misp-circl-feed/feeds/circl/misp/5c37406b-120c-4ecf-988c-4ef9950d210f.json

{"Event": {"info": "OSINT - Phishing template uses fake fonts to decode content and evade detection", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#326400", "exportable": true, "name": "circl:incident-classification=\"phishing\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Obfuscated Files or Information - T1027\""}], "publish_timestamp": "0", "timestamp": "1547127372", "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5c374083-5b40-4c9c-bd38-412c950d210f", "timestamp": "1547124867", "to_ids": false, "value": "https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5c374083-2f78-496b-ab68-43b3950d210f", "timestamp": "1547124867", "to_ids": false, "value": "https://www.proofpoint.com/sites/default/files/proofpoint-obfuscation-techniques-phishing-attacks-threat-insight-en-v1.pdf", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5c37432f-4370-4f62-b4e8-4bb9950d210f", "timestamp": "1547125550", "to_ids": false, "value": "Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding.", "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fa-f874-4489-8d80-4278950d210f", "timestamp": "1547126778", "to_ids": true, "value": "fatima133777@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fa-8434-401c-aa5e-48e0950d210f", "timestamp": "1547126778", "to_ids": true, "value": "fitgirlp0rtia@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fb-9194-4a9a-baf7-4e93950d210f", "timestamp": "1547126779", "to_ids": true, "value": "hecklerkiller@yandex.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fb-d9cc-4f39-97cb-4b09950d210f", "timestamp": "1547126779", "to_ids": true, "value": "netty6040@aol.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fc-1b38-4ec9-ad36-46ff950d210f", "timestamp": "1547126780", "to_ids": true, "value": "nicholaklaus@yandex.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fc-9190-439e-bcd2-451f950d210f", "timestamp": "1547126780", "to_ids": true, "value": "oryodavied@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fd-cfe8-4af0-9366-4b75950d210f", "timestamp": "1547126781", "to_ids": true, "value": "realunix00@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fd-5a5c-4668-9fa8-4c23950d210f", "timestamp": "1547126781", "to_ids": true, "value": "slidigeek@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c3747fe-d584-4aa9-9c19-4fa8950d210f", "timestamp": "1547126782", "to_ids": true, "value": "zerofautes@outlook.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}], "extends_uuid": "", "published": false, "date": "2019-01-03", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5c37406b-120c-4ecf-988c-4ef9950d210f"}}