International Threats – Infection URLs Used in Regional Phishing Campaigns

**Executive Summary:** This Cofense Intelligence report analyzes infection URLs used in high-volume non-English phishing campaigns (Spanish, Thai, Chinese, Portuguese, German) that bypassed secure email gateways to deliver malware, documenting that attackers commonly abuse legitimate cloud/file services (Google Drive/Docs, Dropbox, Amazon AWS, MediaFire, etc.) and compromised domains to host or redirect to payloads; it also outlines dominant malware families per language (for example Remcos, KrBanker, XWorm) and language-specific themes, underscoring the need for multilingual detection, user training, and improved email defenses.