Phishing ioc list. A new window appears, requesting additional information.

Phishing ioc list The rest of the query looks for any IOC that matches if that is the case a row will be shown with that information, which tweet it originated from and which IOC category it has. Talos IOC data Cisco Talos, the world's leading threat intelligence organization, regularly updates this page with the latest indicators of compromise (IOCs) associated with the research published on our blog. Indicators of compromise (IOC) are evidence that someone may have breached an organization’s network. Comprehensive Data: Covers various threat vectors, such as malware, phishing, and vulnerabilities. Mar 12, 2025 · Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. Inside, we map the attack and the TTPs involved and provide recommendations. May 21, 2025 · The malware’s obfuscation methods allow LummaC2 actors to bypass standard cybersecurity measures, such as Endpoint Detection and Response (EDR) solutions or antivirus programs, designed to flag common phishing attempts or drive-by downloads [T1027 Jul 17, 2025 · In today’s evolving cyber threat landscape, phishing continues to be a dominant attack vector — often used to deliver credential-stealing malware like SnakeKeylogger. In the Security, I setup Advanced Delivery rule - Phishing ¶ Key Features IOC Collection: Add multiple IOCs of different types (IP, domain, URL) to a list. Understand the importance of monitoring and analyzing IoCs to safeguard systems and data against cyber threats. It introduces a safe obfuscation format to prevent accidental execution or activation when IOCs are displayed or transmitted. (Community edition will do, you don't need Pro for this. txt 2024-05-09-IOCs-from-GootLoader-activity. Mar 13, 2025 · Learn how Indicators of Compromise IOC Cybersecurity help detect cyber threats and improve security by identifying malicious activities before they cause harm. Sources Aug 1, 2023 · The evolving phishing threat is relentless and continues to grow each year. On their own, these may look harmless, but within the framework of an ongoing threat, they tell a different story. Phishing: sending emails with malicious Microsoft Office documents and PDFs attached. May 9, 2024 · Our in-depth investigation of the Typhoon 2FA DNS infrastructure through an IoC list expansion analysis enabled us to uncover 4,041 potentially connected artifacts comprising 288 registrant email address-connected domains, 110 registrant organization-connected domains, 262 email-connected domains, 21 IP addresses, 137 string-connected domains, and 3,223 string-connected subdomains. Sep 26, 2023 · Email Gateways also depend on a ruleset, which should contain the block list of domains known to send spam or phishing emails. AiTM attack refers to "Adversary-in-The-Middle" phishing Apr 8, 2025 · Silent Push has discovered the evolving threat Scattered Spider is still hunting for victims in 2025, targeting brands and services. Categorization: Assign each list a category such as: Malware Botnet Phishing Exploit Spam Whitelist Malware Botnet Phishing Exploit Spam Whitelist Expiry Days: Lists have an expiry period from the creation or last modification. 5 days ago · Raccoon is an information stealer malware. Attackers have been changing their tactics, techniques, and procedures, moving from traditional phishing to more advanced techniques. These techniques aim to standardize the safe dissemination of threat intelligence The other variable is IncludeSpamPhishingIPS which by default filters phishing IPs because they are sensitive to false positives, this can be turned on if wanted. If an internal computer is secretly communicating with an external server that is known to be 2 days ago · Access up-to-date feeds of Indicators of Compromise (IOCs) shared by the infosec community on 𝕏 / Twitter with TweetFeed. Find data, like malware actions and IOCs, across all ANY. I added an Exchange Rule for the group of IPs, and changed the priority to 0: 2. This repository will contain the information of IOC's of Malicious IP's and URL's which are blacklisted everyday. IoC Stream VirusTotal IoC Stream is an evolution to the previous Hunting's Livehunt but opening the flux to other origins that allows you to curate your own custom feeds based on your interests. These feeds are community-maintained or publicly accessible services that provide real-time or regularly updated data on malicious activity such as phishing campaigns A curated list of awesome Threat Intelligence resources A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. ThreatFox is a platform from abuse. It concludes with mitigation guidelines for protecting networks against activity by Sure! Just open it with Burp suite using the