Over the last several days we have been reporting to other threat intelligence providers and partners that YUMPU domain that has been seen sending massive amounts of phishing and malware links. We thought we would sound the alarm publicly.
All Jigsaw Security protected customers have had this data for awhile now and all traffic to this domain has been sinkholed. Additional information is available in the JIgsaw Threat Intelligence and Jigsaw Intel Platform for review.
What is interesting is the eFax thesem but when hovering over the link it shows a docusign link that actually forwards to the yumpu domain. Be safe out there.
IOCS:
yumpu[.]com
yumpu[.]com/xx/document/view/xxxxxxxx/e-fax-document-received
The x's are usually a random string of numbers 8 digits in length.
Comments