Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

FIN7: Silent Push unearths 4000+ phishing and shell domains

July 11, 2024, 12:06 p.m.

Description

Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including several hundred active phishing, spoofing, shell and malware delivery domains and IPs targeting various organizations. The campaigns utilize over 4000 domains and subdomains, with nearly half active in the past week. Prominent global brands like Louvre Museum, Meta, Reuters, Microsoft, and others have been targeted. The group employs tactics like spearphishing, malware distribution, and renting infrastructure from bulletproof hosting providers.

Date

Published: July 11, 2024, 11:51 a.m.

Created: July 11, 2024, 11:51 a.m.

Modified: July 11, 2024, 12:06 p.m.

Indicators

fdfd96f00e9e713cf86e2d32fb0c653b66fccc0e4969eac9f26d5cdcca98ff7d

fbec6e79b663d4c5e660a7aff23e392a4f1311382923669548945e8346edbffb

e8c6831d6e238df5a1f20fc00867b333474a659734ac46a9902fbbadaaf0b51e

d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d

9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e

8a24b6f83761561d8b71429f586248f264139aee2d8349f375ccbba702e4ecb2

63750019f4a8498edc008a343be90aac8fbb3307ba7eb519fc5df16258dff19c

50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba

448559c22bf09e6526b67defddcace275d7a0c580a38b0961165bc1efdb3367e

43f4d0ae8f84c36d635423719562cdb0f5d9647b79a758a33fdf4aa7540f5622

41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2

3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277

1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc

1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252

184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c

03c84ae3bdd28341bdb9ef24918c3cad6c9ed27c768d351f23e6d37bf048f7a4

032d68449a93200aa257943b7e22e619e5ab383f61c7466f7872eeba5ea5b838

103.35.191.28

89.105.198.190

103.113.70.142

166.88.159.37

www.wpenglneweb.com

www.tivi2.com

http://themetasupporrtbusiness.nexuslink.click/

http://kun-quang-api.lordofscan.pro/LoginProcess/api/login_submit

http://identity-wpengine.com/session_id/login/

http://app.rmscloud.pro/login/

http://accountverify.business-helpcase718372649.click/

themetasupporrtbusiness.nexuslink.click

kun-quang-api.lordofscan.pro

book.louvre-ticketing.com

accountverify.business-helpcase718372649.click

zoomms-info.com

xn--manulfe-kza.com

xn--bitwardn-h1a.com

wpenglneweb.com

womansvitamin.com

westlaw.top

webex-install.com

wal-streetjournal.com

trydropbox.com

trezor-web.io

treidingviw-web.xyz

treidingviw-web.shop

treidingviw-web.lol

tredildlngviw.xyz

tredildlngviw.shop

thomsonreuter.pro

thomsonreuter.info

techevolveproservice.com

rupaynews.com

restproxy.com

redfinneat.com

quicken-install.com

paybx.world

paris-journey.com

onepassreglons.com

netfiix-abofrance.com

netepadtee.com

multyimap.com

miidjourney.net

louvrebill.click

louvrebil.click

louvre-event.com

lexisnexis.day

identity-wpengine.com

https-twitter.com

hotnotepad.com

hcm-paycor.org

harvardyardcollection.com

go-ia.site

go-ia.info

ggooleauth.xyz

escueladeletrados.com

emeraldblockestates.com

driv7.com

driv3.net

dr1ve.xyz

ddcccuuu.online

cybercloudsecure.com

cybercloudsec.com

costsco1.com

concuur.com

concur.re

concur.pm

concur.cfd

autodesk.pm

bloomberg-t.com

ariba.one

app-trello.com

androiddeveloperconsole.com

americangiftsexpress.com

2024sharepoint.lat

affinitycloudenergy.com

Attack Patterns

Gracewire

EugenLoader

Anunak

Carbanak - S0030

FIN7

T1056.003

T1583

T1189

T1176

T1486

T1566

Additional Informations

Utilities

Consulting

Retail

Hospitality

Technology

Healthcare

Media

Transportation

Finance