Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

    Monday, July 29, 2024 In: Threat Research Print

    Date: 07/10/2024

    Severity: Medium

    Summary

    HTML smuggling involves embedding encoded or encrypted JavaScript code within HTML attachments or web pages, commonly used in recent spear phishing campaigns. This technique circumvents email gateways and web proxies by exploiting HTML5 and JavaScript functionalities, alongside various encoding and encryption methods, enhancing its effectiveness in evading detection.

    Indicators of Compromise (IOC) List

    URLs / Domains

    https://kj507o.ikkgv.ru/KkYNOJxe

    https://login.cw1.ir/

    https://cyyfy.itonadalat.ru/3356k74yj/

    https://9mYtT.ntypenti.com/404.php?3-68747470733a2f2f3246784a2e6c65636970686f6d2e636f6d2f476e537a542f-CDTyhA

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URLs / Domains

    userdomainname IN (“kj507o.ikkgv.ru” , “login.cw1.ir” , “cyyfy.itonadalat.ru” , “9mYtT.ntypenti.com” ) or url IN (“https://kj507o.ikkgv.ru/KkYNOJxe” , “https://login.cw1.ir/” , “https://cyyfy.itonadalat.ru/3356k74yj/” , “https://9mYtT.ntypenti.com/404.php?3-68747470733a2f2f3246784a2e6c65636970686f6d2e636f6d2f476e537a542f-CDTyhA”)

    Reference:

    https://blog.talosintelligence.com/hidden-between-the-tags-insights-into-evasion-techniques-in-html-smuggling/

     

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.