FIN7: Silent Push unearths 4000+ phishing and shell domains
July 11, 2024, 12:06 p.m.
Tags
External References
Description
Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including several hundred active phishing, spoofing, shell and malware delivery domains and IPs targeting various organizations. The campaigns utilize over 4000 domains and subdomains, with nearly half active in the past week. Prominent global brands like Louvre Museum, Meta, Reuters, Microsoft, and others have been targeted. The group employs tactics like spearphishing, malware distribution, and renting infrastructure from bulletproof hosting providers.
Date
Published: July 11, 2024, 11:51 a.m.
Created: July 11, 2024, 11:51 a.m.
Modified: July 11, 2024, 12:06 p.m.
Indicators
fdfd96f00e9e713cf86e2d32fb0c653b66fccc0e4969eac9f26d5cdcca98ff7d
fbec6e79b663d4c5e660a7aff23e392a4f1311382923669548945e8346edbffb
e8c6831d6e238df5a1f20fc00867b333474a659734ac46a9902fbbadaaf0b51e
d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d
9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e
8a24b6f83761561d8b71429f586248f264139aee2d8349f375ccbba702e4ecb2
63750019f4a8498edc008a343be90aac8fbb3307ba7eb519fc5df16258dff19c
50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba
448559c22bf09e6526b67defddcace275d7a0c580a38b0961165bc1efdb3367e
43f4d0ae8f84c36d635423719562cdb0f5d9647b79a758a33fdf4aa7540f5622
41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2
3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277
1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc
1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252
184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c
03c84ae3bdd28341bdb9ef24918c3cad6c9ed27c768d351f23e6d37bf048f7a4
032d68449a93200aa257943b7e22e619e5ab383f61c7466f7872eeba5ea5b838
103.35.191.28
89.105.198.190
103.113.70.142
166.88.159.37
www.wpenglneweb.com
www.tivi2.com
http://themetasupporrtbusiness.nexuslink.click/
http://kun-quang-api.lordofscan.pro/LoginProcess/api/login_submit
http://identity-wpengine.com/session_id/login/
http://app.rmscloud.pro/login/
http://accountverify.business-helpcase718372649.click/
themetasupporrtbusiness.nexuslink.click
kun-quang-api.lordofscan.pro
book.louvre-ticketing.com
accountverify.business-helpcase718372649.click
zoomms-info.com
xn--manulfe-kza.com
xn--bitwardn-h1a.com
wpenglneweb.com
womansvitamin.com
westlaw.top
webex-install.com
wal-streetjournal.com
trydropbox.com
trezor-web.io
treidingviw-web.xyz
treidingviw-web.shop
treidingviw-web.lol
tredildlngviw.xyz
tredildlngviw.shop
thomsonreuter.pro
thomsonreuter.info
techevolveproservice.com
rupaynews.com
restproxy.com
redfinneat.com
quicken-install.com
paybx.world
paris-journey.com
onepassreglons.com
netfiix-abofrance.com
netepadtee.com
multyimap.com
miidjourney.net
louvrebill.click
louvrebil.click
louvre-event.com
lexisnexis.day
identity-wpengine.com
https-twitter.com
hotnotepad.com
hcm-paycor.org
harvardyardcollection.com
go-ia.site
go-ia.info
ggooleauth.xyz
escueladeletrados.com
emeraldblockestates.com
driv7.com
driv3.net
dr1ve.xyz
ddcccuuu.online
cybercloudsecure.com
cybercloudsec.com
costsco1.com
concuur.com
concur.re
concur.pm
concur.cfd
autodesk.pm
bloomberg-t.com
ariba.one
app-trello.com
androiddeveloperconsole.com
americangiftsexpress.com
2024sharepoint.lat
affinitycloudenergy.com
Attack Patterns
Gracewire
EugenLoader
Anunak
Carbanak - S0030
FIN7
T1056.003
T1583
T1189
T1176
T1486
T1566
Additional Informations
Utilities
Consulting
Retail
Hospitality
Technology
Healthcare
Media
Transportation
Finance