General

  • Target

    https://cdp2.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvMmFiMzE4YWE0MmE5NDQ0Y2I5ZWI5NDViNGEyYjBmOWEiLCJjcmVhdGlvbl90aW1lIjoxNzI4NjkzMzM1LCJjb21wb25lbnRfaWQiOiJkY2M0ZmU1Yy1jNWFjLTQ1OTEtODAwMy1hZDA0ODgwOTA4ZmYiLCJtZXNzYWdlX2lkIjoiMGo5Y2d6c25ta3Z0aGhiZG1tbXJ3aGJxIzViNmJjYmMzLTA1YjgtNDA2ZS05NjdmLWIzYjM1NjRmYzIzZiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzYwMjI5MzM1LCJyZWRpcmVjdF91cmwiOiJodHRwczovL21ldGFzdXBwb3J0LWFwcGVhbC0zMGEwMC53ZWIuYXBwL2NvbnRhY3QvNTI2NjI5NjA2MTgxNjI3OCIsImluZGl2aWR1YWxfaWQiOiIwMDNIdTAwMDAzbFYwaXNJQUMifQ.AqP66WltZ22D8przuYFUSFse9-0VCM5rCIir5PhdhfU

  • Sample

    241012-h4cw9szcna

Malware Config

Targets

    • Target

      https://cdp2.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvMmFiMzE4YWE0MmE5NDQ0Y2I5ZWI5NDViNGEyYjBmOWEiLCJjcmVhdGlvbl90aW1lIjoxNzI4NjkzMzM1LCJjb21wb25lbnRfaWQiOiJkY2M0ZmU1Yy1jNWFjLTQ1OTEtODAwMy1hZDA0ODgwOTA4ZmYiLCJtZXNzYWdlX2lkIjoiMGo5Y2d6c25ta3Z0aGhiZG1tbXJ3aGJxIzViNmJjYmMzLTA1YjgtNDA2ZS05NjdmLWIzYjM1NjRmYzIzZiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzYwMjI5MzM1LCJyZWRpcmVjdF91cmwiOiJodHRwczovL21ldGFzdXBwb3J0LWFwcGVhbC0zMGEwMC53ZWIuYXBwL2NvbnRhY3QvNTI2NjI5NjA2MTgxNjI3OCIsImluZGl2aWR1YWxfaWQiOiIwMDNIdTAwMDAzbFYwaXNJQUMifQ.AqP66WltZ22D8przuYFUSFse9-0VCM5rCIir5PhdhfU

    • Detected facebook phishing page

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks