This analysis examines phishing tactics used by threat actors, particularly focusing on the 0ktapus group. It outlines techniques for investigating phishing campaigns by pivoting between landing pages, using 0ktapus as a case study. The methods discussed include application fingerprinting, network profiling, and domain registration analysis. The research reveals various DOM templates used by 0ktapus over time and provides insights into their infrastructure and tactics. The article also offers recommendations for prevention and detection of phishing attacks, emphasizing the importance of MFA, SSO, and continuous vigilance in cybersecurity practices. Author: AlienVault
Related Tags:
T1591
T1586
T1606
T1589
T1078
T1608
T1585
T1584
social engineering
Associated Indicators:
D6CBC900942061D85477BDA4DBFD7F77D823E8C08EBE80E1F9FF10BEC20B5172
7D7AB8C1E2E469539E0D85D2B2166238C71BFD40AE7A373BABF3744FC89A0EF8
A226437823C213DA4B2F4CFDEDC87BFA88204B17A0AEBCA1A33C3D6055178616
46E7CF1FB46A73F098FA6F0F46732BDD298AF690EC1452FAC9B97884CA8B5A39
8293806652949FC5056D2B841AD30010A8E83E0E6ADFB102EF83C73BDEA074EB
A23A15CF02FF5BFDF1B51335AF4B91CA96C436781B9791280AB8C470643D07D7
9833C1B277759B26478C88AFE74680D5FBF3EFFF535DD803B1A3EBE4E7B8D466
C05D6607585F882476B6B7C9A39FD0BD2BB7CED3E469D5312971971048E2C594
436831126B5851BA76CD7BEDC687EF08538FC639F7CC5E8665488AECFAEAF735