intercept module and built-in browser. Since its first annotated emergence in early 2024, this tactic has resulted in multiple malware distribution campaigns involving compromised websites, malicious distribution infrastructure, and e-mail phishing. It must be noted that an IoC differs from an indicator of attack Aug 2, 2022 · A ThreatLabz technical analysis of the latest variant of proxy-based AiTM attacks that are phishing enterprise users for their Microsoft credentials. It will focus on the different ways Jun 30, 2025 · Hackers hijack Microsoft 365 Direct Send to spoof internal emails, bypassing security measures. You can contribute by creating a pull request. Access cyber threat intelligence online with TI Lookup, a vast repository of threat data extracted from ANY. json - List of known hashes with common false-positives (based on Florian Roth input list) - Event contains one or more entries with common false-positives Indicators of compromise (IOC) are evidence that someone may have breached an organization’s network. The links below will direct you to the latest data files for this project. Jun 17, 2025 · Free and open-source threat intelligence feeds are invaluable tools for cybersecurity professionals seeking to improve their visibility across the threat landscape without relying solely on expensive commercial platforms. Want to integrate TweetFeed with OpenCTI? Now you can! Please consider making your own analysis before taking any action related to the IOCs. Upload IOCs and explore the database for valuable intelligence. Jan 30, 2025 · Find top cyber threats and trends to watch for in 2025, from the persistent threats of phishing and ransomware to how businesses can mitigate risk. Alvarez (@plusvic) YARA, the "pattern matching swiss knife for malware researchers (and everyone else)" is developed by @plusvic and @VirusTotal. Follow live statistics of this virus and get new reports, samples, IOCs, etc. We are doing this to help the broader security community fight malware wherever it might be. Next, you’ll review a phishing header to connect email vectors to those indicators. nshc-threatrecon/IoC-List - NSHC ThreatRecon IoC Repository pan-unit42/iocs - Indicators from Unit 42 Public Reports. Alternatively, Threat Lists can be retrieved for up to 7 days using the /threat_lists/ {threat_list_id}/ {time} endpoint. These data points—malicious IP addresses, unusual outbound network traffic, suspicious file hashes, and anomalous login attempts—help cybersecurity professionals identify, detect, and respond to security incidents. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active Equips your security systems with a comprehensive list of IoCs, including IPs, domain names, and URLs, for automatic threat detection and response. This means that if the current time in UTC is T you can get T-2h Threat List but any more recent than that. Indicators of Compromise (IOCs) a clues, like malicious IPs, domains, file hashes, or behavior patterns—used to detect and respond to cyber threats. The feeds can be used as a source of correlations for all of your events and attributes without the need to import them directly into your system. Effective use of IoCs is crucial for go golang security ioc malware phishing web-security malware-analysis malware-research defense golang-package email-security websecurity defang indicators-of-compromise malware-protection defensive-security phishing-protection golang-module defanging Updated on Sep 9 Go Jun 6, 2023 · Comparison of the leading phishing threat intelligence feeds tracking typosquat domains, URLs, and IPs. Here are 10 IoCs to look out for. Use the APIs to seamlessly push and pull signals, and automate bulk queries. Contains multiple types such as IP, URL, CVE and Hash. Oct 30, 2024 · Russian state-backed hacking group Midnight Blizzard, also known as APT29 and linked to the Russian Foreign Intelligence Service (SVR), has launched a new spear-phishing campaign targeting US Jun 8, 2023 · A multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targets banking and financial services organizations. Categorization: Assign each list a category such as: Malware Botnet Phishing Exploit Spam Whitelist Expiry Days: Lists have an expiry period from the creation or last modification. What are indicators of compromise (IOCs)? Indicators of compromise (IOCs) are pieces of contextual information discovered in forensic analysis that serve to alert analysts of past/ongoing attacks, network breaches, or malware infections. Organizations Sep 13, 2021 · Microsoft cybersecurity researchers identified 11 domains and one IP address as indicators of compromise (IoCs) related to ongoing tax-themed phishing campaigns. -- Victor M. A Large Number of Contributors: More