TLP:WHITE3 IOCs
Hackers Use Cloned AWS Console Login Pages to Capture MFA Codes and Replay Credentials
Diamond Model
Adversary
Infrastructure(3)
Capability
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise3
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| Domain | aws-central.us-west-login.com intel-blognetworkphishing | High | 58 | Jun 25, 26 |
| Domain | aws.us-west-login.com intel-blognetworkphishing | High | 58 | Jun 25, 26 |
| Domain | aws.us-east-prod.com intel-blognetworkphishing | High | 58 | Jun 25, 26 |
IOC Relationship Graph
IOC Relationship Graph3 total IOCs
Domain