Unwrapping the AIZ—Aggressive Inventory Zombies—Retail & Crypto Phishing Network Campaign

Dec. 13, 2024, 1:31 p.m.

Description

A large-scale phishing campaign targeting retail brands and cryptocurrency users has been uncovered. The campaign, dubbed 'Aggressive Inventory Zombies' (AIZ), initially impersonated Etsy but expanded to target major retailers like Amazon, BestBuy, and eBay. The threat actor uses a popular website template to create phishing sites, integrating chat services for malicious activities. The campaign also targets crypto audiences with a substantial network of phishing sites. The research revealed financial ties to India and collaboration with Stark Industries led to the discovery of additional infrastructure. The campaign employs various tactics, including bulk pricing schemes and live chat widgets for phishing. Multiple cryptocurrency-related phishing efforts were also identified, targeting various crypto brands and exchanges.

External References

https://www.silentpush.com/blog/aiz-retail-crypto-phishing/
https://otx.alienvault.com/pulse/675c34f124ad6ea66e42230d
Tags
phishing
impersonation
e-commerce
2024-12-13
retail

Date

  • Created: Dec. 13, 2024, 1:21 p.m.
  • Published: Dec. 13, 2024, 1:21 p.m.
  • Modified: Dec. 13, 2024, 1:31 p.m.

Indicators

  • 45.144.31.235
  • 45.144.30.184
  • 2.56.178.87
  • http://chat.ssrchat.com/service
  • xbtce-exchange.xyz
  • wayfairmy.cc
  • vnbestbuy.store
  • vipmydealshopgo.xyz
  • vipetsyappshop.cc
  • tik-tokvnshop.net
  • store-joo.org
  • standard-software.cn
  • spsailexpsess.com
  • snaspshopping.com
  • pantera-exchange.com
  • pammvip.com
  • ozatchenum.com
  • officialjunglee.com
  • msostock.net
  • moomoccapital.com
  • mkgmailgo.com
  • mioiocapitald.com
  • midjornieyskilload.com
  • mgciscoin.co
  • m2stock.net
  • luxury-collection.cc
  • klo-ok.cc
  • jngfhjiu56u7.top
  • jd-shopvnvip.top
  • inretsyvipclubapp.com
  • haiwaisite666.com
  • haiwaidemosite.com
  • group-joo.org
  • global-joom.org
  • exchangeaaa.xyz
  • etsyvipinr.com
  • etsyvipclub.xyz
  • etsystore.org
  • etsyshopinr.com
  • etsyoou.icu
  • etsyme.com
  • etsyclubvip.xyz
  • etsyappstorevip.xyz
  • etsyappstoreglobal.xyz
  • etsyappstoreglobal.com
  • etsy.one
  • ebaymerchant.xyz
  • ebay-i.shop
  • e-box.vip
  • cross-borderstore.com
  • coinworld-online-exchange.cc
  • chillivipstore.com
  • bitcoin-contract.vip
  • appstoreetsy.vip
  • amlguards.com
  • aml-check-wallet.com
  • amazonprime.id
  • amazon-ecommerce-shop.com
  • ai-tiktok.top
Download all indicators here!

Attack Patterns

  • Aggressive Inventory Zombies (AIZ)

Additional Informations

  • Retail