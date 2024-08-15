International
Iran-backed group steps up phishing campaigns against Israel, US
Indicators of CompromiseAPT42 Domains and URLs
Related DWP Phishing Kit
accredit-navigation[.]online
hXXps://n9[.]cl/4xgro
Related GCollection Phishing Kit
short-check-panel[.]live
check-panel-status[.]live
salledemeetingonline1925.w3spaces[.]with
little[.]CFD
click-choose-figure[.]CFD
ion-court-par[.]live
control-panel[.]live
hXXps://panel-short-check[.]live/PhyfkFQX
hXXps://check-pabnel-status[.]live/Gcollection/Ref/CkliPwaM
hXXps://check-pabnel-status[.]live/Gcollection/Password
hXXps://panel-short-check[.]live/ZZqt3LYD
hXXps://check-pabnel-status[.]live/Lcollection/Ref/F53OQQkE
hXXps://check-pabnel-status[.]live/Lcollection/Password
hXXps://meetroomonlin1925.w3spaces[.]com/
hXXps://smaaaal[.]cfd/Wp59tqKU
hXXps://click-choose-figured[.]cfd/Gallery/Ref/FSaEM5gG
hXXps://click-choose-figured[.]cfd/Gallery/Password
hXXps://court-ion-par[.]live/08EFNZ1
hXXps://panel-checking[.]live/aliasauthG/Password
hXXps://panel-checking[.]live/aliasauthG/autoref/vNSX6c2m
Other
understandwar[.]organization
streams[.]e-mail
redirect to sharedrive.web[.]organization
visioneditor.loseyourip[.]with
s3API[.]shop
hXXps://sharedrive.webredirect[.]org/Khn/shoaGzA/cGNt/dMPaV/kvvhK
hXXps://firebasestorage.googleapis[.]com/v0/b/share-box-5f395.appspot.com/o/onedrive-qrty45.html
hXXps://visioneditor.loseyourip[.]with
hXXps://s3api[.]shop/api/
APT42 (SHA256) samples
c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32 (NEW TERMINAL)
bc2597ce09987022ff0498c6710a9b51a1a47ed8082ac044be2838b384157527 (OFFICE FUEL)
baac058ddfc96c8aea8c0057077505f0ad3ff20311d999886fed549924404849 (OFFICE FUEL)
0180f4f29c550aa1ffaa21af51711b29de99fb1d7c932d008a0e9356ae8a7d60 (FUEL DRAIN)
f83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060 (FUEL DRAIN)
82ae2eb470a5a16ca39ec84b387294eaa3ae82e5ada4b252470c1281e1f31c0a (FUEL DRAIN)
89c1d1b61d7f863f8a651726e29f2ae3de7958f36b49a756069021817947d06c (FUEL DRAIN)
c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3 (GORBLE PS-LNK)
33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156 (GORBLE PS – Step 1)
4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f (GORBLE PS – Step 2)
APT42 – IP Addresses
49.13.194[.]118 (C2 – OFFICE FUEL/FUEL DRAIN)
91.107.150[.]184 (C2 – OFFICE FUEL/FUEL DRAIN)
|
Sources
2/ https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/
The mention sources can contact us to remove/changing this article
What Are The Main Benefits Of Comparing Car Insurance Quotes Online
