#Emotet E4 URLs (1/2) hxxps://www[.]dl5[.]zahra-media[.]ir/dl5[.]zahra-media[.]ir/l34jaFq0PIh3/ hxxp://ciencias-exactas[.]com[.]ar/old/w/ hxxp://www[.]garagewestrotterdam[.]nl/wp-includes/6BYbSEM/

#Emotet Epoch 4 URLs (2/2) hxxp://www[.]geowf[.]ge/templates/TlbsO1F7p/ hxxp://kustens[.]com/A-Kus/stoyH/ hxxp://damiris[.]ro/img/QJ1iNu9KooBeLTN08srJ/

A particularly interesting #Emotet email in #France is spoofing "Chambre des Notaires de Paris." #Emotet emails are targeting many countries, including the United States, United Kingdom, Japan, Germany, Italy, France, Mexico, and Brazil.

Today Proofpoint observed the #Emotet E4 botnet delivering what seems to be a development build of a new #IcedID Loader. This module has the ID 2445 and directly downloads the IcedID bot.

New variant of #Emotet Excel lure, slight variation where "Relaunch Required" instructions (to bypass Office macro security measures) are in green box instead of yellow. Example file: W-9 form.xls 703d6f27c9b54b604f58d3d853c328f6cd51b8598af4dedb4ae0ddea3074ef38

#Sidewinder #APT d0ca92ce29456931ad14aed48c3ea93f 未命名的附件 00002[.]zip 5356a1193252b4fb2265fc8ac10327a1 .lnk hxxps://mailtsinghua[.]sinacn[.]co/3679/1/55554/2/0/0/0/m/files-94c98cfb/hta

Are you Small? Medium? Are you a business? I wrote a thing about you! Using ProofpointEssentials data Threat Insight found SMBs are hot targets for APT threat actors looking for key #espionage info, financial gain, or hoping to launch supply chain attacks proofpoint.com/us/blog/threat…

HTML cred phish for #India gov email portal. #APT 488ddfb1fec1408ecf7e9464246374c3 "letter dt 20.06.2023" > hxxp[:]//samedaywalkintub[.]ca/mail.gov.in/

Another #Spyder from #Sidewinder #APT - Md5 930f288c9f9ed516f7eaec8f1ccbfc02 hxxp[:]//libreofficeupdates[.]com/drive/files.php hxxp[:]//libreofficeupdates[.]com/drive/includes.php

Emails using #Tax lure spreading #404TDS URLs

🚩 #404TDS URLs: - https://select-holidays[.]com/vfk6c - http://khel999[.]com/vks6o - https://lookingthroughtheturn[.]com/vbu4b Lead to #Lumma Stealer from: - https://documents[.]notificationsapps[.]com/Document.iso C2: http://gapi-node[.]io/c2conf [+] Sample: