Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered

May 30, 2024, 10:01 a.m.

Description

A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) targeting cryptocurrency exchanges, tech companies, and other platforms, using techniques like DNSPod nameservers and fast flux evasion. The report provides background on CryptoChameleon, its tactics and techniques, and the associated infrastructure discovered by Silent Push.

Date

Published: May 30, 2024, 9:31 a.m.

Created: May 30, 2024, 9:31 a.m.

Modified: May 30, 2024, 10:01 a.m.

Indicators

87.251.79.177

84.38.181.13

77.221.140.195

78.153.149.108

5.188.88.34

5.188.88.11

5.188.88.112

45.151.232.72

45.151.232.66

45.151.232.64

45.131.41.244

213.226.112.47

195.58.51.185

185.251.88.223

185.185.71.105

141.98.235.115

158.160.156.135

5.188.88.229

185.185.70.94

188.68.221.152

lookoutsucks.com

83956-coinbse.com

837613-coinbse.com

83216-coinbse.com

81958-coinbse.com

826298-coinbse.com

81926-coinbse.com

81758-coinbse.com

81920-coinbse.com

76153-coinbse.com

Attack Patterns

T1568.001

T1038

T1588

T1556

T1534

T1608

T1583

T1614

T1598

T1218

T1057

T1071