解析者: Michael Angelo Casayuran

We recently came across mail samples that appear to be a DocuSign Notification from AT&T. It informs recipients to download and sign a supposedly document via the provided link in the email message. Once unsuspecting users click the URL, they will be redirected to a bogus website specifically crafted to look like a legitimate docusign portal. The fake website shows that the file that will be downloaded has a .PDF extension. In actual, the downloaded file is a .ZIP file, which contains an executable file detected as