ioc[.]one - OSINT Cyber Threat Intelligence Database

Targeting websites with Password Reset Poisoning

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	b4c5c0b2-9eae-4f80-996a-d072020cb51b
Fingerprint	2f109a81d5657ee5
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 20, 2018, 12:55 p.m.
Added to db	Jan. 18, 2023, 10:50 p.m.
Last updated	Nov. 17, 2024, 5:56 p.m.
Headline	Targeting websites with Password Reset Poisoning
Title	Targeting websites with Password Reset Poisoning
Detected Hints/Tags/Attributes	31/2/12

Source URLs

	Redirection	Url
Details	Source	https://www.blackmoreops.com/2018/11/20/targeting-websites-with-password-reset-poisoning/

URL Provider

Details	Provider	Source level domain
Details	blackmoreops.com	www.blackmoreops.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	831		example.com
Details	Domain	11		bar.com
Details	Domain	3		evilhost.com
Details	Domain	45		company.com
Details	Email	2		example.com/reset.php?email=foo@bar.com
Details	Email	1		target@company.com
Details	File	6		reset.php
Details	File	3		reset-password.php
Details	File	68		config.ini
Details	Url	2		https://example.com/reset.php?email=foo@bar.com
Details	Url	2		https://example.com/reset.php
Details	Url	2		https://evilhost.com/reset-password.php?token=12345678