The discussion focuses on the Resource Development phase of a phishing attack, highlighting the suspicious characteristics of a newly created domain intended for malicious purposes. Key indicators include a short domain lifespan, use of a free email address, questionable registration details, and DNS configuration anomalies. Affected: phishing attacks, cybercrime, domain registration.
Keypoints :
- The article discusses the Resource Development stage in the context of MITRE ATT&CK.
- A fake domain created for phishing purposes, “futurehealth3000-support.com,” is examined.
- Multiple suspicious elements of the domain registration are identified.
- Short domain lifespan and the use of a free email address suggest malicious intent.
- The domain’s name servers and lack of DNSSEC raise further concerns.
- Python can be utilized to analyze WHOIS data and DNS records for suspicious activity.
- Real-world example references APT1, known for acquiring domains for cyber operations.
- Proactive measures for monitoring look-alike domains are recommended for security teams.
MITRE Techniques :
- Acquire Infrastructure: Domains (T1583.001) – The technique involves registering domains that could be used for phishing campaigns.
Indicator of Compromise :
- [Domain] futurehealth3000-support.com
- [Email Address] 5ba5bbdce3ab4f4c8f6b1c5d03ae2e11@gmail.com
- [IP Address] 185.220.101.70
- [URL] http://www.namescheap.com
- [URL] http://wdprs.internic.net/
Full Story: https://medium.com/@tentotheminus9/python-mitre-att-ck-part-2-16-b933adb54612?source=rss——cybersecurity-5
Views: 0