5a0bbb31-fb33-40ea-a80a-ce9c289b8632 - @god_lea... -

: If this ID was found in your environment logs, assume any user who interacted with the associated URL has had their session compromised. Force a password reset and revoke all active sessions .

: Phishing-as-a-Service (PhaaS) and AiTM attacks. 5A0BBB31-FB33-40EA-A80A-CE9C289B8632 - @GOD_LEA...

Upon interaction, the script uses this identifier to track the "campaign" and ensure the stolen data reaches the subscriber of the @GOD_LEA service. : : If this ID was found in your

This unique identifier and handle are associated with often used in phishing campaigns and credential theft. Specifically, this string frequently appears in the metadata or configuration of phishing kits and "adversary-in-the-middle" (AiTM) frameworks designed to bypass multi-factor authentication (MFA). Investigation Summary Indicator Type : Unique Identifier / Threat Actor Tag 5A0BBB31-FB33-40EA-A80A-CE9C289B8632 - @GOD_LEA...

Back to Top ↑

© 2015 VWDIESEL.NET



Back to Top ↑