Professional Documents
Culture Documents
ChatGPT Based Phishing Attacks PDF 1685998192
ChatGPT Based Phishing Attacks PDF 1685998192
Impersonators
Tips to Avoid Falling Victim to Phishing Scams
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams
Executive Summary
Scenario
Case Studies
IOCs
Table of Content
Rules
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams
which can further increase the likelihood that the victim will fall for the
scam.
However, it's important to note that there are also risks associated with
using AI and machine learning in cybersecurity. For example, attackers
could potentially use these technologies to create more sophisticated and
convincing phishing attacks, making it more difficult for traditional
detection methods to identify and block them.
Openai-pc-pro.online
When a user visits the website, they are prompted to enter their login
credentials or other sensitive information. However, instead of simply
Case Studies
Once the attacker has obtained the user's login credentials or other
sensitive information, they can use this information to gain access to the
user's accounts or steal their identity.
Case Studies | Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams 11
Clip[1].exe
COMCTL32.DLL:
This is a legitimate Windows library that contains functions related to
common controls used in graphical user interfaces (GUIs), such as
Case Studies
buttons, scrollbars, and menus. It does not typically contain any malicious
code.
COMDLG32.DLL:
This is also a legitimate Windows library that contains functions related to
common dialog boxes used in GUIs, such as file open and save dialogs. It
does not typically contain any malicious code.
GDI32.dll:
This is another legitimate Windows library that contains functions related
to graphical device interfaces (GDIs), which are used for drawing graphics
on the screen and printing. It does not typically contain any malicious
code.
KERNEL32.dll:
This is a core Windows library that contains functions related to memory
management, process management, and system-level functions. It is often
targeted by malware because it provides access to many system-level
functions. Malware may try to abuse functions in this library to carry out
malicious activities, such as process injection, file manipulation, and
network communication.
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams 13
msvcrt.dll:
This is a runtime library for Microsoft Visual C++ that provides functions
related to memory allocation, input/output operations, and string
manipulation. It does not typically contain any malicious code, but
malware may abuse functions in this library to carry out malicious
activities, such as memory manipulation and file operations.
USER32.dll:
Case Studies
No Type Indicator
1 domain https://openai-pc-pro.online/
2 domain chat-gpt-pc.online
3 domain https://chat-gpt-online-pc.com/
4 domain http://chatgpt-go.online/clip.exe
FileHash- d1b1813f7975b7117931477571a2476decff41f124b84cc
IOCs
5
SHA256 7a2074dd00b5eba7c
FileHash- ae4d01a50294c9e6f555fe294aa537d7671fed9bc06450e
6
SHA256 6e2198021431003f9
FileHash- 60e0279b7cff89ec8bc1c892244989d73f45c6fcc3e432e
7
SHA256 aca5ae113f71f38c5
FileHash- 53ab0aecf4f91a7ce0c391cc6507f79f669bac033c7b3be
8
SHA256 2517406426f7f37f0
FileHash- 46200951190736e19be7bcc9c0f97316628acce43fcf5b3
9
SHA256 70faa450e74c5921e
FileHash- 3ec772d082aa20f4ff5cf01e0d1cac38b4f647ceb79fdd3f
10
SHA256 fd1aca455ae8f60b
FileHash- 34b88f680f93385494129bfe3188ce7a0f5934abed4bf6b
11
SHA256 8e9e78cf491b53727
FileHash-
12 f1a5a1187624fcf1a5804b9a15a4734d9da5aaf6
SHA1
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams 6
No Type Indicator
FileHash-
13 cebddeb999f4809cf7fd7186e20dc0cc8b88689d
SHA1
FileHash-
14 c57a3bcf3f71ee1afc1a08c3a5e731df6363c047
SHA1
FileHash-
15 afa741309997ac04a63b4dd9afa9490b6c6235c1
SHA1
FileHash-
16 aeb646eeb4205f55f5ba983b1810afb560265091
SHA1
FileHash-
IOCs
17 23f50f990d4533491a76ba619c996b9213d25b49
SHA1
FileHash-
18 189a16b466bbebba57701109e92e285c2909e8a2
SHA1
FileHash-
19 c8aa7a66e87a23e16ecacad6d1337dc4
MD5
FileHash-
20 94e3791e3ceec63a17ca1a52c4a35089
MD5
FileHash-
21 81e6a150d459642f2f3641c5a4621441
MD5
FileHash-
22 6a481f28affc30aef0d3ec6914d239e4
MD5
FileHash-
23 5f6f387edf4dc4382f9953bd57fa4c62
MD5
FileHash-
24 4e8d09ca0543a48f649fce72483777f0
MD5
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams 7
No Type Indicator
FileHash-
25 174539797080a9bcbb3f32c5865700bf
MD5
26 url https://openai-pc-pro.online/
27
url https://chatgpt-go.online/
28 domain https://chat-gpt-online-pc.com/
IOCs
29 url https://chatgpt-go.online/
30 url http://chatgpt-go.online/java.exe
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams 8
Sigma rule that could be used to detect network activity associated with
the given indicators:
Rules
This rule looks for network activity that matches the specified indicators,
including suspicious URLs and file paths. It also restricts the source IP
addresses to internal network ranges, to reduce the likelihood of false
positives. When triggered, the rule includes relevant metadata such as the
URL, source and destination IP addresses, and event type. Finally, the rule
includes a list of false positives to help reduce noise and prevent
legitimate traffic from triggering alerts.
| Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams 9
And detection rule for the provided IOCs with SHA-256 and MD5 hash
values:
Rules
Beware of ChatGPT Impersonators: Tips to Avoid Falling Victim to Phishing Scams
Key Notes
Obtain a sample of the malicious executable file. This can be done through
various means, such as downloading the file from a malicious website, analyzing
sandbox, to prevent potential damage to the host system. Observe the behavior
Use static analysis techniques to examine the code of the malware. This can
Use dynamic analysis techniques to monitor the behavior of the malware in real-
time. This can involve running the malware in a debugger and setting
breakpoints at specific points in the code. This can help identify any network
Identify the attack vector that was used to deliver the malware to the victim.
This can involve analyzing email headers or network traffic logs to determine the
Take appropriate actions to contain and remove the malware. This may involve
isolating the infected system, deleting infected files, or blocking network traffic
to malicious domains.
Analyze the data collected during the analysis to identify potential indicators of
compromise (IoCs). This can involve analyzing network traffic logs, examining
system logs, or using threat intelligence feeds to identify any known malicious
domains or IP addresses.
Share the findings with relevant stakeholders, such as incident response teams