This week I got this run-of-the-mill DHL phishing in my ISC inbox.
I have seen similar email from my personal email before. When I followed the URL for analysis, it automatically inserted my email address into the source email box and it included the SANS Technology Institute picture at the top of the page to make it look like I'm accessing the official website.
What I also found interesting about this phishing email, both message below LOGIN which would normally be link with a URL, had nothing associated with them.
Indicator
https://showpiece.trillennium[.]biz/linknew/firebase1.php
[1] https://www.virustotal.com/gui/url/8e307d79ecae2d57b2a306cac2a95f32f4afca21c5b7a61539af787c1a2f6a16?nocache=1[2] https://isc.sans.edu/forums/diary/Spearphishing+Email+Targeting+Outlook+Mail+Clients/27472/
-----------Guy Bruneau IPSS Inc.My Handler PageTwitter: GuyBruneaugbruneau at isc dot sans dot edu
Support the originator by clicking the read the rest link below.
