Attack Library
Threat Actor Uses Impersonation and Spoofing to Deliver Malicious Payload in Likely AI-Generated Attack
Using a spoofed email address, an attacker poses as a known brand and attempts to convince the target to open a malicious attachment.
Attacker Impersonates American Express to Trick Targets into Downloading Malware in Password Reset Scam
A threat actor exploits the trust of a known brand and manufactures urgency to deceive recipients into downloading malware under the guise of restoring account access.
Multi-Step Credential Phishing and Malware Attack Utilizes Canva and Fake Microsoft Login Page
After compromising a legitimate email account, an attacker uses Canva to host a malicious redirect link before impersonating Microsoft to gain access to a target’s environment and install Malware.
Malware Attack Features Impersonation of Attorney and Malicious Attachment Disguised as Subpoena
An attacker impersonates a real lawyer and sends a malware-infected HTML attachment which the threat actor claims is a subpoena needing review.
Attacker Utilizes Calendar Attachment and Fake Cryptocurrency Payment to Spread Malware
An attacker sends a fake confirmation of Bitcoin payment to trick the recipient into downloading a malicious ICS file.
Likely AI-Generated Microsoft Impersonator Sends Fake Attachment in Malware Attack
Using a legitimate domain as a mask, an attacker attempts to infect a recipient’s computer with malware via an HTML attachment.
Attacker Utilizes Fake Voicemail Attachment in Malware Delivery
Harnessing a legitimate-looking domain as a mask, an attacker attempts to infect a recipient's computer with malware by pretending to send a voicemail attachment.
Insurance Company Impersonator Provides Fake Benefits Document in Likely AI-Generated Attempted Malware Delivery
An attacker leverages a legitimate-looking domain as a mask to send a likely malware-infected document purportedly about benefits information.
Multi-Layered Malware Attack Utilizes File-Sharing Tool Smash To Send Malicious PDF
An attacker gains control of a domain before attempting a payload-based attack using the file-sharing tool Smash.
Attempted Payment Fraud Using Lookalike Domain and Real Invoices Targets Manufacturing Company
Attackers pose as existing vendors and use lookalike domain and real invoices in attempt to fraudulently update payment information.
Phishing Attack Disguised as Notification Informing VP Storage Capacity Limit Exceeded
Attackers disguise phishing email to VP at financial institution as notification that full storage capacity has been reached and emails will no longer be delivered.
Fake Email Account Deactivation Notice with Phishing Link Targeting Online Retailer
Attackers pose as the internal support team at an online retailer and claim the recipient's email account has been queued for deactivation in an attempt to steal credentials or install malware.
Attacker Impersonates Attorney and Sends Fake Dropbox File Transfer Notification to Deliver Malware
This malware attack impersonated a real attorney at a real firm using Dropbox to transfer a file purported to be a contract that is likely malicious.
Fake Payment Message Leads to Malware Infected ZIP File Download
Attackers trick recipients into opening a ZIP file containing malware by stating that the file contains payment information for a recent purchase.
Attack Uses Fake OneNote Attachment to Deliver Malware
This attack posted as a shared settlement document containing a malicious OneNote (.ONE) attachment to deliver malware.
Email Posing as Request for Tax Help Pivots from Response-based to Link-based Attack to Deliver Malware
This attack posed as a prospective client requesting assistance on tax returns that was used to deliver malware via a malicious link in a follow-up message.
TeamViewer Lookalike Site from Fake Bill Leads to Malware Download
This link-based attack hijacked an email thread from a compromised account to deliver a link leading to a fake TeamViewer page which attempts to download malware.
Hijacked Email Thread Used to Send Executive Link to Password-Protected Malware
An old email thread is hijacked and used to send a link to likely malware payload.
Accounts Payable Impersonated in Malware Delivery Attack
Attackers impersonate Accounts Payable to deliver a payroll remittance attachment that contains malware.
Hijacked Thread Used in Password Protected Malware Attack
This attack uses an ongoing email thread from a compromised vendor and password protected file to evade security solutions and deliver malware.
Generic Email Support Team Impersonated in Password Change Malware Attack
Attackers impersonate a generic support team as part of a multi-stage malware attack, first informing the recipient that their password needs reset and asking them to call for support.