My name is Jude, Iβm a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using OSINT investigation and Dark Web Monitoring. One of the tools I use most is SpiderFoot, because it allows us to integrate a number of sources into one easy platform to work from and protect clients from vulnerabilities and data exposure on the web.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώββββο»Ώββο»Ώββββο»Ώββββββββο»Ώββο»Ώββο»Ώβββο»Ώβββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώββο»Ώββββββββββββββββββο»Ώβββο»Ώβββββββο»Ώβββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώββββο»Ώββο»Ώββββο»Ώββββββββο»Ώββο»Ώββο»Ώβββο»Ώβββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώββο»Ώββββββββββββββββββο»Ώβββο»Ώβββββββο»Ώβββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
In the world of cyber security, a lot of money, time and resources are put towards preventing what could arguably be described as the inevitable β compromise. Businesses manage risk, and part of that risk includes what happens when the company is inevitably breached by a malicious actor. In my line of work, this is often where I come in to engage in the DFIR (Digital Forensics & Incident Response) process.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώβο»Ώβββο»Ώββββββββββο»Ώββββο»Ώβο»Ώββββο»Ώββββο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώββββο»Ώββο»Ώββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώβο»Ώβββο»Ώββββββββββο»Ώββββο»Ώβο»Ώββββο»Ώββββο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώββββο»Ώββο»Ώββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Malicious actors spend a lot of time attempting to gain access to an environment, and this is often what analysts and engineers working in a SOC or security team spend a lot of time trying to detect, but it doesnβt always work. Humans are inherently flawed, and social engineering attacks, such as phishing, often lead to Business Email Compromise (BEC).βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβο»Ώβο»Ώβββββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββββββββββο»Ώββββββββββο»Ώβββββββο»Ώβββο»Ώβββββββββββββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβο»Ώβο»Ώβββββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββββββββββο»Ώββββββββββο»Ώβββββββο»Ώβββο»Ώβββββββββββββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
OSINT can be used in DFIR engagements to learn more about the malicious actor and whoβs βbehind the screenβ. In many cases this isnβt exactly a fruitful exercise, or one thatβs necessary, but key stakeholders often want to know more about this to determine the full timeline and establish motive. Understanding more about the actor might also provide insight into potential future attacks, or support in correlating two seemingly unrelated attacks. Unfortunately, learning more about the attacker and even their identity does not often lead to any kind of legal repercussions for them, but nonetheless in this guide I will delve into how I use OSINT to learn more about the adversary.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβββο»Ώβο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββο»Ώβββββββββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββββο»Ώβββο»Ώβββο»Ώββββββββββο»Ώββββββββββο»Ώβο»Ώβββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβββο»Ώβο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββο»Ώβββββββββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββββο»Ώβββο»Ώβββο»Ώββββββββββο»Ώββββββββββο»Ώβο»Ώβββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
A number of months ago, I dealt with an incident involving a malicious actor gaining access to the environment via a userβs account. Iβll skip the details on this, but they were able to use social engineering to gain access and began the usual activity youβd expect with a BEC (Business Email Compromise) incident β inbox rules to redirect responses to their scams, collecting email data, etc. At this stage the IOCs I had to work with were the logins from this adversary, and some information from the phishing emails they had sent out.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβββββββββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββο»Ώββββο»Ώβο»Ώβββο»Ώβο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώβββββββββββββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβββββββββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββο»Ώββββο»Ώβο»Ώβββο»Ώβο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώβββββββββββββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
