General

  • Target

    https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-83X827609L2683015%2FU-44A56102NY902251W%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=9PGxs0xy224eowkNUBFE6J2oPpiv0rHosiVa6w&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-83X827609L2683015%2FU-44A56102NY902251W%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3D9PGxs0xy224eowkNUBFE6J2oPpiv0rHosiVa6w%22%7D%7D&flowContextData=A8f-tRdzlE6_TtJLqoiKlQb_30sm4TnZN8-oxPh400XmnMHh8N5kzcvQNYTWWpA--Ts8i8ag0eXETzkYdcGJSbIKT_v_yv2j7W-otrjeiwg38YcPfILyk8sGwPTNQZO3hBHOJt-TEY4y5gSChmDEf04GqvPqX0iWgV1JQUjOBVxZZlR8v6xSgg9YeYSLyF9nzx1SqpHmy4Y_TxUl7-gdFGl8G7wB_B5vd7ptpf4dsDhGD5RKr9HXY2PLua-UbpMcPhJQ1oCHKSkE51fnh9dU1f31WrHiH9bRbTaL2NRXC45UVbOTWROSEmBze7roxA14qeg9m88G6hHNJNhlfPu-vVDngAFV3MRtMjG40Yh-vKIPQzcYLll77t2NSwiwmxlTgVKQqCtXpkjI6Glq25GCJNH5XGhVg0R3ZqpGPqOxdQ2U4U5HYAN9dnpP0WcCiz2kajg6XhvFYScdfGc4gjSBqwdEXZao59go0T_K7RQv0ZPnxhdQ&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=7ac8f2d3-b0ba-11ef-83cc-992ce0dcbd14&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=7ac8f2d3-b0ba-11ef-83cc-992ce0dcbd14&calc=f47681172341b&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

  • Sample

    241211-myzajatpfj

Malware Config

Targets

    • Target

      https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-83X827609L2683015%2FU-44A56102NY902251W%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=9PGxs0xy224eowkNUBFE6J2oPpiv0rHosiVa6w&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-83X827609L2683015%2FU-44A56102NY902251W%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3D9PGxs0xy224eowkNUBFE6J2oPpiv0rHosiVa6w%22%7D%7D&flowContextData=A8f-tRdzlE6_TtJLqoiKlQb_30sm4TnZN8-oxPh400XmnMHh8N5kzcvQNYTWWpA--Ts8i8ag0eXETzkYdcGJSbIKT_v_yv2j7W-otrjeiwg38YcPfILyk8sGwPTNQZO3hBHOJt-TEY4y5gSChmDEf04GqvPqX0iWgV1JQUjOBVxZZlR8v6xSgg9YeYSLyF9nzx1SqpHmy4Y_TxUl7-gdFGl8G7wB_B5vd7ptpf4dsDhGD5RKr9HXY2PLua-UbpMcPhJQ1oCHKSkE51fnh9dU1f31WrHiH9bRbTaL2NRXC45UVbOTWROSEmBze7roxA14qeg9m88G6hHNJNhlfPu-vVDngAFV3MRtMjG40Yh-vKIPQzcYLll77t2NSwiwmxlTgVKQqCtXpkjI6Glq25GCJNH5XGhVg0R3ZqpGPqOxdQ2U4U5HYAN9dnpP0WcCiz2kajg6XhvFYScdfGc4gjSBqwdEXZao59go0T_K7RQv0ZPnxhdQ&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=7ac8f2d3-b0ba-11ef-83cc-992ce0dcbd14&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=7ac8f2d3-b0ba-11ef-83cc-992ce0dcbd14&calc=f47681172341b&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

MITRE ATT&CK Enterprise v15

Tasks