'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
May 30, 2024, 10:01 a.m.
Description
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) targeting cryptocurrency exchanges, tech companies, and other platforms, using techniques like DNSPod nameservers and fast flux evasion. The report provides background on CryptoChameleon, its tactics and techniques, and the associated infrastructure discovered by Silent Push.
Tags
Date
- Created: May 30, 2024, 9:31 a.m.
- Published: May 30, 2024, 9:31 a.m.
- Modified: May 30, 2024, 10:01 a.m.
Indicators
- 87.251.79.177
- 84.38.181.13
- 77.221.140.195
- 78.153.149.108
- 5.188.88.34
- 5.188.88.11
- 5.188.88.112
- 45.151.232.72
- 45.151.232.66
- 45.151.232.64
- 45.131.41.244
- 213.226.112.47
- 195.58.51.185
- 185.251.88.223
- 185.185.71.105
- 141.98.235.115
- 158.160.156.135
- 5.188.88.229
- 185.185.70.94
- 188.68.221.152
- lookoutsucks.com
- 83956-coinbse.com
- 837613-coinbse.com
- 83216-coinbse.com
- 81958-coinbse.com
- 826298-coinbse.com
- 81926-coinbse.com
- 81758-coinbse.com
- 81920-coinbse.com
- 76153-coinbse.com