This is an advisory on a reported phishing attempt involving a pdf document, which redirects user to a malicious site when opened.

IMPACT:  Normal

PUBLISH DATE: 26-06-2018

OVERVIEW

A team member reported a phishing attempt involving a PDF attachment which, when clicked, redirects the user to the URL lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php. This URL leads to a malicious site. The PDF was labelled as “Offer for Purchase.PDF”.

 BACKGROUND INFORMATION

Last night, one of our team members observed a phishing attempt. They reported having received a PDF attachment from paulo[@]novahometeam[.]com. Clicking on the PDF redirected them to the URL  lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php which is a malicious site capable of transferring malware to your system.

The attachment is named “Offer for Purchase.PDF”. The IP analysis of the source of this phishing attempt produced the IP: 80.211.69[.]217.

The phishing attempt was made from Europe, with a country code of Italy.

RESOLVE

It is recommended to avoid clicking all such PDFs received from unusual sources.  Moreover, members are advised to block the following threat indicators.

E-mail

paulo[@]novahometeam[.]com

URL

hxxp://lopiefuhf[.]ml/wp-admin/docpage/gieeedoc/melstod.php

IP

80.211.69[.]217.

If you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.