. upon …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
82%
"##y ” subdirectory to the web address. when our threatops team attempted to visit this site, it was already taken down. however, the fantastic urlscan. io website allowed us to recover a screenshot of what a similar credential harvesting attempt on the same subdomain looked like …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.001Spearphishing Attachment
52%
"an email attachment from a victimcompany employee. in this particular case, the email was sent from an open mail relay so checking sender policy framework records could have screened this email ( assuming the domain published their spf records. with that being said, spf does not …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
41%
"problems with a layered security approach. to address this specific scenario, our team would prioritize user security training / validation and multi - factor authentication to give us the best bang for the buck! at huntress, we invented a new layer of security specifically desig…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.001Spearphishing Attachment
31%
"ask huntress : fake. xps invoice leading to credential phishing every so often, the huntress threatops team receives questions from our partners asking for our perspective on it security and malware related issues. we typically respond with quick / tactical feedback and close the…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Explore this phishing campaign used the age-old “Please remit payment” spiel to lure potential victims into opening the attached file.