Corralling SCATTERED SPIDER with DNS History | Validin
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 4dacfc4e-64a0-41a0-80df-ea51b0203906 |
| Fingerprint | 33888f9be62a57e0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 16, 2024, midnight |
| Added to db | Nov. 19, 2024, 3:46 p.m. |
| Last updated | Dec. 9, 2024, 5:01 a.m. |
| Headline | Corralling SCATTERED SPIDER with DNS History |
| Title | Corralling SCATTERED SPIDER with DNS History | Validin |
| Detected Hints/Tags/Attributes | 26/2/20 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.validin.com/blog/coralling-scattered-spider-with-dns-history/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | okta-247.com |
|
| Details | Domain | 1 | 247-inc.okta-247.com |
|
| Details | Domain | 1 | login.okta-247.com |
|
| Details | Domain | 1 | servicenow-hrblock.com |
|
| Details | Domain | 1 | login.servicenow-hrblock.com |
|
| Details | Domain | 1 | account.servicenow-hrblock.com |
|
| Details | Domain | 1 | freshworks-hr.com |
|
| Details | Domain | 1 | login.freshworks-hr.com |
|
| Details | Domain | 1 | account.freshworks-hr.com |
|
| Details | Domain | 2 | pfchangs-support.com |
|
| Details | Domain | 1 | login.pfchangs-support.com |
|
| Details | Domain | 1 | account.pfchangs-support.com |
|
| Details | Domain | 2 | expediagroup-servicenow.com |
|
| Details | IPv4 | 2 | 137.220.43.146 |
|
| Details | IPv4 | 1 | 45.77.92.214 |
|
| Details | IPv4 | 1 | 143.198.116.59 |
|
| Details | IPv4 | 1 | 45.32.171.19 |
|
| Details | IPv4 | 2 | 64.176.214.51 |
|
| Details | IPv4 | 1 | 159.65.72.54 |
|
| Details | IPv4 | 1 | 45.76.233.211 |