Today > vulnerabilities   -   You can now download lists of IOCs here!

FIN7: The Truth Doesn't Need to be so STARK

Aug. 16, 2024, 8:26 a.m.

Tags
cybercrime
2024-08-16
cybersecurity collaboration
financially motivated
threat group
malicious infrastructure
External References
Description

In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating with Stark-assigned IP addresses, indicating the group's abuse of legitimate hosting services. Through cooperation with Stark, the researchers were able to identify and suspend numerous malicious domains and IP addresses linked to FIN7's operations across various sectors.

Date

Published: Aug. 16, 2024, 8:13 a.m.

Created: Aug. 16, 2024, 8:13 a.m.

Modified: Aug. 16, 2024, 8:26 a.m.

Indicators

ariba.business

91.228.10.81

86.104.72.35

86.104.72.23

86.104.72.22

86.104.72.208

86.104.72.19

86.104.72.16

86.104.72.125

86.104.72.15

5.252.22.213

45.89.53.243

5.180.24.27

45.89.53.175

45.150.65.100

103.35.191.87

103.35.191.137

103.35.191.112

103.35.190.51

103.35.190.40

103.35.190.215

103.35.189.90

103.35.189.46

103.35.189.40

103.35.189.39

103.35.189.38

103.35.189.143

103.35.188.245

45.150.67.143

45.150.65.46

176.120.75.99

141.98.168.183

103.35.191.28

103.113.70.142

abuse@stark-industries.solutions

wilandsabim.info

wuriye.com

unicrebitdank.top

ttlpcs.lat

unicredibank.top

sharepoint2024.one

sapconcur.top

sapconcur.team

sapconcur.one

otpdank24.top

ms-antispam.live

miles-and-mroe.com

meet-goo.org

meet2024.com

meet-goo.net

meet-gl.com

lexisnexis.top

lexisnexis.pro

lexisnexis.one

lexisnexis.lat

lexisnex.top

lexisnex.team

lexisnex.pro

lexis2024.info

lexis2024.pro

law360.one

law2024.info

law2024.top

gogogononono.top

gogogogogotests.xyz

gogogononono.xyz

edankhk.top

gl-meet2024.com

dr1v3.top

dr1v3.one

dhlpost.sbs

dhlpost.nl

dhlpost.lat

clio2024.top

clio2024.one

clio2024.info

clio.pw

clio.lat

blackrock-alladin.pro

ariba.lat

antispam-ms.pro

7zip2024.info

2024xero.com

2bonmai.buzz

2024mycase.win

2024sage.win

2024mycase.com

2024clio.top

2024clio.one

2024aimp.info

2024-aimp.pw

2024-aimp.info

2024-7zip.pw

2024-7zip.info

westlaw.top

thomsonreuter.pro

thomsonreuter.info

netepadtee.com

multyimap.com

hotnotepad.com

dr1ve.xyz

ariba.one

2024sharepoint.lat

Download all indicators here!

Attack Patterns

FIN7

T1588

T1608

T1189

T1505

T1486

T1071

T1543

T1055

T1219

T1204

T1053

T1562

T1190

T1133

T1059