'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
May 30, 2024, 10:01 a.m.
Tags
External References
Description
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) targeting cryptocurrency exchanges, tech companies, and other platforms, using techniques like DNSPod nameservers and fast flux evasion. The report provides background on CryptoChameleon, its tactics and techniques, and the associated infrastructure discovered by Silent Push.
Date
Published: May 30, 2024, 9:31 a.m.
Created: May 30, 2024, 9:31 a.m.
Modified: May 30, 2024, 10:01 a.m.
Indicators
87.251.79.177
84.38.181.13
77.221.140.195
78.153.149.108
5.188.88.34
5.188.88.11
5.188.88.112
45.151.232.72
45.151.232.66
45.151.232.64
45.131.41.244
213.226.112.47
195.58.51.185
185.251.88.223
185.185.71.105
141.98.235.115
158.160.156.135
5.188.88.229
185.185.70.94
188.68.221.152
lookoutsucks.com
83956-coinbse.com
837613-coinbse.com
83216-coinbse.com
81958-coinbse.com
826298-coinbse.com
81926-coinbse.com
81758-coinbse.com
81920-coinbse.com
76153-coinbse.com
Attack Patterns
T1568.001
T1038
T1588
T1556
T1534
T1608
T1583
T1614
T1598
T1218
T1057
T1071