End-of-Year PTO: Days Off and Data Exfiltration with Formbook
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A phishing campaign disguised as an end-of-year leave approval notice has been intercepted by the Cofense Phishing Defense Center. The malicious email, masquerading as HR communication, tricks recipients into clicking a link that leads to the deployment of FormBook malware. The email contains red flags such as an external sender warning and a SendGrid-wrapped URL. The malware, an AutoIt compiled executable, uses process injection techniques to evade detection and execute its payload. FormBook performs reconnaissance, injects code into svchost.exe and Utilman.exe, and carries out credential harvesting, keylogging, and data exfiltration. The attack exploits the urgency of year-end leave scheduling to infiltrate organizations and steal sensitive information.
OPENCTI LABELS :
phishing,data exfiltration,formbook,keylogging,process injection,autoit,credential harvesting,holiday-themed
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
End-of-Year PTO: Days Off and Data Exfiltration with Formbook