Back

FIN7: Silent Push unearths 4000+ phishing and shell domains

July 11, 2024, 12:06 p.m.

Tags

phishing
eugenloader
2024-07-11
carbanak
spoofing
anunak
gracewire

External References

https://www.silentpush.com/

https://otx.alienvault.com/

Description

Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including several hundred active phishing, spoofing, shell and malware delivery domains and IPs targeting various organizations. The campaigns utilize over 4000 domains and subdomains, with nearly half active in the past week. Prominent global brands like Louvre Museum, Meta, Reuters, Microsoft, and others have been targeted. The group employs tactics like spearphishing, malware distribution, and renting infrastructure from bulletproof hosting providers.

Date

Published Created Modified
July 11, 2024, 11:51 a.m. July 11, 2024, 11:51 a.m. July 11, 2024, 12:06 p.m.

Indicators

fdfd96f00e9e713cf86e2d32fb0c653b66fccc0e4969eac9f26d5cdcca98ff7d

fbec6e79b663d4c5e660a7aff23e392a4f1311382923669548945e8346edbffb

e8c6831d6e238df5a1f20fc00867b333474a659734ac46a9902fbbadaaf0b51e

d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d

9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e

8a24b6f83761561d8b71429f586248f264139aee2d8349f375ccbba702e4ecb2

63750019f4a8498edc008a343be90aac8fbb3307ba7eb519fc5df16258dff19c

50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba

448559c22bf09e6526b67defddcace275d7a0c580a38b0961165bc1efdb3367e

43f4d0ae8f84c36d635423719562cdb0f5d9647b79a758a33fdf4aa7540f5622

41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2

3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277

1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc

1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252

184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c

03c84ae3bdd28341bdb9ef24918c3cad6c9ed27c768d351f23e6d37bf048f7a4

032d68449a93200aa257943b7e22e619e5ab383f61c7466f7872eeba5ea5b838

103.35.191.28

89.105.198.190

103.113.70.142

166.88.159.37

www.wpenglneweb.com

www.tivi2.com

http://themetasupporrtbusiness.nexuslink.click/

http://kun-quang-api.lordofscan.pro/LoginProcess/api/login_submit

http://identity-wpengine.com/session_id/login/

http://app.rmscloud.pro/login/

http://accountverify.business-helpcase718372649.click/

Attack Patterns

Gracewire

EugenLoader

Anunak

Carbanak - S0030

FIN7

T1056.003

T1583

T1189

T1176

T1486

T1566

Additional Informations

Utilities

Consulting

Retail

Hospitality

Technology

Healthcare

Media

Transportation

Finance