". discord. com / hc / de / articles / 1500001829622 - claiming - a - nitro - gift - faq ). users who know about these legitimate giveaways may be more inclined to react to social engineering attacks that mimic these giveaways. these phishing attacks can take various forms. they m…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1102Web Service
95%
"a multitude of reports regarding malware distribution via discord. there are several contributors as to why this works specifically well with discord vs other platforms. one of the main reasons is due to discord having a universally available worldwide content delivery network ( …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
84%
"validity period of qr codes to two minutes to reduce the likelihood of success ( https : / / support. discord. com / hc / en - us / articles / 360039213771 - qr - code - login - faq ). however, within these restrictions, the attack is still possible in the way described above. ou…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
67%
"can be used to buy, sell, and trade virtual items from games, as well as a wallet feature that lets users store funds. attackers who compromise steam accounts may be able to gain a direct financial benefit from doing so. steam forums and communities like reddit contain numerous r…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1555.003Credentials from Web Browsers
61%
"other credential - stealing attacks. using discord from within a web browser, as opposed to the desktop application for added security, was already mentioned earlier. however, if you choose to use the desktop application, we recommend checking that the feature “ automatically det…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
48%
"the cdn. there are historically easier methods however … in 2020, masato kinugawa published a blog post regarding a full exploit chain on the discord client to achieve remote code execution by simply having the end user click on an iframe, causing a 3d project file hosted on sket…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.001Spearphishing Attachment
46%
"validity period of qr codes to two minutes to reduce the likelihood of success ( https : / / support. discord. com / hc / en - us / articles / 360039213771 - qr - code - login - faq ). however, within these restrictions, the attack is still possible in the way described above. ou…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.003Spearphishing via Service
42%
"or to send direct messages to other server members. what makes this even more effective for social engineering is the fact that discord servers are often dedicated to a specific topic — such as gaming, cryptocurrencies, or information security. this allows attackers to craft thei…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
41%
"common ways attacks are conducted. here we found that phishing for discord accounts typically uses pretexts related to discord. a social engineering technique that has been discussed in the past ( for example, in this portswigger blog post : https : / / portswigger. net / daily -…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
37%
"items in the account inventory or use the account ’ s wallet balance to buy game gift codes. while account recovery from this is typically possible, those efforts may not be able to restore any lost valuables. another dishonorable mention in the steam account takeover category in…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
35%
"promo ” code. we did not investigate further into this specific site but, based on other research, we suspect that the next steps would have asked us to pay a fee to unlock the 0. 42 btc, without the promised bitcoin ever being paid afterwards. for further explanation of this sca…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
31%
"common ways attacks are conducted. here we found that phishing for discord accounts typically uses pretexts related to discord. a social engineering technique that has been discussed in the past ( for example, in this portswigger blog post : https : / / portswigger. net / daily -…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing, the demand for online messaging saw a huge spike in an effort for people to stay […]
