Поддельная веб-версия Telegram на службе у фишеров
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Javascript - T1059.007 Phishing - T1660 Phishing - T1566
Show in Graph
Common Information
Type Value
UUID afee2ca3-2485-4b72-8f05-b7b7c8a9bd8d
Fingerprint ccdf62fb5a520657
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 21, 2023, 4 p.m.
Added to db Feb. 21, 2023, 2:53 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline Поддельная веб-версия Telegram на службе у фишеров
Title Поддельная веб-версия Telegram на службе у фишеров
Detected Hints/Tags/Attributes 10/2/12
Source URLs
Redirection Url
Details Source https://securelist.ru/phishing-fake-telegram/106819/
URL Provider
Details Provider Source level domain
Details securelist.ru securelist.ru
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 224 Securelist https://securelist.ru/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1373 
twitter.com
Details Domain 1 
konkurs-golos.ltd
Details Domain 4 
web.telegram.org
Details Domain 1 
cyberusa.tech
Details Domain 1 
cyberusa.ltd
Details Domain 1 
vote-2023.ltd
Details Domain 1 
vote-telegram.com
Details Domain 1 
teleqram.net
Details Domain 1 
golos-2023.online
Details Url 1 
https://twitter.com/mkbodanu4/status/1612948484679962626
Details Url 1 
https://konkurs-golos.ltd/?hash=w85fvyprqn_0
Details Yara rule 1 
rule phishing_Telegram_post_query {
	meta:
		description = "Rule to detect Telegram phishing JavaScript file"
		author = "Kaspersky"
		copyright = "Kaspersky"
		distribution = "DISTRIBUTION IS FORBIDDEN. DO NOT UPLOAD TO ANY MULTISCANNER OR SHARE ON ANY THREAT INTEL PLATFORM"
		version = "1.0"
		last_modified = "2023-01-23"
	strings:
		$str1 = "https://dohphqnvcbxuhrtl"
		$str2 = "/sendData"
		$str3 = "https://recovery."
		$str4 = "domen"
	condition:
		all of ($str*)
}