Real world polymorphism
Polymorphism is easy to achieve via simple programmatic
logic in phishing kits. By using templates and wordlists,
actors are able to quickly generate similar, but slightly
different emails en masse. The predominant advanced
actors in the phishing landscape, however, have figured
out an even better method for creating unique emails.
Emotet, QakBot, and others have been using stolen
emails at a massive scale for some time now. Beyond
having unique subjects, their typical phishing emails will
have unique bodies, constantly changing payload hashes,
and payload URL’s.
Please fill all the required * fields.