Trusted Design

Fake OWA Page

概要

We just ran the entire scenario in the sandbox. No subsequent processes were triggered. This seems like a reconnaissance exercise at this stage where the intent is to gather relevant data for god knows what (publish details in darknet, access emails to fetch address book, attach files with the intention be executed by the target, send emails on behalf, ,,,,,). From the chatter I've seen it seems like this is design to build a contact list/directory. This is info is hidden in the javascript behind the code once you click the send button and it seems like it is sending the info to a hashed email addresses.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Veil-Framework Infects Victims of Targeted OWA Phishing Attack (score: 0.59)
• CoT Email 20171103 (score: 0.58)
• Attack on Critical Infrastructure Leverages Template Injection (score: 0.53)
• MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.49)
• Naw Javascript malware: Fax transmission: - <Random-Digits> (score: 0.48)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る