Discover and read the best of Twitter Threads about #16Shop

Most recents (3)

My iCloud is recently getting a few #16Shop #phishing emails, I RE'd the links (for lack of a better term) and found a whole trawl of their previous phish. Highly organised operation which has been going on for a few years.
The links are text which have been highlighted and use s[.]id URL shorteners & IP logging service from (surprise surprise) Indonesia. More specifically: Pengelola Nama Domain Internet Indonesia.
They also use app[.]link from Branch.io that uses "Deep Linking".
Found that the IP range and relations are similar (not the same) to those found by @sysgoblin here:
gist.github.com/sysgoblin/7bc6…
Read 4 tweets
:: 16Shop Intelligence Thread ::

#16Shop is a prolific and one of the first #Phishing-as-a-Service (PaaS) offerings.

⚠️This is an intelligence thread on notable elements of the kit, the operation, how to test and detect the scam.

#THREAD
16Shop was initially detected in the wild in late 2017 by McAfee security researchers, this kit was using an Apple theme. πŸ–₯️

Initially access to the kit was sold on Facebook πŸ’°
The user selling 16Shop access was part of a group who are attributed as being the creators and main operators of 16Shop know as "Indonesian Cyber Army"πŸ’€
Read 14 tweets
:: Phishing Admin Panel Hunting Thread ::

In this thread we will find ways to hunt and attribute phishing admin panels.

This is a continuation from my #phishing hunting thread released earlier this year. ()

Please retweet to knowledge share among others.
Firstly we need to understand what an admin panel is in relation to phishing sites. There are many phishing-as-a-service (PaaS) offerings for threat actors to buy allowing them to quickly and easily deploy kits online. They normally consists of a threat actor buying an API key.
In this thread I will show you how to fingerprint some of the major panels, if you feel I have missed any let me know as I would love to keep this thread current and up-to-date on new threats.
Read 22 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!