I ran a preliminary scan in SpiderFoot HX on these indicators in order to learn a bit more about this adversary. They were using IPs on anonymous infrastructure for the most part, but these malicious actors are human, and humans make mistakes.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώββββο»Ώο»Ώββββββββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώββββββββββο»Ώββββο»Ώβββββββββββββββο»Ώββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώββββο»Ώο»Ώββββββββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώββββββββββο»Ώββββο»Ώβββββββββββββββο»Ώββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
The initial scan ran with just the IPs I found from logon events. Iβll go into detail on the phishing artifacts a little later, but letβs look at what we have so far:βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώββββββββββββββο»Ώβββο»Ώβββο»Ώββββββββββββο»Ώβββο»Ώβββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώββββββο»Ώββββββββββββββββββο»Ώββββο»Ώο»Ώββββββο»Ώββο»Ώβο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώββββββββββββββο»Ώβββο»Ώβββο»Ώββββββββββββο»Ώβββο»Ώβββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώββββββο»Ώββββββββββββββββββο»Ώββββο»Ώο»Ώββββββο»Ώββο»Ώβο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Most of the IPs were VPNs, particularly free or βno log policyβ VPNs which is to be expected from a malicious activity β the main goal is anonymity with crime, I suppose. However, as suspected, the attacker didnβt use a VPN in a couple of instances seemingly by accident, and we can see logins from a mobile IP in their source country. These IPs have no anonymous infrastructure, are local mobile telecommunications companies, and would likely be the userβs location:βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώβββββββο»Ώβββββο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώβο»Ώβββββββββββββο»Ώββββββο»Ώββο»Ώβββββο»Ώββο»Ώο»Ώβββο»Ώββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώβββββββο»Ώβββββο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώβο»Ώβββββββββββββο»Ώββββββο»Ώββο»Ώβββββο»Ώββο»Ώο»Ώβββο»Ώββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
The scan found a number of interesting services on the same subnet as these IPs, including open remote desktop ports, but unfortunately not from the IPs weβve provided, but the number of malicious detections and services weβve seen indicate that either this adversary, or a number of adversaries are operating from this network.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββββββββο»Ώβββο»Ώβο»Ώββββο»Ώββββββο»Ώβββββο»Ώβββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώβο»Ώβββββο»Ώβο»Ώβββο»Ώβο»Ώβββββββο»Ώβο»Ώβο»Ώβββββο»Ώβββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββββββββο»Ώβββο»Ώβο»Ώββββο»Ώββββββο»Ώβββββο»Ώβββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώβο»Ώβββββο»Ώβο»Ώβββο»Ώβο»Ώβββββββο»Ώβο»Ώβο»Ώβββββο»Ώβββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
So what can we do with this information? In the context of DFIR, βlessons learnedβ is a key part of the process that often involves improving threat intelligence and conducting threat hunts to ensure future breaches are caught and contained. We can add these IPs to threat feeds to improve detection strategies for SIEM clients, and enable faster reaction to any future attempts to access the environment from this adversary, or potential new ones from this network. We can also pivot from these IPs and conduct threat hunts to determine if the attacker attempted access via other users, successful or otherwise, and put together a profile of who may have been initially phished. This can be further confirmed with log sources such as web, DNS, etc.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβο»Ώββο»Ώββο»Ώβββββο»Ώββο»Ώβββββββο»Ώβββο»Ώββο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώββββββββο»Ώββββο»Ώβββββο»Ώβο»Ώββο»Ώββββο»Ώββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβο»Ώββο»Ώββο»Ώβββββο»Ώββο»Ώβββββββο»Ώβββο»Ώββο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββββο»Ώββββββββο»Ώββββο»Ώβββββο»Ώβο»Ώββο»Ώββββο»Ώββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Letβs talk about the phishing page and emails. The adversary sent out a large number of pretty standard phishing emails from the compromised account once they caught onto the fact they had been made, and they consisted of a standard call to action e.g. review this file, and the notorious hyperlinked landing page.