An Ericsson targeting campaign?

Online Malware Analysis Report
https://www.virustotal.com/en/domain/s1opj1wng6.inquesbreda.com/information/

AriDfoix

Level 3
Thread author
Verified
Sep 2, 2018
125
I received a strange e-mail today, looking at it sounds usual spam trying to steal data, but something told me is a specific target attack.

I took a look at the header of the e-mail and run some crosscheck:

hxxp://zXhIAh.inquesbreda.com/.intesa418/?id=zXhIAh?
hxxp://GzwrkF.finquesbreda.com/img/intesalogo194.png?

This two elements from the e-mail were loading from this strange site inquesbreda.com, trying access it reports the domain as reserved:

liveshot

Running a virustotal for that domain, left me with a strange sensation: that site has multiple domains for multiple types of scam they perform: credit cards, financial services, insurances... But, they seems to target business mail of Ericsson employes:

s1opj1wng6.inquesbreda.com domain information - VirusTotal

Right now only ESET has flagged it as phising, but maybe there is more behind this scheme? Not sure...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top