ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Tags

country:	Brazil China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Javascript - T1059.007 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	9c6e32c0-0560-4beb-8fa4-ca62cebc0ba1
Fingerprint	244309d01f06f44b
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 9, 2023, midnight
Added to db	Nov. 19, 2023, 10:06 p.m.
Last updated	Nov. 17, 2024, 12:59 p.m.
Headline	Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
Title	Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
Detected Hints/Tags/Attributes	42/3/7

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html?&web_view=true
Details	Source	https://www.trendmicro.com/en_hk/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_ca/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_nl/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_th/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_ae/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_se/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_be/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_no/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_id/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_ph/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_gb/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_dk/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
Details	Source	https://www.trendmicro.com/en_fi/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		dracoon.team
Details	Domain	61		login.microsoftonline.com
Details	File	2		myscr759609.js
Details	File	674		node.js
Details	IPv4	2		212.83.170.137
Details	Url	2		https://dracoon.team/public/download-shares/rjqetkkzebun7rb6owwi3kpcpz3rrupa
Details	Url	2		https://login.microsoftonline.com/.