Date: 01/30/2025
Severity: Critical
Summary
Following the release of DeepSeek's LLM, several newly registered domains (NRDs) linked to phishing sites have emerged. Domains such as deepseeklogin[.]com are designed to imitate the official DeepSeek homepage, featuring fake login pages that prompt victims to enter their credentials.
Indicators of Compromise (IOC) List
Domains\Urls : | deepseeklogin.com |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Domains\Urls : | userdomainname like "deepseeklogin.com" or url like "deepseeklogin.com" |
Reference:
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-01-29-IOCs-for-DeepSeek-themed-phishing-domains.txt