FIN7: The Truth Doesn't Need to be so STARK

Aug. 16, 2024, 8:26 a.m.

Description

In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating with Stark-assigned IP addresses, indicating the group's abuse of legitimate hosting services. Through cooperation with Stark, the researchers were able to identify and suspend numerous malicious domains and IP addresses linked to FIN7's operations across various sectors.

External References

https://www.team-cymru.com/post/fin7-the-truth-doesn-t-need-to-be-so-stark
https://otx.alienvault.com/pulse/66bf0a1d4ef8f6026826890e
Tags
cybercrime
2024-08-16
cybersecurity collaboration
financially motivated
threat group
malicious infrastructure

Date

  • Created: Aug. 16, 2024, 8:13 a.m.
  • Published: Aug. 16, 2024, 8:13 a.m.
  • Modified: Aug. 16, 2024, 8:26 a.m.

Indicators

  • ariba.business
  • 91.228.10.81
  • 86.104.72.35
  • 86.104.72.23
  • 86.104.72.22
  • 86.104.72.208
  • 86.104.72.19
  • 86.104.72.16
  • 86.104.72.125
  • 86.104.72.15
  • 5.252.22.213
  • 45.89.53.243
  • 5.180.24.27
  • 45.89.53.175
  • 45.150.65.100
  • 103.35.191.87
  • 103.35.191.137
  • 103.35.191.112
  • 103.35.190.51
  • 103.35.190.40
  • 103.35.190.215
  • 103.35.189.90
  • 103.35.189.46
  • 103.35.189.40
  • 103.35.189.39
  • 103.35.189.38
  • 103.35.189.143
  • 103.35.188.245
  • 45.150.67.143
  • 45.150.65.46
  • 176.120.75.99
  • 141.98.168.183
  • 103.35.191.28
  • 103.113.70.142
  • abuse@stark-industries.solutions
  • wilandsabim.info
  • wuriye.com
  • unicrebitdank.top
  • ttlpcs.lat
  • unicredibank.top
  • sharepoint2024.one
  • sapconcur.top
  • sapconcur.team
  • sapconcur.one
  • otpdank24.top
  • ms-antispam.live
  • miles-and-mroe.com
  • meet-goo.org
  • meet2024.com
  • meet-goo.net
  • meet-gl.com
  • lexisnexis.top
  • lexisnexis.pro
  • lexisnexis.one
  • lexisnexis.lat
  • lexisnex.top
  • lexisnex.team
  • lexisnex.pro
  • lexis2024.info
  • lexis2024.pro
  • law360.one
  • law2024.info
  • law2024.top
  • gogogononono.top
  • gogogogogotests.xyz
  • gogogononono.xyz
  • edankhk.top
  • gl-meet2024.com
  • dr1v3.top
  • dr1v3.one
  • dhlpost.sbs
  • dhlpost.nl
  • dhlpost.lat
  • clio2024.top
  • clio2024.one
  • clio2024.info
  • clio.pw
  • clio.lat
  • blackrock-alladin.pro
  • ariba.lat
  • antispam-ms.pro
  • 7zip2024.info
  • 2024xero.com
  • 2bonmai.buzz
  • 2024mycase.win
  • 2024sage.win
  • 2024mycase.com
  • 2024clio.top
  • 2024clio.one
  • 2024aimp.info
  • 2024-aimp.pw
  • 2024-aimp.info
  • 2024-7zip.pw
  • 2024-7zip.info
  • westlaw.top
  • thomsonreuter.pro
  • thomsonreuter.info
  • netepadtee.com
  • multyimap.com
  • hotnotepad.com
  • dr1ve.xyz
  • ariba.one
  • 2024sharepoint.lat
Download all indicators here!

Attack Patterns

  • FIN7