cR0w@0xfeedc0fe@infosec.exchange I'll pass it on but I'm already away from my workstation for the weekend.
0xfeedc0fe@cR0w@infosec.exchange no rush. I've been toying with them for 2 years now =D
cR0w@0xfeedc0fe@infosec.exchange Oh damn. The patient long game.
0xfeedc0fe@cR0w@infosec.exchange I used them as a practical exercise to find my way towards CTI & threat research. I had no clue what I was doing when I started and ended up with a VT crazy wall until I realized I could focus on the image host. These days, I'm more interested in finding malware to work with but still try to keep an eye on what this cluster is doing. Kind of tempted to try to package this for a CFP to show others that it's possible to have an impact even from outside of industry. Also, useful hack for getting around the 5 years of experience that many HR teams add to entry level job listings.
cR0w@0xfeedc0fe@infosec.exchange That's a nice way to sidestep that HR crap. Well done.
0xfeedc0fe@cR0w@infosec.exchange just a quick follow up with some recent samples. danmartin[.]ro was the previous host. https://github.com/Phishing-Database/phishing/pull/869 includes a list of urlscan results
catenacciovintage[.]com is the current host https://github.com/Phishing-Database/phishing/pull/878
it looks like they're primarily targeting South Africa at the moment but I wouldn't be surprised to see a shift to .edu domains in some of the lures over the coming weeks as the fall semester starts.
cR0w@0xfeedc0fe@infosec.exchange Nice. Worth keeping an eye on for sure.