Tracking Crimson Kingsnake
ID: 27333838-d580-547e-bed3-84d86dd0438a
STIX ID: report--27333838-d580-547e-bed3-84d86dd0438a
Feed Name: KMsec blog
Threat Score
This report analyzes the Crimson Kingsnake invoice-fraud campaign: operators used compromised Office365 accounts and typosquatted domains to send targeted 'overdue invoice' spearphishes, followed by fake-thread replies and PDF invoices. The author pivots via VirusTotal to enumerate victim organizations, PDF metadata (author 'hpins'), multiple domains and file hashes, and supplies a YARA LiveHunt rule and IoCs to track the campaign.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.