Description
In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating with Stark-assigned IP addresses, indicating the group's abuse of legitimate hosting services. Through cooperation with Stark, the researchers were able to identify and suspend numerous malicious domains and IP addresses linked to FIN7's operations across various sectors.
Date
Published | Created | Modified |
---|---|---|
Aug. 16, 2024, 8:13 a.m. | Aug. 16, 2024, 8:13 a.m. | Aug. 16, 2024, 8:26 a.m. |
Indicators
ariba.business
91.228.10.81
86.104.72.35
86.104.72.23
86.104.72.22
86.104.72.208
86.104.72.19
86.104.72.16
86.104.72.125
86.104.72.15
5.252.22.213
45.89.53.243
5.180.24.27
45.89.53.175
45.150.65.100
103.35.191.87
103.35.191.137
103.35.191.112
103.35.190.51
103.35.190.40
103.35.190.215
103.35.189.90
103.35.189.46
103.35.189.40
103.35.189.39
103.35.189.38
103.35.189.143
103.35.188.245
45.150.67.143
45.150.65.46
176.120.75.99
141.98.168.183
103.35.191.28
103.113.70.142
abuse@stark-industries.solutions
Attack Patterns
FIN7
T1588
T1608
T1189
T1505
T1486
T1071
T1543
T1055
T1219
T1204
T1053
T1562
T1190
T1133
T1059