{ "name": "FIN7: Silent Push unearths 4000+ phishing and shell domains", "slug": "fin7-silent-push-unearths-4000-phishing-and-shell-domains", "description": "Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including several hundred active phishing, spoofing, shell and malware delivery domains and IPs targeting various organizations. The campaigns utilize over 4000 domains and subdomains, with nearly half active in the past week. Prominent global brands like Louvre Museum, Meta, Reuters, Microsoft, and others have been targeted. The group employs tactics like spearphishing, malware distribution, and renting infrastructure from bulletproof hosting providers.", "published": "2024-07-11T09:51:22+00:00", "created_at": "2024-07-11T09:51:22+00:00", "modified_at": "2024-07-11T10:06:34+00:00", "created_at_opencti": "2024-07-11T09:51:22+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-11", "anunak", "carbanak", "eugenloader", "gracewire", "phishing", "spoofing" ], "related_entities": { "observables": [ { "id": "", "name": "103.35.191.28" }, { "id": "", "name": "89.105.198.190" }, { "id": "", "name": "103.113.70.142" }, { "id": "", "name": "166.88.159.37" }, { "id": "", "name": "www.wpenglneweb.com" }, { "id": "", "name": "www.tivi2.com" }, { "id": "", "name": "http://themetasupporrtbusiness.nexuslink.click/" }, { "id": "", "name": "http://kun-quang-api.lordofscan.pro/LoginProcess/api/login_submit" }, { "id": "", "name": "http://identity-wpengine.com/session_id/login/" }, { "id": "", "name": "http://app.rmscloud.pro/login/" }, { "id": "", "name": "http://accountverify.business-helpcase718372649.click/" }, { "id": "", "name": "themetasupporrtbusiness.nexuslink.click" }, { "id": "", "name": "kun-quang-api.lordofscan.pro" }, { "id": "", "name": "book.louvre-ticketing.com" }, { "id": "", "name": "accountverify.business-helpcase718372649.click" }, { "id": "", "name": "zoomms-info.com" }, { "id": "", "name": "xn--manulfe-kza.com" }, { "id": "", "name": "xn--bitwardn-h1a.com" }, { "id": "", "name": "wpenglneweb.com" }, { "id": "", "name": "womansvitamin.com" }, { "id": "", "name": "westlaw.top" }, { "id": "", "name": "webex-install.com" }, { "id": "", "name": "wal-streetjournal.com" }, { "id": "", "name": "trydropbox.com" }, { "id": "", "name": "trezor-web.io" }, { "id": "", "name": "treidingviw-web.xyz" }, { "id": "", "name": "treidingviw-web.shop" }, { "id": "", "name": "treidingviw-web.lol" }, { "id": "", "name": "tredildlngviw.xyz" }, { "id": "", "name": "tredildlngviw.shop" }, { "id": "", "name": "thomsonreuter.pro" }, { "id": "", "name": "thomsonreuter.info" }, { "id": "", "name": "techevolveproservice.com" }, { "id": "", "name": "rupaynews.com" }, { "id": "", "name": "restproxy.com" }, { "id": "", "name": "redfinneat.com" }, { "id": "", "name": "quicken-install.com" }, { "id": "", "name": "paybx.world" }, { "id": "", "name": "paris-journey.com" }, { "id": "", "name": "onepassreglons.com" }, { "id": "", "name": "netfiix-abofrance.com" }, { "id": "", "name": "netepadtee.com" }, { "id": "", "name": "multyimap.com" }, { "id": "", "name": "miidjourney.net" }, { "id": "", "name": "louvrebill.click" }, { "id": "", "name": "louvrebil.click" }, { "id": "", "name": "louvre-event.com" }, { "id": "", "name": "lexisnexis.day" }, { "id": "", "name": "identity-wpengine.com" }, { "id": "", "name": "https-twitter.com" }, { "id": "", "name": "hotnotepad.com" }, { "id": "", "name": "hcm-paycor.org" }, { "id": "", "name": "harvardyardcollection.com" }, { "id": "", "name": "go-ia.site" }, { "id": "", "name": "go-ia.info" }, { "id": "", "name": "ggooleauth.xyz" }, { "id": "", "name": "escueladeletrados.com" }, { "id": "", "name": "emeraldblockestates.com" }, { "id": "", "name": "driv7.com" }, { "id": "", "name": "driv3.net" }, { "id": "", "name": "dr1ve.xyz" }, { "id": "", "name": "ddcccuuu.online" }, { "id": "", "name": "cybercloudsecure.com" }, { "id": "", "name": "cybercloudsec.com" }, { "id": "", "name": "costsco1.com" }, { "id": "", "name": "concuur.com" }, { "id": "", "name": "concur.re" }, { "id": "", "name": "concur.pm" }, { "id": "", "name": "concur.cfd" }, { "id": "", "name": "autodesk.pm" }, { "id": "", "name": "bloomberg-t.com" }, { "id": "", "name": "ariba.one" }, { "id": "", "name": "app-trello.com" }, { "id": "", "name": "androiddeveloperconsole.com" }, { "id": "", "name": "americangiftsexpress.com" }, { "id": "", "name": "2024sharepoint.lat" }, { "id": "", "name": "affinitycloudenergy.com" }, { "id": "", "name": "fdfd96f00e9e713cf86e2d32fb0c653b66fccc0e4969eac9f26d5cdcca98ff7d" }, { "id": "", "name": "fbec6e79b663d4c5e660a7aff23e392a4f1311382923669548945e8346edbffb" }, { "id": "", "name": "e8c6831d6e238df5a1f20fc00867b333474a659734ac46a9902fbbadaaf0b51e" }, { "id": "", "name": "d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d" }, { "id": "", "name": "9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e" }, { "id": "", "name": "8a24b6f83761561d8b71429f586248f264139aee2d8349f375ccbba702e4ecb2" }, { "id": "", "name": "63750019f4a8498edc008a343be90aac8fbb3307ba7eb519fc5df16258dff19c" }, { "id": "", "name": "50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba" }, { "id": "", "name": "448559c22bf09e6526b67defddcace275d7a0c580a38b0961165bc1efdb3367e" }, { "id": "", "name": "43f4d0ae8f84c36d635423719562cdb0f5d9647b79a758a33fdf4aa7540f5622" }, { "id": "", "name": "41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2" }, { "id": "", "name": "3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277" }, { "id": "", "name": "1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc" }, { "id": "", "name": "1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252" }, { "id": "", "name": "184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c" }, { "id": "", "name": "03c84ae3bdd28341bdb9ef24918c3cad6c9ed27c768d351f23e6d37bf048f7a4" }, { "id": "", "name": "032d68449a93200aa257943b7e22e619e5ab383f61c7466f7872eeba5ea5b838" } ], "malware": [ { "id": "legacy:malware:68c1b5fbcd4b5320", "name": "Gracewire", "slug": "gracewire" }, { "id": "legacy:malware:f18406462f2813e9", "name": "EugenLoader", "slug": "eugenloader" }, { "id": "legacy:malware:e8a7b58e9b047636", "name": "Anunak", "slug": "anunak" }, { "id": "legacy:malware:ec4a99c13866334a", "name": "Carbanak - S0030", "slug": "carbanak-s0030" } ], "intrusion_sets": [ { "id": "aa1038cb-7e0c-4c52-a676-b1889ed37998", "name": "FIN7", "slug": "fin7" } ], "attack_patterns": [ { "id": "e263a16c-ab5b-4196-8194-1906be1fabc4", "name": "T1056.003" }, { "id": "1e043fe4-2413-4b8e-887c-0fe45d095a24", "name": "T1583" }, { "id": "fe6f2946-a01e-460c-9636-8c48b45dd0e6", "name": "T1189" }, { "id": "743d2e0c-e5d5-4ccb-a6bd-0035c4e88c37", "name": "T1176" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" } ], "others": [ { "id": "", "name": "Utilities" }, { "id": "", "name": "Consulting" }, { "id": "", "name": "Retail" }, { "id": "", "name": "Hospitality" }, { "id": "", "name": "Technology" }, { "id": "", "name": "Healthcare" }, { "id": "", "name": "Media" }, { "id": "", "name": "Transportation" }, { "id": "", "name": "Finance" } ] }, "external_refs": [ "https://www.silentpush.com/blog/fin7/", "https://otx.alienvault.com/pulse/668fc73a5d94ad96c0882bb8" ] }