Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Inside Phishing Groups: Trust No One

Anshuman
July 20, 2024
Research
0
120

Inside Phishing Groups: Trust No One

In the world of cybercrime, phishing kits are typically sold for profit, but some are distributed for free with hidden malicious intent. This talk will explore the phenomenon of free phishing kits embedded with backdoors that steal Telegram bot tokens from the users who deploy them. By analyzing these deceptive kits and their underlying tactics, we reveal the risks and implications for both cybercriminals and defenders. Attendees will gain insights into the complexities of phishing operations and learn strategies to detect and mitigate such threats.

Anshuman

July 20, 2024
Tweet

More Decks by Anshuman

See All by Anshuman
Hello, May I Own Your Phone?
0x1shu
0
170
Threat Actors are targeting BFSI Sector using Improvised Modus Operandi in India
0x1shu
0
300
My Journey to InfoSec
0x1shu
0
95

Other Decks in Research

See All in Research
12
0325
0
190
Weekly AI Agents News! 11月号 論文のアーカイブ
masatoto
0
180
ソフトウェア研究における脅威モデリング
laysakura
0
930
メールからの名刺情報抽出におけるLLM活用 / Use of LLM in extracting business card information from e-mails
sansan_randd
2
260
テキストマイニングことはじめー基本的な考え方からメディアディスコース研究への応用まで
langstat
1
150
尺度開発における質的研究アプローチ(自主企画シンポジウム7:認知行動療法における尺度開発のこれから)
litalicolab
0
360
機械学習による言語パフォーマンスの評価
langstat
6
800
snlp2024_multiheadMoE
takase
0
460
[2024.08.30] Gemma-Ko, 오픈 언어모델에 한국어 입히기 @ 머신러닝부트캠프2024
beomi
0
800
研究の進め方 ランダムネスとの付き合い方について
joisino
PRO
56
20k
Leveraging LLMs for Unsupervised Dense Retriever Ranking (SIGIR 2024)
kampersanda
2
250
さんかくのテスト.pdf
sankaku0724
0
520

Featured

See All Featured
Navigating Team Friction
lara
183
15k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.9k
Documentation Writing (for coders)
carmenintech
66
4.5k
Testing 201, or: Great Expectations
jmmastey
40
7.1k
Making the Leap to Tech Lead
cromwellryan
133
9k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.4k
What's in a price? How to price your products and services
michaelherold
243
12k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
28
2.1k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Writing Fast Ruby
sferik
628
61k
Raft: Consensus for Rubyists
vanstee
137
6.7k

Transcript

  1. M Inside Phishing Groups: # Trust No-One # * e

    by Anshuman El ethebitdoodler /in/thebitdoodler

  2. Agenda Analyzing the kit that How phishing-kit works scam the

    scammers Take aways How Phishing Kits Hunting in the wild are distributed

  3. M · Threat & Adversary Research GeloudSEK ⑳ Writing Tech-Zines

    @securityLines · Documenting Learnings HuskyScripts. blog El @thebitdoodlea er *

  4. ww 88 e ⑧ ↓ TAs Who deploy phishing sites

    to harvest credentials &thebitdoodler

  5. M banner. Sug L · taki ⑨thebitdoodler

  6. M # I L Logo. png index . php main

    . js style. ess banner. Sug These can be indicators!! &thebitdoodler

  7. M # I L Logo. png index . php main

    . js style. ess banner. Sug These can be indicators!! ↓ ↓ content filename inside the or file hashes filess ... &thebitdoodler

  8. Some where on the T elegram FREE Phishing Kits -

    - - - - > Interesting .... &thebitdoodler
  9. None

  10. M unzipped - > phishing Kits Loading inside Browser ↓

    &thebitdoodler

  11. Capabilities Blocking M ↓ Bots ⑨ Harvestinto Anti-Analysis Blocking user-agent-

    &thebitdoodler

  12. Capabilities M Flexible credentials # · xtitratore inbox Email &thebitdoodler

  13. M Why Phishing-Kit G is ⑳ # · N ab

    &thebitdoodler

  14. M en

  15. M ↓ function from the interesting file ↓ # "

    * Whaaatt ..... &thebitdoodler

  16. M - L1 Deobfuscation.... - Not enough. &thebitdoodler

  17. M ↓ L2 Deobfuscation ↓ Sending oken to some URL

    S & &thebitdoodler

  18. The Artist M - - > I hosted by Scammer

    * xcksm/a =- phishing site ↑ victimstials 1 02 . 165 . 14 . 4 : 5000 ⑤ F # &thebitdoodler

  19. The Artist M - - > I hosted by Scammer

    * xcksm/a =- phishing site ↑ victimstials 1 02 . 165 . 14 . 4 : 5000 ⑤ F # &thebitdoodler

  20. The Artist M - - > - I hosted by

    Scammer * xcksm/a · i phishing site ↑ victimstials 102 . 165 . 14 . 4 : 5000 & ⑤ - F # web server written in python &thebitdoodler

  21. Phishing kit M Author C2 server steals -- >Bot tokens

    Hosted # ... ) =>>> . ! # ... - Phishing Sites D # ...[ goodbankk. xyz courier . top +vfzpa- webapp M I spepy Phishing kits Configures with #init #Telegram BotTokens ⑤ # · Freely distributed , , F - > # Telegram scammers channels &thebitdoodler

  22. M Hunting in the Wild &thebitdoodler

  23. M * + urlscan. io phish. report ↓ ↓ community

    F open source &thebitdoodler

  24. M * urlscan . io phish. report ↓ ↓ community

    F open source · Nuclei for phishing kits &thebitdoodler

  25. https://github.com/phish-report/IOK M

  26. M

  27. M

  28. M /YAML Rule Presenton the A Based on Indicators -

    3 # ↓ Hardcoded on th index page &thebitdoodler

  29. M minder Live UrLS & & similar We can detect

    A Kits created by the same author 1! &thebitdoodler

  30. https://phish.report/blog/no-honour-among-phishers M

  31. M O questions

  32. M Thank You... El ethebitdoodler /in/thebitdoodler