GTFireGTFire

Also known as: GTFire

Known aliases
1

Profile

GTFire is a threat actor that leverages Google Firebase for hosting phishing pages and Google Translate to disguise malicious URLs, effectively bypassing security filters. The campaign employs a multi-step redirect chain to obscure the final phishing destination and utilizes All-in-1 PHP phishing scripts for rapid deployment and credential harvesting. Credentials are exfiltrated via URL parameters in a standard HTTP GET request, with minimal operational overhead.

Aliases· 1

GTFire

References

  1. https://www.group-ib.com/blog/gtfire-phishing-scheme/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
GhostRedirector
Actor
TA577
Actor
UNK_AcademicFlare
Software
GoGoogle
Actor
UAT-8099
Actor
FlowerStorm
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.