than 19 million new IoC records every day. These unique clues – or artifacts – are often seen as maliciously used IP addresses, URLs, domains, or hashes. Mar 25, 2024 · Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months. Get results as wide or as precise as you need from 6 months of research data, which includes links to examples of TTPs implementation within interactive sandbox sessions. IOC use cases What do IOC feeds look like in action? Here are some quick examples. This repository contains a historical list of Cobalt Strike (or NanoHTTPD) hosts that have been identified using the "extraneous space" fingerprint. OpenPhish provides real-time phishing trends, processing over 16 million URLs, and detecting new phishing URLs, targeting various brands. Phishing may also involve social engineering techniques, such as posing as a trusted source, as well as evasive techniques such as removing or manipulating emails or metadata/headers from compromised accounts being abused to send messages (e. Indicators of compromise (IOCs) refer to data that indicates a system may have been infiltrated by a cyber threat. List phishing IOC + email address of the impacted companies to report - tacosaure/PhishingReport Jul 31, 2018 · URLs have been typically considered to be part of the family of IoC artifacts because malicious URLs are widely used to spearhead various cyber-attacks including spamming, phishing, and malware. Exposing PhishTank is a collaborative clearing house for data and information about phishing on the Internet. The "Lista Ostrzeżeń" by CERT Polska is a continuously updated list of malicious websites that deceive users and steal data. A. Mar 18, 2025 · "Rikesh Vekaria and the Mimecast threat researchers have recently identified a credential harvesting phishing campaign using the Mimecast brand. If the list is not updated or new IOCs are not added, it will be flagged for review Indicators of Compromise (IoCs) are forensic artifacts that suggest a system or network has been compromised by cybercriminals. ) You can even alter the submitted fields inline and intercept the servers replies. Apr 9, 2025 · This document defines a consistent and reversible method for sharing potentially malicious indicators of compromise (IOCs), such as URLs, IP addresses, email addresses, and domain names. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. To ensure uninterrupted access to the data, please download the latest lists directly from the provided links below. It certainly helps to be alerted to an IOC . Feb 4, 2024 · IOCs IOCs are observables that were identified during the investigation, or that led to the case creation upon monitoring activities. Learn about common indicators and how to respond. The threat actors use carefully designed "secure messages" to trick recipients into believing the emails are legitimate and related to secure communications. The kit uses CAPTCHA filtering, data pre-filling, and Telegram-based exfiltration to steal credentials and payment information efficiently and stealthily. Threat Lists are hourly generated as IoCs packages, with 2 hours difference from the current time. These include not only malicious file names, signatures and Nov 8, 2024 · Our research team expanded the IoC list and uncovered additional threat artifacts, including: 346 registrant-connected domains, two of which turned out to be malicious 65 additional IP addresses, 51 of which turned out to be associated with various threats One IP-connected domain Six string-connected domains Mar 4, 2020 · This article will keep a running list of open source threat intelligence feeds that you might want to use in your security solutions. They Learn about Indicators of compromise (IoC). txt Oct 8, 2025 · Varonis Threat Labs uncovered a phishing campaign with M365's Direct Send feature that spoofs internal users without ever needing to compromise an account. Each threat feed listed here integrates seamlessly with our Morpheus AI SOC solution, as do dozens of the top enterprise and subscription-based threat intelligence platforms. As you can see in the screenshot below, you … May 18, 2024 · The attack floods the inboxes and leaves employees frustrated and overwhelmed. Relevant IOCs during a phishing attack might include suspicious email headers, malicious attachments, or unusual domain names. PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Indicators of compromise (IoC) are forensic artifacts found on a network or operating system that indicate a potential intrusion or breach. