SF-Express SMS Phishing and Real Case Analysis

Real Case Analysis

We often receive SMS that tell us there are some issues about the delivery from SF-Express.

sms received
back to index page

Quick Analysis

We start with basic analysis, view source … Since it stuck for a few moments in wait.html, we take look in the HTML source.

/indexa, nothing interesting
OpenSSH 7.4
Pure-FTPd
haha, https also works
port 888 nothing
port 8888, no ideas yet

Recommendations

The SMS phishing this time is more like a common for the public, not really a spear-phishing type.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
VXRL

VXRL

VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community. https://www.vxrl.hk