Search the repository of unique attacks observed by the Abnormal Intelligence team.
Malware Attack Features Impersonation of Attorney and Malicious Attachment Disguised as Subpoena

An attacker impersonates a real lawyer and sends a malware-infected HTML attachment which the threat actor claims is a subpoena needing review.

Attacker Utilizes Calendar Attachment and Fake Cryptocurrency Payment to Spread Malware

An attacker sends a fake confirmation of Bitcoin payment to trick the recipient into downloading a malicious ICS file.

Likely AI-Generated Microsoft Impersonator Sends Fake Attachment in Malware Attack

Using a legitimate domain as a mask, an attacker attempts to infect a recipient’s computer with malware via an HTML attachment.

Attacker Utilizes Fake Voicemail Attachment in Malware Delivery

Harnessing a legitimate-looking domain as a mask, an attacker attempts to infect a recipient's computer with malware by pretending to send a voicemail attachment.

Insurance Company Impersonator Provides Fake Benefits Document in Likely AI-Generated Attempted Malware Delivery

An attacker leverages a legitimate-looking domain as a mask to send a likely malware-infected document purportedly about benefits information.

Multi-Layered Malware Attack Utilizes File-Sharing Tool Smash To Send Malicious PDF

An attacker gains control of a domain before attempting a payload-based attack using the file-sharing tool Smash.

Attempted Payment Fraud Using Lookalike Domain and Real Invoices Targets Manufacturing Company

Attackers pose as existing vendors and use lookalike domain and real invoices in attempt to fraudulently update payment information.

Phishing Attack Disguised as Notification Informing VP Storage Capacity Limit Exceeded

Attackers disguise phishing email to VP at financial institution as notification that full storage capacity has been reached and emails will no longer be delivered.

Fake Email Account Deactivation Notice with Phishing Link Targeting Online Retailer

Attackers pose as the internal support team at an online retailer and claim the recipient's email account has been queued for deactivation in an attempt to steal credentials or install malware.

Attacker Impersonates Attorney and Sends Fake Dropbox File Transfer Notification to Deliver Malware

This malware attack impersonated a real attorney at a real firm using Dropbox to transfer a file purported to be a contract that is likely malicious.

Fake Payment Message Leads to Malware Infected ZIP File Download

Attackers trick recipients into opening a ZIP file containing malware by stating that the file contains payment information for a recent purchase.

Attack Uses Fake OneNote Attachment to Deliver Malware

This attack posted as a shared settlement document containing a malicious OneNote (.ONE) attachment to deliver malware.

Email Posing as Request for Tax Help Pivots from Response-based to Link-based Attack to Deliver Malware

This attack posed as a prospective client requesting assistance on tax returns that was used to deliver malware via a malicious link in a follow-up message.

TeamViewer Lookalike Site from Fake Bill Leads to Malware Download

This link-based attack hijacked an email thread from a compromised account to deliver a link leading to a fake TeamViewer page which attempts to download malware.

Hijacked Email Thread Used to Send Executive Link to Password-Protected Malware

An old email thread is hijacked and used to send a link to likely malware payload.

Accounts Payable Impersonated in Malware Delivery Attack

Attackers impersonate Accounts Payable to deliver a payroll remittance attachment that contains malware.

Hijacked Thread Used in Password Protected Malware Attack

This attack uses an ongoing email thread from a compromised vendor and password protected file to evade security solutions and deliver malware.

Generic Email Support Team Impersonated in Password Change Malware Attack

Attackers impersonate a generic support team as part of a multi-stage malware attack, first informing the recipient that their password needs reset and asking them to call for support.


Attack Type

Impersonated Party

Impersonated Brand

Attack Goal

Attack Vector

Attack Tactic

Attack Theme

Attack Language


See How Abnormal Stops Emerging Attacks

See a Demo