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors. If not required, disable keep me signed in Implement conditional access policies such as enforce MFA for risky sign-ins or block logons from countries not allowed/trusted Regularly review Entra ID Security reports such as risky users, risky sign-ins and risk detections Conduct phishing exercises to analyse effectiveness of security training IOC To gain initial access, Agenda ransomware targets its victims through phishing and spear phishing emails. Contributions are much appreciated to make this list with free Threat Intel/IOC feeds as big and as up-to-date as possible. But whatever whitelists I have added source IPs in, won't stop the server pickup the test messages as spam. What are indicators of compromise (IOCs)? An Indicator of Compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached. Identify threats and discover context information related to specific IOCs, TTPs, and artifacts in processes, command lines, network activity, registry, etc. Understand the risks and how this evades email security. Once your IT team discovers an IoC, immediate steps must be taken to remediate the threat and secure data. txt 2024-04-15-IOC-for-Contact-Forms-campaign-SSLoad-activity. Some groups have multiple names associated with similar activities due to various organizations tracking similar activities by different names. Get recommendations to safeguard data and mitigate risks. 1. Add an IoC An IoC object could be created by going to Case > IOC. YARA is an ancronym for: YARA: Another Recursive Ancronym, or Yet Another Ridiculous Acronym. Dec 12, 2024 · For example, if a phishing campaign occurs, the IoCs are probabl things like suspicious URLs or suspicious email attachments — both common mediums for executing such attacks. Phish Radar, phishing email, phishing domain, URL, link, feeds, IOC, intel, list, database, dataset, honeypot, free and open source. Regardless of which security engine encounters the indicator, the system gives a malicious verdict. Train users to recognize and report phishing attempts. I've been working on an automated process to snatch these inline and batch import them into my Defender for Endpoint custom IOC list. The premium version enhances this with in-depth threat intelligence, similar to our Lookup service. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. But over the course of investigating the threat group, Mandiant discovered that it may have a hand in cybercriminal operations, specifically phishing, as well. You can create a collection through the home view by clicking on the "create an IoC collection" link as shown below: You need to add a name, a list of IoCs (file hashes, URLs, domains and IP addresses) and then click on Create collection. Easy peasy. Pick your choice. View it on GitHub. Proofpoint defines IoC security, gives examples of threats, and how IoC cyber security helps you detect and respond. Sep 16, 2024 · How to leverage passive DNS history with Validin to uncover SCATTERED SPIDER phishing infrastructure On September 10, 2024, Arda Büyükkaya from EclecticIQ published a thorough update on SCATTERED SPIDER (also called 0ktapus). Some of the most common IOC examples include: IP addresses – The IP addresses associated with a threat actor’s infrastructure or command and control servers. 1 day ago · Talos have world's most comprehensive IP and Domain Intelligence Center for real-time threat detection. Just as with physical evidence, these digital clues help information security professionals identify malicious activity or security threats, such as data breaches, insider threats or malware attacks. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations Groups Groups are activity clusters that are tracked by a common name in the security community. Other places from where you can create IoC collections in the same way are: From the Threat Landscape module, on the IoC Collections tab you will find the common-ioc-false-positive/list. - cyb3rmik3/Hunting-Lists Sep 16, 2020 · IoCs (Indicators of Compromise) are forensic evidence that point to a specific threat in the network. 5. Feb 14, 2025 · Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Effective for monitoring phishing, malware and online threats. The platform offers a detailed list of phishing URLs, targeted brands, and timestamps, enabling users to stay informed about the latest phishing threats. swisscom/detections - This repo contains threat intelligence information and threat detection indicators (IOC, IOA) shared by Swisscom CSIRT. The actors are also known to leverage exposed applications and interfaces such as Citrix and remote desktop protocol (RDP). , a company central to Italy’s digital infrastructure. If an internal computer is secretly communicating with an external server that is known to be It is relevant to the threat context: An IOC is only valid if it makes sense in context. