CTI Project: Threats Leveraging Legitimate Services
Tags
cmtmf-attack-pattern: Masquerading
country: China Iran Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Cdns - T1596.004 Cloud Services - T1021.007 Dynamic Dns - T1311 Dynamic Dns - T1333 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Social Media - T1593.001 Tool - T1588.002 Whois - T1596.002 Masquerading - T1036 Masquerading
Show in Graph
Common Information
Type Value
UUID ea1bc3a0-b8cf-40ec-939c-fc82b2b378f0
Fingerprint a5288db9a91e0fe1
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 20, 2021, 11:05 a.m.
Added to db June 5, 2023, 10:11 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline @BushidoToken Threat Intel
Title CTI Project: Threats Leveraging Legitimate Services
Detected Hints/Tags/Attributes 119/4/17
Source URLs
Redirection Url
Details Source https://blog.bushidotoken.net/2021/11/leveraging-legitimate-services-for.html
URL Provider
Details Provider Source level domain
Details bushidotoken.net blog.bushidotoken.net
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 24 @BushidoToken Threat Intel https://blog.bushidotoken.net/feeds/posts/default?alt=rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 140 
archive.org
Details Domain 2 
hostingerapp.com
Details Domain 1 
clickfunnels.com
Details Domain 1 
larksuite.com
Details Domain 194 
drive.google.com
Details Domain 1 
azuredge.net
Details Domain 3 
cdn.shopify.com
Details Domain 8 
hastebin.com
Details Domain 3 
send.firefox.com
Details Domain 2 
files.slack.com
Details Domain 112 
cdn.discordapp.com
Details Domain 2 
api.dropboxdapi.com
Details Domain 9 
ws.onehub.com
Details Domain 4 
screenconnect.com
Details Threat Actor Identifier - APT 166 
APT31
Details Threat Actor Identifier - APT 665 
APT29
Details Threat Actor Identifier - FIN 377 
FIN7