Rectifyq📃Title: The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider
📅Date: 2024-04-18
🔗References:
Description
The report details the takedown of the LabHost phishing-as-a-service (PhaaS) platform by law enforcement agencies. LabHost, active since 2021, offered various phishing tools and templates targeting banks, organizations, and service providers worldwide. With over 2,000 criminal users, it was responsible for deploying over 40,000 fraudulent sites that victimized hundreds of thousands of individuals. The report outlines LabHost’s features, subscription tiers, an example attack flow, and the collaborative operation that led to its seizure and arrests of key users.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: tool-profile
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Trend-Micro
- target-information=“Canada”
- target-information=“United States”
- target-information=“United Kingdom”
- target-information=“Andorra”
- target-information=“Argentina”
- target-information=“Australia”
- target-information=“Austria”
- target-information=“Brazil”
- target-information=“Colombia”
- target-information=“France”
- target-information=“Germany”
- target-information=“Guatemala”
- target-information=“Hong Kong”
- target-information=“Ireland”
- target-information=“Italy”
- target-information=“Luxembourg”
- target-information=“Malaysia”
- target-information=“Mexico”
- target-information=“Netherlands”
- target-information=“Poland”
- target-information=“Portugal”
- target-information=“Russia”
- target-information=“Saudi Arabia”
- target-information=“Spain”
- target-information=“Sweden”
- target-information=“United Arab Emirates”
- target-information=“Bolivia”
- target-information=“Venezuela”
- threat-actor LabHost
- mitre-attack-pattern=[‘T1192’, ‘T1566’]
MISP event uuid: 726d5c64-2003-426b-8899-be88e0b7aa0a
Indicator of Compromise (IoCs)
type,value,comment
domain, lab-host.ru, ''
domain, labhost.cc, ''
domain, labhost.co, ''
domain, labhost.ru, ''
domain, labhost.xyz, ''
Full IOCs available in Rectifyq's MISP```