← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Email Phishing Attempt - DHL Package Delivery - pubmedia/affpartners
WHITE pubmedia, affpartners swirls57 2022-10-07 Modified: 2022-11-06
6
IOCs
LOW VOLUME
Email received advertising a package delivery from DHL that requires attention. The format appears to have multiple links in the form of HTML buttons however the entire email is a malicious redirect to a Google cloud storage hosted file.
phishingredirectGoogle Cloud
Indicators of Compromise (6)
All email domain hostname URL
TYPEINDICATORDESCRIPTIONCREATED
email admin@duspratuk.ca Extracted from header 2022-10-07
domain efianalytics.com 2022-10-07
email return@spaetoday.com 2022-10-07
hostname syro.kansasrant.com 2022-10-07
URL https://storage.googleapis.com/pemotion/tixrin.html#/Mkt5dUkyVTJqb0VLeFFVVjBqVjVBUGZIT1d0RGVLeUtnYm1xVXAvMncvaFJEQVhzRVdtclZ0U01qMThzSnEvOE40Z055eDdMS1VsTlI0RGVXQ3dMemp6VDQ3Q1NaaUpWby9YQjNtKzJWcHc9 The source redirect 2022-10-07
domain theshopu.com 2022-10-19
References (2)
↗ ? NOTIFICATION OF YOUR PACKAGE stratt3000#856121 ?.eml ↗ https://www.virustotal.com/gui/collection/141d98457979db861cda838057bc623a375f75214955d2225cd73a8f2646b067