A Measure of Motive: How Attackers Weaponize Digital Analytics Tools
Sept. 30, 2024, 10:18 a.m.
Description
Threat actors are repurposing digital analytics and advertising tools to evade detection and enhance their malicious campaigns. The report explores how link shorteners, IP geolocation utilities, CAPTCHA systems, and advertising intelligence platforms are being weaponized. It provides insights into the tactics used by attackers and offers detection and mitigation strategies for defenders. The analysis covers specific examples of how these tools are exploited, including the use of bit.ly for tracking phishing campaigns, IP geolocation for targeted attacks, CAPTCHA for evading security scans, and competitive ad intelligence for crafting malvertising campaigns.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 30, 2024, 9:47 a.m. | Sept. 30, 2024, 9:47 a.m. | Sept. 30, 2024, 10:18 a.m. |
Indicators
https://ktgotit.com
https://britanniaeat.com/wp-includes/Advanced_IP_Scanner_v.3.5.2.1.zip”.
https://britanniaeat.com/wp-includes
https://api.ip2location.io/?key=
https://aadvanced-ip-scanner.com
Attack Patterns
MIXLABEL
FRIENDSPEAK
DANCEFLOOR
TURKEYDROP
Kraken Ransomware
Azorult - S0344
Trojan.Maljava
jBiFrost
Adwind
jFrutas
Unrecom
Sockrat
Frutas
AlienSpy
JSocket
jRAT - S0283
T1608.005
T1583
T1614
Additional Informations
Advertising
Technology
Finance
United States of America