ioc[.]one - OSINT Cyber Threat Intelligence Database

A “strange font” Smishing that changes behaviour based on User-Agent, and abuses Duck DNS

Tags

country:	Japan Laos
maec-delivery-vectors:	Watering Hole
attack-pattern:	Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Whois - T1596.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	40e3604f-3072-4f48-9ffe-32f009277585
Fingerprint	a20181c14bea76cc
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 23, 2023, 6:18 p.m.
Added to db	Jan. 23, 2023, 7:58 p.m.
Last updated	Nov. 17, 2024, 12:55 p.m.
Headline	A “strange font” Smishing that changes behaviour based on User-Agent, and abuses Duck DNS
Title	A “strange font” Smishing that changes behaviour based on User-Agent, and abuses Duck DNS
Detected Hints/Tags/Attributes	34/3/25

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@LambdaMamba/a-strange-font-smishing-that-changes-behaviour-based-on-user-agent-and-abuses-duck-dns-1c1a45863ff7?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	8t9z.uyhic.com
Details	Domain	5	vnd.android
Details	Domain	1	twnispwfis.duckdns.org
Details	Domain	29	duckdns.org
Details	Domain	1	tmsbqrgbqs.duckdns.org
Details	Domain	1	wydxfaucvt.duckdns.org
Details	Domain	1	fakemail.com
Details	Domain	1	uyhic.com
Details	Domain	53	godaddy.com
Details	Domain	7	whois.godaddy.com
Details	Domain	14	www.godaddy.com
Details	Domain	4	domainsbyproxy.com
Details	Domain	21	www.iana.org
Details	Domain	3	whois.gandi.net
Details	Domain	4	www.gandi.net
Details	Email	1	api/sampledata/login/aaaa@fakemail.com
Details	File	8	chrome.apk
Details	md5	1	a108d0094d304d7ba51b8d4648318aa4
Details	IPv4	3	109.0.0.0
Details	IPv4	3	103.80.134.41
Details	IPv4	1	91.204.227.86
Details	Url	5	https://www.godaddy.com
Details	Url	5	http://www.iana.org
Details	Url	1	http://whois.gandi.net
Details	Url	4	http://www.gandi.net