2017-10-11 - PHISHING EMAIL - SUBJECT: COMPLETED TITLE WORK :PLEASE DOCUSIGN

ASSOCIATED FILES:

NOTES:

 

EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 


Shown above:  Initial phishing page.

 


Shown above:  Fake gmail login (one of many different login options).

 


Shown above:  Fake recovery email and phone.

 


Shown above:  Phishing kit zip archive from the compromised website.

 

TRAFFIC


Shown above:  Traffic in Wireshark shows Bit.ly link going to HTTPS URL.

 


Shown above:  HTTPS URLs as recorded in Fiddler.

 

ASSOCIATED URLS:

 

MALWARE

PHISHING KIT FROM COMPROMISED SITE:


Shown above:  Contents of the phishing kit.

 

FINAL NOTES

Once again, here are the associated files:

SAZ and ZIP archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.