Paul Security Weekly #617 on DomainTools Iris
ID: caa75881-55f0-5a79-99ca-8002f669bfc8
STIX ID: report--caa75881-55f0-5a79-99ca-8002f669bfc8
Feed Name: DomainTools
Threat Score
### Executive Summary This report documents an investigation of a phishing email impersonating American Express, where an attached HTML file and obfuscated JavaScript chained to multiple attacker domains used a fraudulent login page to harvest credentials; the analyst enumerated related domains and shared IP infrastructure with DomainTools Iris and VirusTotal and advised blocking the domains and IPs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.