General
-
Target
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=corrohealthcomoasissupport%40corrohealth.freshservice.com&senderemailaddress=Kevin.Lee%40corrohealth.com&senderorganization=AwGAAAAAAnwAAAADAQAAACgLMtLFMwlGqVPjtgD8hBZPVT10cnVzdGhjczAub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjEwQTAwNSxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09N8KcNXTNEikC1T7T9FRVCeUNOPUNvbmZpZ3VyYXRpb24sQ049dHJ1c3RoY3MwLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxMEEwMDUsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cIA1PR10MB733545E7A847BFE80747586CF76B2%40IA1PR10MB7335.namprd10.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7b0AF09B7F-434F-4B2F-9CBC-57639EDCFD9C%7d%40trusthcs0.onmicrosoft.com&consumerEncryption=false&senderorgid=683d57e7-70bf-4bc4-b88d-bd8905a0c39a&urldecoded=1&e4e_sdata=I%2fpYxX7U64LpsByRQsR0RESLRRbDAbKI6s0hsMohLkhPoi9Apvhf2HOpzKyRVRNu6LM0vJASui1HkDS%2fkMddgklGxjy1EXgyO8fy4%2fMIXZIDGiYVY59P%2baN37Arps3F%2bOoaHYUXnB4oTxu0SlefjFLugPirYSgb2xuv5ftHrBXNM27899ip4XvEiZrJqiPGJ3mcIsZhppE2IGMm94XRk97oO8NuVgxENET0RgbAHZpa4bBo51Ut9Fx%2f2TMbwlpOXU2tZQkgJS1%2fk3qpj4rcPTKkrl1tPE7BTxl4KZYj0bgRjK%2bP28kX9jBW%2fR4%2b09nPsl%2b1kknLAOg4qWirJf7DCHw%3d%3d
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]