Fake Microsoft Teams website used to download IcedID malware

🌐​ mlcrosofteams[.]top
⬇️​ Downloads .zip containing .msi

#IcedID C2: whothitheka[.]com

This is likely being distributed by #malvertising but I wasn't able to capture the advertisement

193.222.62[.]37 is also hosting fake IRS & Royal mail websites
🏦​ irs-forms[.]top
🏦​ royalmail.orders-info[.]uk

🔗https://www.virustotal.com/gui/file/8ed2026fd98d54f9ad85d721223b60bd8b6c1362faeb4c24492d2bb63a7c357b/details
🔗https://urlscan.io/result/a0e5de3e-75ea-46f4-8340-0ab09c440850/
🔗https://urlscan.io/ip/193.222.62.37

#CTI #threatintelligence #ThreatIntel #Malware