{"id":1118,"date":"2020-03-24T12:44:52","date_gmt":"2020-03-24T12:44:52","guid":{"rendered":"https:\/\/wp.uthscsa.edu\/phishbowl\/?p=1118"},"modified":"2020-03-26T13:07:41","modified_gmt":"2020-03-26T13:07:41","slug":"covid-19-phishing-sample-3-email-from-the-general-director-of-the-world-health-organization-who","status":"publish","type":"post","link":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/","title":{"rendered":"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update"},"content":{"rendered":"<p>This email instructs recipients to open an attachment for the purpose of receiving updated instructions on how to fight the coronavirus. This attachment was an archive that, when opened, revealed \u201c<em><strong>Coronavirus Disease (Covid-19) CURE.exe.<\/strong><\/em>\u201d When run, this executable loaded HawkEye, a keylogger which is capable of intercepting keystrokes, stealing credentials, taking screenshots, and exfiltrating its stolen data.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1119\" src=\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg\" alt=\"\" width=\"876\" height=\"916\" srcset=\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg 876w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam-286x300.jpg 286w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam-979x1024.jpg 979w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam-768x803.jpg 768w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam-1468x1536.jpg 1468w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam-1958x2048.jpg 1958w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam-640x669.jpg 640w\" sizes=\"auto, (max-width: 876px) 100vw, 876px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><em>Source: https:\/\/www.tripwire.com\/state-of-security\/security-awareness\/covid-19-scam-roundup-week-of-3-16-20\/<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This email instructs recipients to open an attachment for the purpose of receiving updated instructions on how to fight the coronavirus. This attachment was an archive that, when opened, revealed \u201cCoronavirus Disease (Covid-19) CURE.exe.\u201d When run, this executable loaded HawkEye, a keylogger which is capable of intercepting keystrokes, stealing credentials, taking screenshots, and exfiltrating its [&hellip;]<\/p>\n","protected":false},"author":129,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1118","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update - Phish Bowl<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update - Phish Bowl\" \/>\n<meta property=\"og:description\" content=\"This email instructs recipients to open an attachment for the purpose of receiving updated instructions on how to fight the coronavirus. This attachment was an archive that, when opened, revealed \u201cCoronavirus Disease (Covid-19) CURE.exe.\u201d When run, this executable loaded HawkEye, a keylogger which is capable of intercepting keystrokes, stealing credentials, taking screenshots, and exfiltrating its [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/\" \/>\n<meta property=\"og:site_name\" content=\"Phish Bowl\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-24T12:44:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-03-26T13:07:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg\" \/>\n<meta name=\"author\" content=\"Angelife\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Angelife\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/\"},\"author\":{\"name\":\"Angelife\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#\\\/schema\\\/person\\\/df57e6fce16df9d3809393048b4241f6\"},\"headline\":\"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update\",\"datePublished\":\"2020-03-24T12:44:52+00:00\",\"dateModified\":\"2020-03-26T13:07:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/\"},\"wordCount\":82,\"image\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2020\\\/03\\\/WHOscam.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/\",\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/\",\"name\":\"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update - Phish Bowl\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2020\\\/03\\\/WHOscam.jpg\",\"datePublished\":\"2020-03-24T12:44:52+00:00\",\"dateModified\":\"2020-03-26T13:07:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#\\\/schema\\\/person\\\/df57e6fce16df9d3809393048b4241f6\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2020\\\/03\\\/WHOscam.jpg\",\"contentUrl\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2020\\\/03\\\/WHOscam.jpg\",\"width\":876,\"height\":916},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1118\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#website\",\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/\",\"name\":\"Phish Bowl\",\"description\":\"Phish Bowl\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#\\\/schema\\\/person\\\/df57e6fce16df9d3809393048b4241f6\",\"name\":\"Angelife\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8f094af2201123141fe30fded4c74da356b5ca0995c1c698a79f112755d07560?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8f094af2201123141fe30fded4c74da356b5ca0995c1c698a79f112755d07560?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8f094af2201123141fe30fded4c74da356b5ca0995c1c698a79f112755d07560?s=96&d=mm&r=g\",\"caption\":\"Angelife\"},\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/author\\\/pardoa\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update - Phish Bowl","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/","og_locale":"en_US","og_type":"article","og_title":"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update - Phish Bowl","og_description":"This email instructs recipients to open an attachment for the purpose of receiving updated instructions on how to fight the coronavirus. This attachment was an archive that, when opened, revealed \u201cCoronavirus Disease (Covid-19) CURE.exe.\u201d When run, this executable loaded HawkEye, a keylogger which is capable of intercepting keystrokes, stealing credentials, taking screenshots, and exfiltrating its [&hellip;]","og_url":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/","og_site_name":"Phish Bowl","article_published_time":"2020-03-24T12:44:52+00:00","article_modified_time":"2020-03-26T13:07:41+00:00","og_image":[{"url":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg","type":"","width":"","height":""}],"author":"Angelife","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Angelife"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#article","isPartOf":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/"},"author":{"name":"Angelife","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#\/schema\/person\/df57e6fce16df9d3809393048b4241f6"},"headline":"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update","datePublished":"2020-03-24T12:44:52+00:00","dateModified":"2020-03-26T13:07:41+00:00","mainEntityOfPage":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/"},"wordCount":82,"image":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#primaryimage"},"thumbnailUrl":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/","url":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/","name":"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update - Phish Bowl","isPartOf":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#primaryimage"},"image":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#primaryimage"},"thumbnailUrl":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg","datePublished":"2020-03-24T12:44:52+00:00","dateModified":"2020-03-26T13:07:41+00:00","author":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#\/schema\/person\/df57e6fce16df9d3809393048b4241f6"},"breadcrumb":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#primaryimage","url":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg","contentUrl":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2020\/03\/WHOscam.jpg","width":876,"height":916},{"@type":"BreadcrumbList","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1118\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wp.uthscsa.edu\/phishbowl\/"},{"@type":"ListItem","position":2,"name":"COVID-19 Phishing Sample #4: Coronavirus disease (COVID-19) outbreak prevention and cure update"}]},{"@type":"WebSite","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#website","url":"https:\/\/wp.uthscsa.edu\/phishbowl\/","name":"Phish Bowl","description":"Phish Bowl","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wp.uthscsa.edu\/phishbowl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#\/schema\/person\/df57e6fce16df9d3809393048b4241f6","name":"Angelife","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/8f094af2201123141fe30fded4c74da356b5ca0995c1c698a79f112755d07560?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/8f094af2201123141fe30fded4c74da356b5ca0995c1c698a79f112755d07560?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8f094af2201123141fe30fded4c74da356b5ca0995c1c698a79f112755d07560?s=96&d=mm&r=g","caption":"Angelife"},"url":"https:\/\/wp.uthscsa.edu\/phishbowl\/author\/pardoa\/"}]}},"_links":{"self":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/posts\/1118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/users\/129"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/comments?post=1118"}],"version-history":[{"count":0,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/posts\/1118\/revisions"}],"wp:attachment":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/media?parent=1118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/categories?post=1118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/tags?post=1118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}