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active 6 days ago · Global IoC Block List - These exceptions block list specific indicators, such as URLs, across all security engines. - Bert-JanP/Open-Sourc Aug 19, 2025 · A Choice of Data Formats: Provides threat intelligence in STIX, OpenIoC, MAEC, JSON, and CSV formats. Apr 18, 2024 · SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. With its comprehensive database, OpenPhish helps users identify and mitigate phishing attacks Feb 28, 2025 · A post about EASM on CybelAngel’s X channel. The checksums for the files are available in the checksums repository. In many cases, this compromise could have been detected in time for an effective reaction had the respective domains been analyzed thoroughly. Examples include signs of malware, unauthorized access, or compromised credentials. Detailed profile of FIN7, a notorious cybercriminal group, covering their targets, tactics, recent activities, and strategies for mitigating their threats. It provides an overview of the actor and information about associated malware and tooling, with indicators of compromise and signatures that can be used to detect potential presence of the actor on a network. After gaining access to victims’ networks, BlackSuit actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Oct 11, 2025 · The OpenPhish threat intel feed provides updates on phishing activity, a common attack vector in recent years. - emtoen/IOC-Feeds Phishing Domains, urls websites and threats database. 5 days ago · A highly automated, multi-stage phishing kit has been uncovered impersonating the major Italian IT provider Aruba S. This service sinks all the IoC matches in a single place to expose them following a common interface to make the IoC Stream actionable. 6 days ago · Analyzing a BITB phishing page linked to the Sneaky2FA Phishing-as-a-Service operation. Awesome list of keywords and artifacts for Threat Hunting sessions - mthcht/ThreatHunting-Keywords May 14, 2024 · Threat Intelligence Report: Scattered Spider Campaigns Ronin Owl May 14, 2024 Executive Summary This report analyzes the recent activities of the Scattered Spider cybercrime group, focusing on Oct 4, 2018 · This is a technical advisory on the threat actor APT28, written for the network defender community. Require phishing-resistant MFA for as many services as possible. If successful, the caller tricks the employee into providing remote access to the system via Microsoft Quick Assist. The IOC Stream view is an evolution to the previous Livehunt Notifications view. The campaigns often include urgent messaging about account restrictions, login alerts, or compliance Here are indicators of compromise (IOCs) of our various investigations. Let's figure out why its important in cybersecurity. 2 days ago · TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Jun 24, 2025 · Discover the evolution of Scattered Spider, the cybercrime group behind major social engineering attacks from 2023 to 2025. Dec 31, 2024 · New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code MISP Threat Intelligence & SharingMISP includes a set of public OSINT feeds in its default configuration. 3 days ago · These IOCs include data such as malicious IP addresses, domain names, and file hashes, aiding cybersecurity professionals in identifying and mitigating threats. RUN sandbox malware research sessions from 500,000 analysts. Both free and premium versions are available, offering different update frequencies and levels of detail. According to observations from Trend Micro, Agenda ransomware group uses Remote Monitoring and Management (RMM) tools, and Cobalt Strike for deployment of the binary. Aug 15, 2022 · The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. They frequently use SMS phishing campaigns and call help desks to obtain password resets and MFA bypass codes Dec 7, 2024 · Indicators of compromise (IoC) are forensic evidences pointing to potential security breaches within your IT network or endpoint systems. Especially, AiTM is a great example of how attack techniques have evolved over the past few years and have spread globally. , Email Hiding Rules). Nov 27, 2024 · An Indicator of Compromise (IOC) is a forensic evidence that signifies that a network or system has been compromised by malicious activity. p. Oct 29, 2024 · Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. These campaigns leverage templates using Mimecast logos as well as other company logos to Oct 4, 2023 · What are some common types of IOC? There are many different types of IOCs that can indicate a system compromise or cyberattack. These indicators aid in the detection, mitigation, and prevention of compromises by providing evidence of malicious activity or unauthorized access in a network or endpoint. You can search for abnormalities