TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks | Proofpoint US
Tags
| country: | Spain Mexico |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 |
Common Information
| Type | Value |
|---|---|
| UUID | cce93479-c6d1-4bb3-9f3a-4fe2ca2b4ac8 |
| Fingerprint | a457ce1a03233ac5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 29, 2020, 7:54 p.m. |
| Added to db | Sept. 11, 2022, 12:36 p.m. |
| Last updated | Nov. 17, 2024, 12:58 p.m. |
| Headline | TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks |
| Title | TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks | Proofpoint US |
| Detected Hints/Tags/Attributes | 36/3/51 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 61 | login.microsoftonline.com |
|
| Details | Domain | 1 | akglass.in |
|
| Details | Domain | 1 | www-registros-apps-mx.e18220.com |
|
| Details | Domain | 12 | user.read |
|
| Details | Domain | 5 | contacts.read |
|
| Details | Domain | 5 | people.read |
|
| Details | Domain | 1 | app452-sat-mx.i3720.xyz |
|
| Details | Domain | 1 | www-registros-appsmx-sat.x030720.xyz |
|
| Details | Domain | 17 | mail.read |
|
| Details | Domain | 1 | 485online.rs10720.xyz |
|
| Details | Domain | 1 | www-netfflix-registros.i10720.xyz |
|
| Details | Domain | 1 | printstockphoto.com |
|
| Details | Domain | 1 | apps-registros-mx.is15720.xyz |
|
| Details | Domain | 1 | casperinfosystem.com |
|
| Details | Domain | 1 | ultimatetravel.in |
|
| Details | Domain | 1 | nivedafoundation.org |
|
| Details | Domain | 1 | calyss.in |
|
| Details | Domain | 1 | mucla.in |
|
| Details | Domain | 1 | i3720.xyz |
|
| Details | Domain | 1 | rs10720.xyz |
|
| Details | Domain | 1 | photobalkan.com |
|
| Details | Domain | 1 | ccgdm.org |
|
| Details | Domain | 1 | al-thawiya.com |
|
| Details | Domain | 1 | dev.tvs.st |
|
| Details | Domain | 1 | x030720.xyz |
|
| Details | Domain | 1 | e10220.com |
|
| Details | Domain | 1 | xs1920.xyz |
|
| Details | Domain | 1 | i10720.xyz |
|
| Details | Domain | 1 | e1920.xyz |
|
| Details | Domain | 1 | is15720.xyz |
|
| Details | Domain | 1 | e29120.com |
|
| Details | Domain | 1 | rr020920.xyz |
|
| Details | Domain | 1 | e180320.xyz |
|
| Details | Domain | 1 | e18220.com |
|
| Details | Domain | 1 | i5320.xyz |
|
| Details | Domain | 1 | r25820.xyz |
|
| Details | Domain | 1 | ex171019.com |
|
| Details | Domain | 1 | 16720s.xyz |
|
| Details | File | 17 | redirect.php |
|
| Details | File | 1 | autoriza.php |
|
| Details | File | 1 | 983.php |
|
| Details | File | 3 | redirect.html |
|
| Details | File | 24 | auth.php |
|
| Details | Url | 1 | http://akglass.in/menu/redirect.php |
|
| Details | Url | 1 | https://www-registros-apps-mx.e18220.com/1/autoriza.php |
|
| Details | Url | 1 | https://app452-sat-mx.i3720.xyz/leap/983.php |
|
| Details | Url | 1 | https://www-registros-appsmx-sat.x030720.xyz/regs/autoriza.php |
|
| Details | Url | 1 | https://485online.rs10720.xyz/xpsy |
|
| Details | Url | 1 | https://www-netfflix-registros.i10720.xyz/regs/autoriza.php |
|
| Details | Url | 1 | https://printstockphoto.com/img/01/redirect.html |
|
| Details | Url | 1 | https://apps-registros-mx.is15720.xyz/1/auth.php |