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβο»Ώβο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβο»Ώβββββββββββο»Ώβο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώββββββο»Ώββββββββββο»Ώβββββο»Ώββββββββββο»Ώβββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβο»Ώβο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβο»Ώβββββββββββο»Ώβο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώββββββο»Ώββββββββββο»Ώβββββο»Ώββββββββββο»Ώβββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Without going into detail and revealing sensitive information, the link and landing page was oddly constructed, and we determined it was designed for another company and simply repurposed for this one. One of the smarter tactics these pages use nowadays is grabbing the favicon of the domain from the target userβs email, and adding this into the webpage to make it seem more βofficialβ. This is a pretty rudimentary strategy but it works well enough for them. βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώβββββββββο»Ώβο»Ώβββββο»Ώβββββββο»Ώβββο»Ώβββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώββββο»Ώβββο»Ώο»Ώββο»Ώββο»Ώβββο»Ώβββββββββββββββββο»Ώβββο»Ώβο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώβββββββββο»Ώβο»Ώβββββο»Ώβββββββο»Ώβββο»Ώβββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώββββο»Ώβββο»Ώο»Ώββο»Ώββο»Ώβββο»Ώβββββββββββββββββο»Ώβββο»Ώβο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Running another SpiderFoot scan, this time on the domain, I discovered that this site is merely compromised, and not set up by the attacker. There are many blacklisted entities related to it now (likely thanks to many reports from a number of organizations), and most of the content on the site is legitimate, based on the services and the homepage (for their sake):βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβο»Ώββο»Ώββο»Ώβββο»Ώβββο»Ώββββο»Ώβββο»Ώββββββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώββο»Ώο»Ώββββββββββο»Ώο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώββο»Ώβββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβο»Ώββο»Ώββο»Ώβββο»Ώβββο»Ώββββο»Ώβββο»Ώββββββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώββο»Ώο»Ώββββββββββο»Ώο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώββο»Ώβββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Attempting to sandbox the phishing page at the time resulted in the target PHP files being wiped by the adversary. The page had an open directory where I could see a few other files that I decided to analyze to see if I could find the C2/exfiltration IP where the credentials were going. βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώο»Ώβο»Ώβββο»Ώβο»Ώβββββββββββο»Ώβο»Ώβο»Ώβββββββο»Ώββο»Ώββο»Ώβββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώββββο»Ώββββββββββββββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώββββο»Ώο»Ώβο»Ώβββο»Ώβο»Ώβββββββββββο»Ώβο»Ώβο»Ώβββββββο»Ώββο»Ώββο»Ώβββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώββββο»Ώββββββββββββββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
The PHP code revealed some interesting information about how it operated, but unfortunately the key files I needed including the logs and the landing page were wiped, so I sadly hit a dead end here. The last thing I did to learn a bit more about the adversary was a little unexpected:βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώβββο»Ώββββββο»Ώββββο»Ώββο»Ώο»Ώβο»Ώβββββββββο»Ώβββββββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββββββο»Ώββββο»Ώββββββββο»Ώβββββο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββββο»Ώβββο»Ώββββββο»Ώββββο»Ώββο»Ώο»Ώβο»Ώβββββββββο»Ώβββββββο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββββββο»Ώββββο»Ώββββββββο»Ώβββββο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
As part of my job, I frequent various underground hacking/scam sites, many being Russian language, and I came across someone selling 365 email leads. A short telegram conversation later, I learned that they had a number of leads that matched the client, and I realized this was the individual. Not exactly information I can work with, but it was nice to know I traced the individual to the source, and could provide better information about what this adversaryβs end goal was after they realized we were onto them.