Overview

overview

8

Static

static

8

URLScan

urlscan

https://es.sempra-in...

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://es.sempra-infra.splunkcloud.com/en-US/app/SplunkEnterpriseSecuritySuite/search?q=search%20index%3Dglobal_proofpoint%20sender%3Dmatinez%40jatiyasangbad.com%0A%7C%20eval%20ThreatScore%20%3D%20round((impostorScore%20%2B%20malwareScore%20%2B%20phishScore%20%2B%20spamScore)%2C%200)%0A%7C%20stats%20values(recipient)%20as%20dest%2C%20dc(recipient)%20as%20dest_count%20values(file_name)%20as%20file_name%20sum(ThreatScore)%20as%20ThreatScore%20by%20sender%0A%7C%20rename%20sender%20as%20src%0A%7C%20search%20dest_count%20%3E%205%20AND%20ThreatScore%20%3E%20500&earliest=1715296260&latest=1715325060&sid=1715332684.1328671&display.page.search.mode=verbose&dispatch.sample_ratio=1&display.page.search.tab=events&display.general.type=statistics#

Score
8/10
phishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: searchindexglobalproofpointsendermatinez@jatiyasangbad.comevalThreatScoreroundimpostorScoremalwareScorephishScorespamScore0statsvaluesrecipientasdestdcrecipientasdestcountvaluesfilenameasfilenamesumThreatScoreasThreatScorebysenderrenamesenderassrcsearchdestcount5ANDThreatScore500
    phishing

Files