{ "Event": { "analysis": "1", "date": "2026-03-30", "extends_uuid": "", "info": "[Threat Intel] One Click Away: Inside a LinkedIn Phishing Attack", "protected": false, "publish_timestamp": "1775907155", "published": true, "threat_level_id": "3", "timestamp": "1775907154", "uuid": "774f9df7-3dc4-4669-996a-55de16be464b", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#e0933f", "local": false, "name": "misp-galaxy:producer=\"Cofense\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#db2044", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1598.003\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#3d1dab", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Spearphishing - T1534\"", "relationship_type": "" }, { "colour": "#efb098", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Social Media Accounts - T1585.001\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#37c019", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Accounts - T1078.004\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775012412", "to_ids": false, "type": "link", "uuid": "8671af0d-806a-4c4b-b603-306f466a8bae", "value": "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775012412", "to_ids": false, "type": "text", "uuid": "2456e023-b7ab-45b4-9db8-5c70f3234bdf", "value": "A sophisticated phishing campaign targeting LinkedIn users has been identified. The attack uses fake LinkedIn message notifications to lure victims into clicking on malicious links. The emails closely mimic legitimate LinkedIn communications, including spoofed display names and formatting. Upon clicking, users are redirected to a convincing but fraudulent LinkedIn login page designed to steal credentials. The phishing page uses a deceptive domain name similar to 'LinkedIn' to further trick users. This campaign demonstrates the evolving tactics of cybercriminals in exploiting human trust and curiosity. The analysis emphasizes the importance of vigilance, source verification, and caution when interacting with seemingly routine notifications." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775012412", "to_ids": false, "type": "text", "uuid": "9849bf88-5727-4fd2-a20d-8261e3cba5ef", "value": "Name: One Click Away: Inside a LinkedIn Phishing Attack\nAuthor: AlienVault\nAdversary: \nTags: [\"credential theft\", \"social engineering\", \"email spoofing\", \"notification imitation\", \"domain spoofing\", \"fake login page\", \"linkedin\", \"phishing\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1056.001\", \"T1566.002\", \"T1598.003\", \"T1566.001\", \"T1534\", \"T1585.001\", \"T1204.001\", \"T1078.004\"]\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904329", "to_ids": true, "type": "domain", "uuid": "709769df-e23e-4d5b-80b6-3e67f90d0660", "value": "inedin.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904350", "to_ids": true, "type": "domain", "uuid": "d0e8c442-72cb-493b-9930-5e88949d7d51", "value": "singletoncop.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904371", "to_ids": true, "type": "hostname", "uuid": "188ca243-5d54-42d3-b69e-9e8a125deeb0", "value": "notifcation.inedin.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904392", "to_ids": true, "type": "url", "uuid": "65576275-970c-453c-a287-a10735caf33e", "value": "https://notifcation.inedin.digital/?xgsrdh=12602024008489914930&provider=4__cmppbWVuZXpAaWJlcmRyb2xhLmNvbQ==__xvpji__lkkd", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904413", "to_ids": true, "type": "ip-dst", "uuid": "f3f150b1-445b-4e85-8890-3c87c6093e67", "value": "104.21.80.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904435", "to_ids": true, "type": "ip-dst", "uuid": "1e7c9d38-6932-4859-bcbe-21ce56322d4f", "value": "104.21.64.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904456", "to_ids": true, "type": "ip-dst", "uuid": "165fb4f2-4a96-4038-a431-eaed1be602cf", "value": "104.21.112.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904477", "to_ids": true, "type": "ip-dst", "uuid": "0d4acc9e-04d7-48f7-ad71-98a81699ce2b", "value": "104.21.48.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904499", "to_ids": true, "type": "ip-dst", "uuid": "9a75e1ae-7c52-48fb-8147-407d656f601c", "value": "104.21.16.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904521", "to_ids": true, "type": "ip-dst", "uuid": "3a65321d-5ab6-4b5b-ad06-2a2e9fdd192e", "value": "104.21.32.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904542", "to_ids": true, "type": "ip-dst", "uuid": "a80b101f-7b53-43df-bd98-66615a2a1595", "value": "104.21.96.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904563", "to_ids": true, "type": "url", "uuid": "dc56f92a-3d71-456b-aba5-c98002ac7239", "value": "https://singletoncop.info/webxr.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775904584", "to_ids": true, "type": "ip-dst", "uuid": "f875a83a-28d1-42a8-afc3-ea5b59721db6", "value": "192.99.81.100", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }