ioc[.]one - OSINT Cyber Threat Intelligence Database

Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond | Wiz Blog

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	443bfd92-a3b9-494c-b0b3-718fecff441d
Fingerprint	b0008fd92818ffc4
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 7, 2024, 12:09 p.m.
Added to db	Nov. 7, 2024, 6:48 p.m.
Last updated	Nov. 17, 2024, 2:49 p.m.
Headline	Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond
Title	Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond \| Wiz Blog
Detected Hints/Tags/Attributes	87/2/37

Source URLs

	Redirection	Url
Details	Source	https://www.wiz.io/blog/unmasking-phishing-strategies-for-identifying-0ktapus-domains

URL Provider

Details	Provider	Source level domain
Details	wiz.io	www.wiz.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	398	✔	Wiz Blog \| RSS feed	https://www.wiz.io/blog/rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	bt.com
Details	Domain	3	revolut-ticket.com
Details	Domain	12	okta.com
Details	Domain	1	gemini-sso.com
Details	Domain	2	att-mfa.com
Details	Domain	1	dashboard-mailgun.com
Details	Domain	1	mgmresorts-okta.com
Details	Domain	1	calendar-dd.com
Details	Domain	3	t-mobile-okta.com
Details	Domain	1	intercom-okta.com
Details	Domain	1	klav-workday.com
Details	Domain	1	rejectauth-sendgrid.com
Details	Domain	1	nike-support.com
Details	Domain	1	nike.okta.com
Details	Domain	1	doordash.okta.com
Details	Domain	1	uscellular.com
Details	Domain	317	bit.ly
Details	Domain	2	mailgun-okta.com
Details	Domain	1	ns3.my-ndns.com
Details	Domain	7	registrar.eu
Details	Email	1	someone@bt.com
Details	File	218	min.js
Details	File	2	factor.html
Details	File	1	tofactor.php
Details	File	207	login.php
Details	File	1	authorization.php
Details	File	11	common.php
Details	File	4	iframe.html
Details	File	1	fs0j3qtrrcydqtzyw0x7.png
Details	File	44	logo.png
Details	sha256	1	fb1d07ab6c54c7380a93a507b48bc5ba0aee77ca32b7d4c57c38f007857a6fd1
Details	sha256	1	95a0eca17ee49bebb333bbb1c96ab54ed361c2f233b2adf8c4374814c633a53b
Details	sha256	1	69b575025bd763e58fcb95035b9b6e358f43737d91e01ebdaa19934e0206a966
Details	sha256	1	98ca25eef00efcafee4f9cb07908776d0ad976296a5e6eb07a724c31ae4bfc61
Details	Mandiant Uncategorized Groups	111	UNC3944
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	6	Storm-0875
Details	Url	1	https://n[redacted].okta.com