New Blog Post | Investigating a unique “form” of email delivery for IcedID malware

%3CLINGO-SUB%20id%3D%22lingo-sub-2264382%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Investigating%20a%20unique%20%E2%80%9Cform%E2%80%9D%20of%20email%20delivery%20for%20IcedID%20malware%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2264382%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1617992482152.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F271578i0A976AD01D995B55%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1617992482152.png%22%20alt%3D%22JasonCohen1892_0-1617992482152.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F04%2F09%2Finvestigating-a-unique-form-of-email-delivery-for-icedid-malware%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EInvestigating%20a%20unique%20%22form%22%20of%20email%20delivery%20for%20IcedID%20malware%20-%20Microsoft%20Security%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EMicrosoft%20threat%20analysts%20have%20been%20tracking%20activity%20where%20contact%20forms%20published%20on%20websites%20are%20abused%20to%20deliver%20malicious%20links%20to%20enterprises%20using%20emails%20with%20fake%20legal%20threats.%20The%20emails%20instruct%20recipients%20to%20click%20a%20link%20to%20review%20supposed%20evidence%20behind%20their%20allegations%2C%20but%20are%20instead%20led%20to%20the%20download%20of%20IcedID%2C%20an%20info-stealing%20malware.%20Microsoft%20Defender%20for%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22brand%22%3EOffice%20365%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Edetects%20and%20blocks%20these%20emails%20and%20protects%20organizations%20from%20this%20threat.%3C%2FP%3E%0A%3CP%20class%3D%22x-hidden-focus%22%3EIn%20this%20blog%2C%20we%20showcase%20our%20analysis%20on%20this%20unique%20attack%20and%20how%20the%20techniques%20behind%20it%20help%20attackers%20with%20their%20malicious%20goals%20of%20finding%20new%20ways%20to%20infect%20systems.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2264382%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20for%20Office%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

JasonCohen1892_0-1617992482152.png

Investigating a unique "form" of email delivery for IcedID malware - Microsoft Security

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware. Microsoft Defender for Office 365 detects and blocks these emails and protects organizations from this threat.

In this blog, we showcase our analysis on this unique attack and how the techniques behind it help attackers with their malicious goals of finding new ways to infect systems.

0 Replies