Today > vulnerabilities   -   You can now download lists of IOCs here!

Iranian backed group steps up phishing campaigns against Israel, U.S.

Aug. 26, 2024, 1:06 p.m.

Tags
phishing
social engineering
iran
credential theft
2024-08-26
election targeting
ycollection
lcollection
dwp
gcollection
External References
Description

An Iranian government-backed threat group known as APT42 has significantly intensified its phishing campaigns targeting high-profile individuals in Israel and the United States over the past six months. The group, associated with Iran's Islamic Revolutionary Guard Corps, has focused on current and former government officials, political campaigns, diplomats, think tanks, NGOs, and academic institutions involved in foreign policy discussions. APT42's activities demonstrate a concerted effort to rapidly shift its operational priorities in line with Iran's political and military objectives.

Date

Published: Aug. 26, 2024, 12:43 p.m.

Created: Aug. 26, 2024, 12:43 p.m.

Modified: Aug. 26, 2024, 1:06 p.m.

Indicators

f83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060

c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32

bc2597ce09987022ff0498c6710a9b51a1a47ed8082ac044be2838b384157527

baac058ddfc96c8aea8c0057077505f0ad3ff20311d999886fed549924404849

89c1d1b61d7f863f8a651726e29f2ae3de7958f36b49a756069021817947d06c

82ae2eb470a5a16ca39ec84b387294eaa3ae82e5ada4b252470c1281e1f31c0a

0180f4f29c550aa1ffaa21af51711b29de99fb1d7c932d008a0e9356ae8a7d60

c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3

4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f

33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156

91.107.150.184

49.13.194.118

http://smaaaal.cfd/Wp59tqKU

http://short-ion-per.live/08EFNZ1

http://sharedrive.webredirect.org/Khn/shoaGzA/cGNt/dMPaV/kvvhK

http://s3api.shop/api/

http://panel-short-check.live/ZZqt3LYD

http://panel-short-check.live/PhyfkFQX

http://click-choose-figured.cfd/Gallery/Ref/FSaEM5gG

http://click-choose-figured.cfd/Gallery/Password

http://checking-paneling.live/aliasauthG/autoref/vNSX6c2m

http://checking-paneling.live/aliasauthG/Password

http://check-pabnel-status.live/Lcollection/Ref/F53OQQkE

http://check-pabnel-status.live/Lcollection/Password

http://check-pabnel-status.live/Gcollection/Ref/CkliPwaM

http://check-pabnel-status.live/Gcollection/Password

visioneditor.loseyourip.com

sharedrive.webredirect.org

smaaaal.cfd

short-ion-per.live

s3api.shop

click-choose-figured.cfd

checking-paneling.live

brookings.email

accredit-navigation.online

understandingthewar.org

panel-short-check.live

check-pabnel-status.live

Download all indicators here!

Attack Patterns

DWP

YCollection

GCollection

LCollection

APT42

T1610

T1591

T1568

T1086

T1589

T1587

T1136

T1114

T1123

T1598

T1071

T1055

T1040

T1204

T1195

T1566

T1078

T1003

T1059

Additional Informations

Israel

United States of America