Today > vulnerabilities   -   You can now download lists of IOCs here!

Triad Nexus: FUNNULL CDN hosting DGA domains for suspect Chinese sites

Oct. 23, 2024, 1:51 p.m.

Tags
phishing
dga
gambling
2024-10-23
supply chain attack
funnull
triad nexus
suncity group
cdn
External References
Description

Silent Push has uncovered a large-scale malicious infrastructure dubbed 'Triad Nexus' hosted on the FUNNULL content delivery network. The investigation revealed over 200,000 unique hostnames, with 95% created using Domain Generation Algorithms. FUNNULL is linked to hosting suspect gambling websites, investment scams, and a retail phishing campaign targeting major brands. Connections were found to the Suncity Group, previously implicated in money laundering for the Lazarus crime group. A supply chain attack involving the polyfill.io JavaScript library affected over 110,000 websites. The research exposes FUNNULL's role in facilitating various criminal activities and raises concerns about its practices as a CDN provider.

Date

Published: Oct. 23, 2024, 1:19 p.m.

Created: Oct. 23, 2024, 1:19 p.m.

Modified: Oct. 23, 2024, 1:51 p.m.

Indicators

www.cmegrouphkpd.info

vk6a2rmn-u.funnull01.vip

vk6a2rmn-u.funnull.vip

tiffa.tiffyfy.net

sonbuyue.comsonbuyue.net

slvmgo.netslvmgo.com

sakoffirg.comsakofforg.net

marcus.marcudk.netmarcus.marcufu.net

marcus.marcufu.net

marcus.marcudk.net

marcus.marcudk.com

jdfraa.shopjdfroa.com

inditetx.topinditetx.com

h5.aldosop.com

giltbl.comgiltql.com

etsy.etsyshop1.com

eby.ebayshos.comeby.ebanyshop.com

eby.ebayshos.com

eby.ebanyshop.com

ebay.ebayshoo.com

ebate.ebatshop.com

coachbir.comcoachoig.com

casher.cashewargi.com

cartier.cartierate.com

bonanza.jdfraa.com

asda.assedda.comasda.assedaa.com

asda.assedda.com

asda.assedaa.com

asda.aseasda.com

aldosopy.comh5.aldosop.com

aldo.shopaldo1.com

6ce0a6db.u.fn03.vip

12abb97f.u.fn03.vip

valentinogtm.com

t25556.com

threevip.cc

sonbuyue.net

sonbuyue.com

sonbuyre.com

slvmgo.net

slvmgo.com

sakofforg.net

sakoffirg.com

sakoffhue.com

s97988.com

s3958.com

r4113.com

r0944.com

milvmhshop.com

lotasea.com

k76697.com

jdfroa.com

inditetx.top

jdfraa.shop

inditetx.net

hiflyk47344.top

inditetx.com

haodeac.com

giltql.com

giltql.net

giltbl.com

coachoph.com

coachoig.com

coachbir.com

cjmall01.com

bcbdsgs.com

cmegrouphkpd.info

aldosopy.com

6289.com

15991t.com

Download all indicators here!

Attack Patterns

T1102.003

T1584.001

T1583.001

T1204.001

T1059.007

T1199

T1566

T1190

T1078

Additional Informations

Retail

Technology

Finance

China