Emerging Phishing Attack on Cyber Space of Bangladesh

    Tuesday, January 14, 2025 In: Threat Research Print

    Date: 01/14/2025

    Severity: Critical

    Summary

    "Emerging Phishing Attack on Cyberspace of Bangladesh" refers to a recent surge in phishing campaigns targeting government organizations, law enforcement agencies, educational institutions, and other sectors in Bangladesh. These attacks involve impersonating official entities to steal sensitive information through malicious attachments and links. The advisory outlines phishing email contents, Indicators of Compromise (IOCs), and detection rules to help raise awareness and improve security against these evolving threats.

    Indicators of Compromise (IOC) List

    URL/Domains

    https://mail-mod-gov-bd-account-data-file.netlify.app/data.html?pdf=

    https://drive-baf-mil-bd-share-file.netlify.app/airforce%20drive%20share

    https://drive-bcc-registraion-cloud-storage.netlify.app/bcc%20drive%20share

    https://railway-gov-bd.b-cdn.net/Proclamation%20of%20the%20July%20Uprising.html

    https://railway-gov-bd.b-cdn.net/Proclamation%20of%20the%20July%20Uprising.html

    https://forms.yandex.ru/cloud/64d311e643f74f24f282c9e6

    https:// mail-afd-gov-bd-account-error-issues.netlify.app/afd.html?afd=admin_dte@afd.gov.bd

    https://mail.railway-gov-bd.org

    https://mail.coastguard.govmm.org/ULfwhxNc

    IP Address

    212.102.40.113

    132.247.190.11

    84.17.63.178

    34.234.106.80

    104.21.92.200

    100.28.201.155

    104.18.111.161

    46.183.184.245

    Attached File Extension

    .rar

    .pdf

    .url

    .html

    -ms

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    userdomainname like "https://mail-mod-gov-bd-account-data-file.netlify.app/data.html?pdf=" or url like "https://mail-mod-gov-bd-account-data-file.netlify.app/data.html?pdf=" or userdomainname like "https://drive-baf-mil-bd-share-file.netlify.app/airforce%20drive%20share" or url like "https://drive-baf-mil-bd-share-file.netlify.app/airforce%20drive%20share" or userdomainname like "https://drive-bcc-registraion-cloud-storage.netlify.app/bcc%20drive%20share" or url like "https://drive-bcc-registraion-cloud-storage.netlify.app/bcc%20drive%20share" or userdomainname like "https://railway-gov-bd.b-cdn.net/Proclamation%20of%20the%20July%20Uprising.html" or url like "https://railway-gov-bd.b-cdn.net/Proclamation%20of%20the%20July%20Uprising.html" or userdomainname like "https://railway-gov-bd.b-cdn.net/Proclamation%20of%20the%20July%20Uprising.html" or url like "https://railway-gov-bd.b-cdn.net/Proclamation%20of%20the%20July%20Uprising.html" or userdomainname like "https://forms.yandex.ru/cloud/64d311e643f74f24f282c9e6" or url like "https://forms.yandex.ru/cloud/64d311e643f74f24f282c9e6" or userdomainname like "https:// mail-afd-gov-bd-account-error-issues.netlify.app/afd.html?afd=admin_dte@afd.gov.bd" or url like "https:// mail-afd-gov-bd-account-error-issues.netlify.app/afd.html?afd=admin_dte@afd.gov.bd" or userdomainname like "https://mail.railway-gov-bd.org" or url like "https://mail.railway-gov-bd.org" or userdomainname like "https://mail.coastguard.govmm.org/ULfwhxNc" or url like "https://mail.coastguard.govmm.org/ULfwhxNc"

    Detection Query 2

    dstipaddress IN ("212.102.40.113","132.247.190.11","84.17.63.178","34.234.106.80","104.21.92.200","100.28.201.155","104.18.111.161","46.183.184.245") or ipaddress IN ("212.102.40.113","132.247.190.11","84.17.63.178","34.234.106.80","104.21.92.200","100.28.201.155","104.18.111.161","46.183.184.245") or publicipaddress IN ("212.102.40.113","132.247.190.11","84.17.63.178","34.234.106.80","104.21.92.200","100.28.201.155","104.18.111.161","46.183.184.245") or srcipaddress IN ("212.102.40.113","132.247.190.11","84.17.63.178","34.234.106.80","104.21.92.200","100.28.201.155","104.18.111.161","46.183.184.245")

    Reference: 

    https://www.cirt.gov.bd/phishing-awareness-bd-jan25/            


    Tags

    MalwarePhishingBangladeshData StealerGovernment Services and FacilitiesEducationEmergency Services

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.