Sveopšte phishing/SPAM kampanje

[milos_rs]

   

Mejl poslat sa verovatno kompromitovanog mejl servera hrvatske firme slisko.info, a pretenduje da je [email protected]

zavodue.org.rs je Zavod za javno zdravlje Užice


   

prilog je:

   

https://www.virustotal.com/gui/file/2a8b...17ae5887fe

prilog detektovan kao malver iz porodice VIPKeylogger - VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

šlag na tortu, zavodue.org.rs uopšte nema SPF zapis: 

Code:

Received-SPF: None (protection.outlook.com: zavodue.org.rs does not designate
permitted sender hosts)

[milos_rs]

verovatno kompromitovan profil 

   

   

link je tinyurl .com/gigatron-xiaomi-rs koji vodi na ovo ludilo:

Code:

https://birevolabs.site/R2SFGWB2?utm_creative=ad.name&utm_campaign=campaign.name&utm_source=site_source_name&utm_placement=placement&campaign_id=campaign.id&adset_id=adset.id&ad_id=ad.id&adset_name=adset.name&buyer=web_np&target=adset.name&creo=ad.name&idpxl=1250264406489283&source=facebook&account_id=account.id&token=token&firstName=firstName&lastName=lastName&address=address&city=city&phone=phone&email=email&zip=zip&brandName=brandName&productName=productName&imagePath=imagePath

nisam uspeo da trigerujem fišing stranicu, samo dobijem lažnu mamac stranicu:

   

[milos_rs]

   

   

attachment je https://www.virustotal.com/gui/file/de45...df0eed11d2

a kad se otpakuje arhiva https://www.virustotal.com/gui/file/3660...d6bc07ae44

[milos_rs]

   

[milos_rs]

   

   

attachment je https://www.virustotal.com/gui/file/be63...ca7154c855

[milos_rs]