using this IOC's in your organization environment. Executive Summary ClickFix attacks are a sophisticated form of social engineering, leveraging the appearance of authenticity to manipulate users into executing malicious scripts. While this phishing/spam attack is underway, Storm-1811 launches a voice phishing (vishing) attack in which the caller poses as tech support. Oct 4, 2025 · You’ll work exactly like an analyst: start with an IoC list, map each one to the right security control (DNS, firewall, proxy/WAF, EDR), then prove impact by matching the IoCs in logs. Map isolated data points to a holistic picture. The threat actors then work to identify the personally identifiable information (PII) of the most valuable users that succumbed to the phishing/smishing, obtaining answers for those users’ security questions. Phishing Domains, urls websites and threats database. This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Strictly limit the use of Remote Desktop Protocol (RDP) and other remote desktop services. Mar 5, 2025 · 2024-03-27-IOCs-for-Google-ad-leading-to-Netsupport-RAT. Fighting phishing scams. This endpoint returns the last generated IoCs package. Aug 27, 2024 · Phishing emails are among the most successful vectors for initial access by BlackSuit threat actors. Select from raw or pre-filtered feeds, both tailored for smooth integration within your infrastructure. 4 days ago · Discover a practical guide showing how a sandbox speeds up phishing detection and reduces manual work for SOC teams. Integration: Compatible with popular security platforms like SIEMs. Metadata: There must be additional information that helps security teams make sense of the IoC. See CISA’s fact sheet Implementing Phishing-Resistant MFA for more information. If you need more details I Learn how to use VirusTotal to verify Indicators of Compromise (IOCs) and enhance your incident response with automated workflows and threat intelligence. Investigators can Learn about Indicators of Compromise (IoC) and how they help detect security breaches and malicious activities in computer systems. What are Indicators of Compromise (IOC)? Indicators of Compromise (IOC) are digital artifacts or traces left behind by cybercriminals, serving as clues for identifying security threats such as data breaches or malware attacks. Nov 14, 2023 · APT29, believed to be an espionage group from Russia, became known for launching targeted attacks against organizations in Ukraine. The files are updated regularly. ch and Spamhaus dedicated to sharing indicators of compromise (IOCs) associated with malware, with the infosec community, AV vendors and cyber threat intelligence providers. Check IOC is a free tool for the community to lookup IP addresses and domains against our extensive database of malware-related IOCs. txt 2024-04-04-IOCs-from-Koi-Loader-Stealer-activity. Computer security incident response teams (CSIRTs) use IOCs for malware detection, to enhance Sandbox security, and to verify the effectiveness of heuristic analysis. The MISP feed system allows for fast correlation but also a for quick comparisons of the feeds against one another. The group maintains a high-operational tempo and primarily attacks firms who specialize in customer relationship management, business process outsourcing, telecommunications, and technology sector entities but have been increasingly observed targeting global financial institutions. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge. This view allows users to digest the incoming VT flux into relevant threat feeds that you can study here or easily export to improve detection in your security technologies. Mar 26, 2025 · A list of the Top 25 Malicious IPs; Arranged by their Last Bad Event. The Blacklist Tab allows users to view which threat intelligence feeds have marked a particular IOC (IP, Domain, or URL) as malicious (blacklisted) or safe (whitelisted). These campaigns impersonate legitimate email service providers (ESPs), primarily SendGrid, to deliver fraudulent notifications to end users. A new window appears, requesting additional information. While Jul 31, 2018 · Introduction When threats are detected on a network, domains can serve as good indicators that the network is compromised. Jul 31, 2024 · Understand the implications of the recent AitM phishing campaign targeting Microsoft 365 accounts. Storm-2372’s targets during this time Oct 16, 2024 · I am trying to setup 3rd party (TrendMicro) Phishing Simulation for Exchange online. Feel free to contribute. The following information is required: Type: Type Nov 21, 2023 · ReliaQuest recently detected an intrusion by the Scattered Spider cybercrime group. Analysts track these clusters using various analytic methodologies and terms such