Severity
Medium
Analysis Summary
More covid-19 malicious domains are seen as the pandemic of Coronavirus continues to increase in a rapid manner. Threat actors are continuously registering covid19 domains and targeting users to rob of their credentials and their sensitive data for their gains. It shows that the threat actors are eager to cash into the situation of this epidemic and make the most of the situation. More people are going online to put up coronavirus scam sites or to sell counterfeit surgical masks; fake self-testing kits for HIV and glucose monitoring; and/or bogus antiviral meds, chloroquine.
Impact
- Credential theft
- Information theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
URL
- http[:]//googlecovid-19[.]com
- http[:]//googleecovid19[.]com
- http[:]//wwwgooglecovid19[.]com
- http[:]//covid19-netflix[.]com
- http[:]//googlecovid199[.]com
- http[:]//samsungcoronavirus[.]com
- http[:]//googlecovid29[.]com
- http[:]//4accountsecure-facebookcovid19petition[.]ga
- http[:]//googlecovid9[.]com
- http[:]//coronavirusmicrosoft[.]com
- http[:]//netflix-covid19[.]com
- http[:]//googlecoronavirus[.]com
- http[:]//googlecovid119[.]com
- http[:]//my7secure-facebookcovid19petition[.]cf
- http[:]//covid19google[.]com
- http[:]//facebookcovid19[.]com
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on he links attachments sent by unknown senders.