Open Directory Exposes Phishing Campaign Targeting Google & Naver Credentials
Tags
| cmtmf-attack-pattern: | Data Manipulation |
| country: | North Korea Japan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Data Manipulation - T1641 Data Manipulation - T1565 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | be759ed6-ec6a-4154-a215-16500db3f28b |
| Fingerprint | 3a04ac9942ab4381 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 3, 2024, midnight |
| Added to db | Oct. 9, 2024, 8:28 p.m. |
| Last updated | Nov. 17, 2024, 9:42 p.m. |
| Headline | Open Directory Exposes Phishing Campaign Targeting Google & Naver Credentials |
| Title | Open Directory Exposes Phishing Campaign Targeting Google & Naver Credentials |
| Detected Hints/Tags/Attributes | 70/4/55 |
Source URLs
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | hunt.io | hunt.io |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | binace.homes |
|
| Details | Domain | 1 | masnail.shop |
|
| Details | Domain | 1 | ilk.gduser.eu |
|
| Details | Domain | 1 | gduser.eu |
|
| Details | Domain | 1 | stuff.ilk.gduser.eu |
|
| Details | Domain | 1 | stuff.gduser.eu |
|
| Details | Domain | 1 | user.eu |
|
| Details | Domain | 1 | gcuser.eu |
|
| Details | Domain | 1 | geuser.eu |
|
| Details | Domain | 1 | ghuser.eu |
|
| Details | Domain | 1 | giuser.eu |
|
| Details | Domain | 1 | gjuser.eu |
|
| Details | Domain | 2 | guser.eu |
|
| Details | Domain | 1 | gser.eu |
|
| Details | Domain | 1 | account.binace.homes |
|
| Details | Domain | 1 | support.binace.homes |
|
| Details | Domain | 1 | kidsmanagement-pa.client6.binace.homes |
|
| Details | Domain | 1 | goto2corp.binace.homes |
|
| Details | Domain | 1 | workspace.binace.homes |
|
| Details | Domain | 1 | mil.masnail.shop |
|
| Details | Domain | 1 | kortiosdfp.lol |
|
| Details | Domain | 1 | mmori.lol |
|
| Details | Domain | 1 | hogmasil.lol |
|
| Details | Domain | 1 | jandfolg.lol |
|
| Details | Domain | 2 | naverscorp.shop |
|
| Details | Domain | 1 | ncallserveiqnxme.store |
|
| Details | Domain | 1 | navincteam.shop |
|
| Details | Domain | 1 | nid.navincteam.shop |
|
| Details | Domain | 1 | wwwcorpid.navincteam.shop |
|
| Details | Domain | 1 | policy.navincteam.shop |
|
| Details | Domain | 1 | wwwid.navincteam.shop |
|
| Details | Domain | 1 | ccid.navincteam.shop |
|
| Details | Domain | 1 | soundcaptchanidid.navincteam.shop |
|
| Details | Domain | 57 | hunt.io |
|
| Details | File | 1 | sub.php |
|
| Details | File | 1205 | index.php |
|
| Details | File | 1 | user0.bin |
|
| Details | File | 1 | gattach.html |
|
| Details | File | 1 | nattach.html |
|
| Details | File | 9 | click.php |
|
| Details | File | 4 | account.bin |
|
| Details | File | 1 | support.bin |
|
| Details | File | 1 | client6.bin |
|
| Details | File | 1 | goto2corp.bin |
|
| Details | File | 1 | workspace.bin |
|
| Details | sha1 | 1 | 57cb8dca59c6fd0aab69c052c93fcece4fc3d0ff |
|
| Details | sha1 | 1 | d8591a62916984952383b789e8ab2697f4642c63 |
|
| Details | IPv4 | 1 | 123.76.96.130 |
|
| Details | IPv4 | 1 | 45.195.69.28 |
|
| Details | IPv4 | 3 | 27.255.75.158 |
|
| Details | Threat Actor Identifier - APT | 115 | APT43 |
|
| Details | Url | 1 | http://stuff.ilk.gduser.eu/bad-page |
|
| Details | Url | 1 | http://stuff.gduser.eu/gmail/gduser.eu/index.php? |
|
| Details | Url | 1 | https://binace.homes/middle/attach/phishingurl |
|
| Details | Url | 1 | https://ip_or_domain/midde/attach/click.php?id=[characters]&recid=gl |