The actor, known as Savvy Seahorse, employs DNS CNAME records to set up a traffic distribution system (TDS) for their fraudulent schemes. These campaigns involve using fake ChatGPT and WhatsApp bots to lure victims into fake investment opportunities, targeting individuals speaking various languages. Savvy Seahorse's operations have been ongoing since at least August 2021 and are primarily conducted through Facebook advertisements.
Enhancement idea
Savvy Seahorse
fake investment scams.Description
The actor, known as Savvy Seahorse, employs DNS CNAME records to set up a traffic distribution system (TDS) for their fraudulent schemes. These campaigns involve using fake ChatGPT and WhatsApp bots to lure victims into fake investment opportunities, targeting individuals speaking various languages. Savvy Seahorse's operations have been ongoing since at least August 2021 and are primarily conducted through Facebook advertisements.
Links
https://blogs.infoblox.com/cyber-threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/
https://github.com/infobloxopen/threat-intelligence/blob/main/indicators/csv/savvy_seahorse_20240228_iocs.csv
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
IP's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a