wDOMAINS SPOOFING DERIBIT CRYPTOCURRENCY TRADING PLATFORM

    Thursday, September 26, 2024 In: Threat Research Print

    Date: 09/26/2024

    Severity: Medium

    Summary

    We have been tracking scam campaigns that impersonate various cryptocurrency trading platforms. These campaigns utilize domain names that closely resemble the targeted brands. The following domains all mimic deribit[.]com and share similar hosting setups. However, the hosting infrastructure for these malicious domains is clearly distinct from that of the legitimate Deribit platform. They employ both Cloudflare and non-Cloudflare IP addresses and frequently switch between different hosting locations.

    Indicators of Compromise (IOC) List

    URL/Domains

    deribitglobalc.com

    deribitglobala.com

    deribitglobali.com

    deribitglobalm.com

    deribitglobaln.com

    deribitglobalo.com

    deribitglobalofficial.com

    deribitglobals.com

    deribitglobalu.com

    deribitprob.com

    deribitproe.com

    deribitprop.com

    deribitpror.com

    deribitweb3.org

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URL/Domain

    userdomainname like "deribitglobalc.com" or url like "deribitglobalc.com" or userdomainname like "deribitglobala.com" or url like "deribitglobala.com" or userdomainname like "deribitglobali.com" or url like "deribitglobali.com" or userdomainname like "deribitglobalm.com" or url like "deribitglobalm.com" or userdomainname like "deribitglobaln.com" or url like "deribitglobaln.com" or userdomainname like "deribitglobalo.com" or url like "deribitglobalo.com" or userdomainname like "deribitglobalofficial.com" or url like "deribitglobalofficial.com" or userdomainname like "deribitglobals.com" or url like "deribitglobals.com" or userdomainname like "deribitglobalu.com" or url like "deribitglobalu.com" or userdomainname like "deribitprob.com" or url like "deribitprob.com" or userdomainname like "deribitproe.com" or url like "deribitproe.com" or userdomainname like "deribitprop.com" or url like "deribitprop.com" or userdomainname like "deribitpror.com" or url like "deribitpror.com" or userdomainname like "deribitweb3.org" or url like "deribitweb3.org"

    Reference: 

    https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-09-25-IOCs-for-domains-spoofing-Deribit.txt


    Tags

    MalwareDomain Spoofing

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.