Compromised Microsoft Dynamic 365 Customer Voice account used for Phishing attack - Cofense
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Credentials - T1589.001 Phishing - T1660 Phishing - T1566 |
Common Information
Type | Value |
---|---|
UUID | 31d3e310-8b1e-4c0c-98b4-89f3967ca840 |
Fingerprint | 2e188cdb398bbec5 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Aug. 24, 2022, 2 p.m. |
Added to db | Jan. 16, 2023, 3:56 p.m. |
Last updated | Oct. 15, 2024, 5:41 p.m. |
Headline | Compromised Microsoft Dynamic 365 Customer Voice account used for Phishing attack |
Title | Compromised Microsoft Dynamic 365 Customer Voice account used for Phishing attack - Cofense |
Detected Hints/Tags/Attributes | 29/2/19 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 2 | ncv.microsoft.com |
|
Details | Domain | 1 | grass-5595.fo4ih28x.workers.dev |
|
Details | Domain | 1 | customervoice.microsoft.com |
|
Details | Domain | 1 | jaqeuhyimhbi.diskstation.org |
|
Details | File | 3 | responsepage.aspx |
|
Details | File | 1 | libscoreassets.php |
|
Details | IPv4 | 2 | 13.107.213.40 |
|
Details | IPv4 | 2 | 13.107.246.40 |
|
Details | IPv4 | 1 | 172.67.223.76 |
|
Details | IPv4 | 1 | 104.21.86.177 |
|
Details | IPv4 | 1 | 13.107.246.69 |
|
Details | IPv4 | 2 | 13.107.246.70 |
|
Details | IPv4 | 1 | 13.107.227.40 |
|
Details | IPv4 | 1 | 13.107.219.40 |
|
Details | IPv4 | 1 | 13.107.213.51 |
|
Details | IPv4 | 1 | 13.107.213.70 |
|
Details | IPv4 | 1 | 13.107.246.57 |
|
Details | IPv4 | 2 | 13.107.246.18 |
|
Details | IPv4 | 1 | 103.187.146.165 |