Burrowing into the Beamglea Campaign DNS Infrastructure
WhoisXML API found 370 new artifacts connected to the Beamglea phishing campaign. Download the threat research materials now.
Continue reading Download reportSpelunking into SVG Phishing: Amatera Stealer and PureMiner DNS Deep Dive
Phishing emails with image file attachments are not novel. But the images usually come as PNG or JPEG/JPG files. This time around, though, attackers laced SVG files with Amatera Stealer and/or PureMiner that took remote control of victims’ devices to collect sensitive information, hijack computing resources, and deliver additional malware.
FortiGuard Labs identified 26 IoCs comprising 25 domains and one IP address connected to the threat. Further investigation of the IoCs led to these discoveries:
- 10 unique client IP addresses communicated with seven distinct domains identified as IoCs
- Nine of the domains identified as IoCs were deemed likely to turn malicious 14–105 days before being reported as such
- 22 email-connected domains
- 18 additional IP addresses, all malicious
- 45 IP-connected domains
- Eight string-connected domains, two malicious
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.fortinet.com/blog/threat-research/svg-phishing-hits-ukraine-with-amatera-stealer-pureminer