IOC Radar
TLP:WHITE4 IOCs

Hackers Abuse SheetBest API to Exfiltrate Banking Credentials Into Google Sheets

CP
Cyber Press
Published June 17, 2026Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREsntdr-soporte25.githu…soporte-index09.githu…07-soporte.github.ioCAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(4)
Capability
Victim

Attack Flow7 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1566
1/7
Phishing
ActionDeliver phishing links
Attackers use convincing phishing pages hosted on GitHub Pages, often shared via messaging apps or SMS with rich preview cards.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise4

TypeIndicatorConfidenceScoreFirst Seen
Domainsntdr-soporte25.github.io
indicatorintel-blognetwork
High
58
Jun 18, 26
Domainsoporte-index09.github.io
indicatorintel-blognetwork
High
58
Jun 18, 26
Domain07-soporte.github.io
indicatorintel-blognetwork
High
58
Jun 18, 26
Domainsoporte-index25.github.io
indicatorintel-blognetwork
High
58
Jun 18, 26

IOC Relationship Graph

IOC Relationship Graph4 total IOCs
Domain
Domain4REPORTHackers Abuse SheetBest AP
scroll to zoom · drag to pan · click IOC to open