Discover and read the best of Twitter Threads about #16Shop
Most recents (3)
My iCloud is recently getting a few #16Shop #phishing emails, I RE'd the links (for lack of a better term) and found a whole trawl of their previous phish. Highly organised operation which has been going on for a few years. 
The links are text which have been highlighted and use s[.]id URL shorteners & IP logging service from (surprise surprise) Indonesia. More specifically: Pengelola Nama Domain Internet Indonesia.
They also use app[.]link from Branch.io that uses "Deep Linking".
They also use app[.]link from Branch.io that uses "Deep Linking".
Found that the IP range and relations are similar (not the same) to those found by @sysgoblin here:
gist.github.com/sysgoblin/7bc6β¦
gist.github.com/sysgoblin/7bc6β¦
:: 16Shop Intelligence Thread ::
#16Shop is a prolific and one of the first #Phishing-as-a-Service (PaaS) offerings.
β οΈThis is an intelligence thread on notable elements of the kit, the operation, how to test and detect the scam.
#THREAD
#16Shop is a prolific and one of the first #Phishing-as-a-Service (PaaS) offerings.
β οΈThis is an intelligence thread on notable elements of the kit, the operation, how to test and detect the scam.
#THREAD
16Shop was initially detected in the wild in late 2017 by McAfee security researchers, this kit was using an Apple theme. π₯οΈ
Initially access to the kit was sold on Facebook π°
Initially access to the kit was sold on Facebook π°
The user selling 16Shop access was part of a group who are attributed as being the creators and main operators of 16Shop know as "Indonesian Cyber Army"π
:: Phishing Admin Panel Hunting Thread ::
In this thread we will find ways to hunt and attribute phishing admin panels.
This is a continuation from my #phishing hunting thread released earlier this year. ()
Please retweet to knowledge share among others.
In this thread we will find ways to hunt and attribute phishing admin panels.
This is a continuation from my #phishing hunting thread released earlier this year. ()
Please retweet to knowledge share among others.
Firstly we need to understand what an admin panel is in relation to phishing sites. There are many phishing-as-a-service (PaaS) offerings for threat actors to buy allowing them to quickly and easily deploy kits online. They normally consists of a threat actor buying an API key.
In this thread I will show you how to fingerprint some of the major panels, if you feel I have missed any let me know as I would love to keep this thread current and up-to-date on new threats.