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώβββββββββββο»Ώβββββββο»Ώβββο»Ώβββο»Ώβο»Ώββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββββββββββββββο»Ώβββββο»Ώββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώβββββββββββο»Ώβββββββο»Ώβββο»Ώβββο»Ώβο»Ώββο»Ώββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββββββββββββββο»Ώβββββο»Ώββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Social engineering is one of the most common ways an organization is compromised, no matter how many systems, policies and practices we put in place to secure users. Humans make mistakes, have bad days, and fall for scams β especially when they arenβt properly trained. Training users in your organization can go a long way to preventing this kind of thing from happening, especially on spotting scams as well as implementing secure policies around access to the environment from overseas.βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβο»Ώββο»Ώββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώβο»Ώββο»Ώο»Ώββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββββββο»Ώο»Ώβββο»Ώββο»Ώβββο»Ώο»Ώβββο»Ώβββββββββο»Ώββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβο»Ώββο»Ώββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώβο»Ώββο»Ώο»Ώββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββββββο»Ώο»Ώβββο»Ώββο»Ώβββο»Ώο»Ώβββο»Ώβββββββββο»Ώββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
SpiderFoot enabled me to bring much greater context to the situation and determine the attackerβs location, and motives. While itβs not always accurate, an adversaryβs location can give you clues about the kind of person or group youβre up against. If you can track the user back to Russia, China, or perhaps North Korea, you could have a bigger, more complex attack on your hands. Lastly, finding all of these additional artifacts enables them to be put to use in threat intelligence feeds to improve future detections, and level up the threat hunting capabilities within the organization. βββββο»Ώβο»Ώββββββο»Ώο»Ώβο»Ώβββββββββο»Ώββββββο»Ώββββββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώβββββββο»Ώο»Ώββββββο»Ώββββββββββο»Ώβββββββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώββο»Ώο»Ώββββββο»Ώββο»Ώββββββββο»Ώββο»Ώββββο»Ώο»Ώβββββββββββββο»Ώββββο»Ώο»Ώββο»Ώβββο»Ώο»Ώβββββββββο»Ώο»Ώββο»Ώβββο»Ώβββββββο»Ώβο»Ώββββββο»Ώββο»Ώβββββββο»Ώββββββββο»Ώο»Ώββο»Ώββο»Ώβο»Ώβββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβο»Ώβο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβο»Ώβο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώβο»Ώβο»Ώβββββββο»Ώβο»Ώββο»Ώο»Ώβο»Ώβββββββββββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώββββββββββο»Ώβββββββο»Ώο»Ώβββββββββο»Ώββββββββο»Ώο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββο»Ώο»Ώο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώββββο»Ώββο»Ώο»Ώββββββο»Ώβββο»Ώβββο»Ώβββο»Ώβο»Ώβββββο»Ώβο»Ώβββββββββο»Ώβββββββββββο»Ώββββββββββββο»Ώββο»Ώββββββββο»Ώββο»Ώβββο»Ώβο»Ώβο»Ώββββο»Ώββο»Ώβο»Ώββββββο»Ώββββββο»Ώβββο»Ώββββο»Ώββο»Ώβο»Ώβο»Ώβββο»Ώββββββββββββο»Ώο»Ώβββββββββββββο»Ώο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββο»Ώββββββββββββββββββββο»Ώββββο»Ώβο»Ώβββββββββββο»Ώβββββββββββο»Ώβββο»Ώβββο»Ώβο»Ώβο»Ώβββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώο»Ώβββββββο»Ώβββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββββββββο»Ώβββββββββο»Ώββββββββο»Ώββββββββββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώβββο»Ώβββββο»Ώβββββο»Ώβββββββββββββο»Ώββββββββββο»Ώββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββββο»Ώβββββββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββο»Ώβββββββο»Ώβο»Ώβο»Ώβββββββο»Ώβο»Ώββο»Ώο»Ώβο»Ώβββββββββββο»Ώββββο»Ώο»Ώβββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββββο»Ώββββββββββο»Ώββββββο»Ώββββββββο»Ώββββββο»Ώββββββββο»Ώο»Ώβββο»Ώβββββο»Ώβββββββο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββββο»Ώβββο»Ώβββββο»Ώββββββββββο»Ώβββββββο»Ώο»Ώβββββββββο»Ώββββββββο»Ώο»Ώβββββββββο»Ώβββο»Ώβββββββο»Ώββββββββο»Ώββο»Ώβββββββο»Ώβββο»Ώβββββββο»Ώβββββββο»Ώβββο»Ώβο»Ώβο»Ώβββββββββο»Ώβο»Ώβββββββο»Ώβββββββο»Ώο»Ώββο»Ώβββο»Ώββββββββο»Ώββββββο»Ώβο»Ώβββββββββββββββββο»Ώο»Ώβ
Fast-paced cyber threats are driving more organizations towards cybersecurity solutions that help them anticipate attacks. Today, we unveiled 471 Attack Surface Protection, a powerful attack surface management solution that leverages Intel 471βs cyber threat intelligence to help customers quickly prioritize high risk exposures and improve their business operations.
How can organizations monitor the cybersecurity risks that come from third parties and their suppliers? Monitoring the attack surface of partners can illuminate risks. Here's how to do it.
WILMINGTON, Del. β November 2, 2022 β Intel 471, the premier provider of cyber threat intelligence for leading intelligence, security, and fraud teams across the globe, today announced the acquisition of SpiderFoot,
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.