This report analyzes phishing email threats from March 2025, highlighting the prevalence of scams through attachments and methods used by threat actors, including fake websites and malicious scripts. Affected: Phishing Email Sector, Users
Keypoints :
- In March 2025, phishing emails predominantly involved attachments with a 59% threat level.
- Common tactics included mimicking logins and using hyperlinks in documents to redirect users to fake websites.
- Statistics provided on the distribution and attachment types of phishing emails over the past six months.
- Specific analysis of Korean language phishing emails with insights into frequently used keywords and attachment names.
- Phishing emails in March distributed malware through document attachments, including Downloaders and Infostealers.
- A notable case involved exploiting the vulnerability in EQNEDT32.exe to activate malicious functions upon opening documents.
- Increased use of compressed script files (.vbs) sent via phishing emails.
- Full detailed analysis and additional statistics are available in the original ATIP report.
MITRE Techniques :
- Phishing (T1566) – Threat actors employed phishing emails that contained malicious attachments and scripts to lure users into providing their credentials.
- Exploitation of Vulnerabilities (T1203) – Exploited EQNEDT32.exe vulnerabilities in document attachments to execute malicious code.
- Malware Delivery (T1070) – Delivery of malware types such as Downloaders and Infostealers through email attachments.
Indicator of Compromise :
- [MD5] 030f54e96db8a7eb0601976cc7997748
- [MD5] 0b04a2d692e0679243660865879628b2
- [MD5] 0bc86eb111a2727d9b0c07532cf41787
- [MD5] 1726d38fc2b0bf3ed30b676957cf4d8c
- [MD5] 194f53f3fac0367abe890df8013e6e58
Full Story: https://asec.ahnlab.com/en/87401/
Views: 30