FIN7: Silent Push unearths 4000+ phishing and shell domains
July 11, 2024, 12:06 p.m.
Description
Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including several hundred active phishing, spoofing, shell and malware delivery domains and IPs targeting various organizations. The campaigns utilize over 4000 domains and subdomains, with nearly half active in the past week. Prominent global brands like Louvre Museum, Meta, Reuters, Microsoft, and others have been targeted. The group employs tactics like spearphishing, malware distribution, and renting infrastructure from bulletproof hosting providers.
Tags
Date
- Created: July 11, 2024, 11:51 a.m.
- Published: July 11, 2024, 11:51 a.m.
- Modified: July 11, 2024, 12:06 p.m.
Indicators
- fdfd96f00e9e713cf86e2d32fb0c653b66fccc0e4969eac9f26d5cdcca98ff7d
- fbec6e79b663d4c5e660a7aff23e392a4f1311382923669548945e8346edbffb
- e8c6831d6e238df5a1f20fc00867b333474a659734ac46a9902fbbadaaf0b51e
- d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d
- 9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e
- 8a24b6f83761561d8b71429f586248f264139aee2d8349f375ccbba702e4ecb2
- 63750019f4a8498edc008a343be90aac8fbb3307ba7eb519fc5df16258dff19c
- 50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba
- 448559c22bf09e6526b67defddcace275d7a0c580a38b0961165bc1efdb3367e
- 43f4d0ae8f84c36d635423719562cdb0f5d9647b79a758a33fdf4aa7540f5622
- 41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2
- 3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277
- 1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc
- 1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252
- 184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c
- 03c84ae3bdd28341bdb9ef24918c3cad6c9ed27c768d351f23e6d37bf048f7a4
- 032d68449a93200aa257943b7e22e619e5ab383f61c7466f7872eeba5ea5b838
- 103.35.191.28
- 89.105.198.190
- 103.113.70.142
- 166.88.159.37
- www.wpenglneweb.com
- www.tivi2.com
- http://themetasupporrtbusiness.nexuslink.click/
- http://kun-quang-api.lordofscan.pro/LoginProcess/api/login_submit
- http://identity-wpengine.com/session_id/login/
- http://app.rmscloud.pro/login/
- http://accountverify.business-helpcase718372649.click/
- themetasupporrtbusiness.nexuslink.click
- kun-quang-api.lordofscan.pro
- book.louvre-ticketing.com
- accountverify.business-helpcase718372649.click
- zoomms-info.com
- xn--manulfe-kza.com
- xn--bitwardn-h1a.com
- wpenglneweb.com
- womansvitamin.com
- westlaw.top
- webex-install.com
- wal-streetjournal.com
- trydropbox.com
- trezor-web.io
- treidingviw-web.xyz
- treidingviw-web.shop
- treidingviw-web.lol
- tredildlngviw.xyz
- tredildlngviw.shop
- thomsonreuter.pro
- thomsonreuter.info
- techevolveproservice.com
- rupaynews.com
- restproxy.com
- redfinneat.com
- quicken-install.com
- paybx.world
- paris-journey.com
- onepassreglons.com
- netfiix-abofrance.com
- netepadtee.com
- multyimap.com
- miidjourney.net
- louvrebill.click
- louvrebil.click
- louvre-event.com
- lexisnexis.day
- identity-wpengine.com
- https-twitter.com
- hotnotepad.com
- hcm-paycor.org
- harvardyardcollection.com
- go-ia.site
- go-ia.info
- ggooleauth.xyz
- escueladeletrados.com
- emeraldblockestates.com
- driv7.com
- driv3.net
- dr1ve.xyz
- ddcccuuu.online
- cybercloudsecure.com
- cybercloudsec.com
- costsco1.com
- concuur.com
- concur.re
- concur.pm
- concur.cfd
- autodesk.pm
- bloomberg-t.com
- ariba.one
- app-trello.com
- androiddeveloperconsole.com
- americangiftsexpress.com
- 2024sharepoint.lat
- affinitycloudenergy.com
Additional Informations
- Utilities
- Consulting
- Retail
- Hospitality
- Technology
- Healthcare
- Media
- Transportation
- Finance