as threat groups, activity groups, and threat actors. Here you will find malicious URLs, domains, IPs, and SHA256 / MD5 hashes. Clicking on Add IOC in the top right corner brings up a new window for the IoC creation. The list is a CSV file with ip, port, first_seen, last_seen pairs, starting from 2014-01 till 2019-04-21. Explore different types of IoCs, including file-based, network-based, behavioral, registry, domain, and email IoCs. 3 WhoisXML API expanded the current IoC list and uncovered potentially connected artifacts, namely: May 5, 2025 · Find the best Indicators of Compromise tools to improve your threat hunting capabilities and strengthen your cybersecurity defenses. IOC Collection: Add multiple IOCs of different types (IP, domain, URL) to a list. I have collected IOC's from Various sources and get it consolidated, so that it will be useful to others also. Apr 8, 2025 · However, the group’s activity continues to persist in 2025. This new research outlines phishing campaigns often delivered via smishing in which the threat actor deploys phishing pages that closely mimic single sign-on (SSO A curated list of awesome YARA rules, tools, and resources. They provide cybersecurity teams with crucial knowledge after a data breach or another breach in security. This article will detail threat hunting by using domains as an indicator of compromise (IoC). This case study includes email header triage, link analysis, and building an IOC list using free tools. The very first step is add the source IP into whitelist. Apr 14, 2024 · A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries. g. This repository contains Malicious Indicator of Compromise (IOC) blocklist for MISP, firewall which is vital for cybersecurity professionals to enhance threat detection and improve incident respons May 22, 2025 · The Mimecast Threat Research team has been monitoring several related phishing campaign clusters that began in February and continuing into May 2025. Hi Everyone. Blocking malicious IPs: When an IP address associated with a known phishing campaign attempts access, the system automatically blocklists it, preventing potential fraud. Recently, I investigated a real-world malware campaign that used phishing emails, deceptive domains, and stealthy payload delivery to compromise user systems. Inspired by awesome-python and awesome-php. See which feed your organization needs. It has already infected over 100,000 devices. As a value-added service at InfoSEC, our SOC team has created a github repository where you can find the latest Indicators of Compromise and Attack (IOC/IOA) based on the discovery of malware variants from the latest threat researches. User execution/ malicious file: get victims to open malicious Word and PDF files sent via spearphishing Web Service Bidirectional Communication: used blogs and WordPress for C2 infrastructure In most instances, Scattered Spider threat actors conduct SIM swapping attacks against users that respond to the phishing/smishing attempt. RUN's malware analysis sessions. Walkthrough VirusTotal IoC Stream As you can Nov 8, 2024 · Install updates for operating systems, software, and firmware as soon as they are released. Jul 29, 2025 · These MFA implementations are resistant to phishing and not susceptible to push bombing or SIM swap attacks, which are techniques known to be used by Scattered Spider actors. This free version allows 25 queries per day. The feeds can be in three The IOC Stream view is an evolution to the previous Livehunt Notifications view. It is also The IOC Stream view is an evolution to the previous Livehunt Notifications view. IOCs help analysts detect and respond to potential Oct 28, 2025 · Learn what Indicators of Compromise (IoCs) are, key types, examples, and detection best practices to strengthen your organization’s cybersecurity defenses. Latest Scattered Spider phishing TTPs, IoCs uncovered Digital fingerprints of four previous phishing kits leveraged by Scattered Spider were leveraged by Silent Push to help track the group’s activity and use of infrastructure to conduct its social-engineering attacks. Examples of IoCs like MD5 Hash, IP Feb 21, 2025 · Indicators of Compromise (IOC) are warning signs that suggest a network has been compromised. Apr 30, 2019 · In our quest to help security operations and incident response teams work more effectively, we’ve created a list of the top 10 open source threat intelligence feeds. txt 2024-04-18-IOCs-from-SSLoad-infection-with-Cobalt-Strike-DLL. txt 2024-04-30-examples-of-web-skimmers. A beginner-friendly phishing email analysis lab that walks through how to investigate a suspicious message like a real SOC analyst. mnxpo vhtiu zkj upvyb gjjj tlstc ujngt blh aykwp uplhhki zko ulmni virocs jor srt