Ongoing tax-themed phishing campaigns pose risks to U.S. taxpayers as tax filing deadlines approach. A detailed analysis revealed multiple indicators of compromise (IoCs) related to these threats, including domains, IP addresses, and email connections. (Affected: U.S. taxpayers, cybersecurity sector)
Keypoints :
- Threat actors target U.S. taxpayers with phishing attempts around tax season.
- Tax deadline for 2025 is 15 April, with extensions available until 15 October.
- Microsoft identified 11 domains and one IP address as indicators of compromise (IoCs).
- Further analysis included examining relationships and artifacts connected to these IoCs.
- The IoC list included various artifacts such as email-connected domains and IP addresses.
- Findings led to the discovery of malicious domains and additional connected networks.
- A comprehensive analysis and related samples are available online.
- There is a cautionary statement regarding the labeling of entities as threats.
MITRE Techniques :
- Collection (T1005) – Gathering of information through WHOIS and DNS lookup APIs to identify IoCs.
- Credential Dumping (T1555.001) – Potential threats connected through historical email addresses linked to multiple domains.
- Command and Control (T1071) – Analysis of identified IP address functioning as a C&C server.
Indicator of Compromise :
- The article mentions 11 domains and one IP address identified as IoCs related to tax-themed phishing campaigns.
- 153 email-connected domains were uncovered, with one classified as a generic threat source.
- Two IP addresses were alleged victim records associated with the C&C server.
- The article suggests available historical WHOIS records contain public email addresses affiliated with these domains.
- Multiple domains had active IP resolutions, with further analysis leading to additional unique IP addresses.
Full Story: https://circleid.com/posts/tempering-tax-season-troubles-with-dns-intel
Views: 22