{ "name": "FIN7: The Truth Doesn't Need to be so STARK", "slug": "fin7-the-truth-doesnt-need-to-be-so-stark", "description": "In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating with Stark-assigned IP addresses, indicating the group's abuse of legitimate hosting services. Through cooperation with Stark, the researchers were able to identify and suspend numerous malicious domains and IP addresses linked to FIN7's operations across various sectors.", "published": "2024-08-16T06:13:17+00:00", "created_at": "2024-08-16T06:13:17+00:00", "modified_at": "2024-08-16T06:26:11+00:00", "created_at_opencti": "2024-08-16T06:13:17+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-08-16", "cybercrime", "cybersecurity collaboration", "financially-motivated", "malicious infrastructure", "threat group" ], "related_entities": { "observables": [ { "id": "", "name": "91.228.10.81" }, { "id": "", "name": "86.104.72.35" }, { "id": "", "name": "86.104.72.23" }, { "id": "", "name": "86.104.72.22" }, { "id": "", "name": "86.104.72.208" }, { "id": "", "name": "86.104.72.19" }, { "id": "", "name": "86.104.72.16" }, { "id": "", "name": "86.104.72.125" }, { "id": "", "name": "86.104.72.15" }, { "id": "", "name": "5.252.22.213" }, { "id": "", "name": "45.89.53.243" }, { "id": "", "name": "5.180.24.27" }, { "id": "", "name": "45.89.53.175" }, { "id": "", "name": "45.150.65.100" }, { "id": "", "name": "103.35.191.87" }, { "id": "", "name": "103.35.191.137" }, { "id": "", "name": "103.35.191.112" }, { "id": "", "name": "103.35.190.51" }, { "id": "", "name": "103.35.190.40" }, { "id": "", "name": "103.35.190.215" }, { "id": "", "name": "103.35.189.90" }, { "id": "", "name": "103.35.189.46" }, { "id": "", "name": "103.35.189.40" }, { "id": "", "name": "103.35.189.39" }, { "id": "", "name": "103.35.189.38" }, { "id": "", "name": "103.35.189.143" }, { "id": "", "name": "103.35.188.245" }, { "id": "", "name": "45.150.67.143" }, { "id": "", "name": "45.150.65.46" }, { "id": "", "name": "176.120.75.99" }, { "id": "", "name": "141.98.168.183" }, { "id": "", "name": "103.35.191.28" }, { "id": "", "name": "103.113.70.142" }, { "id": "", "name": "wilandsabim.info" }, { "id": "", "name": "wuriye.com" }, { "id": "", "name": "unicrebitdank.top" }, { "id": "", "name": "ttlpcs.lat" }, { "id": "", "name": "unicredibank.top" }, { "id": "", "name": "sharepoint2024.one" }, { "id": "", "name": "sapconcur.top" }, { "id": "", "name": "sapconcur.team" }, { "id": "", "name": "sapconcur.one" }, { "id": "", "name": "otpdank24.top" }, { "id": "", "name": "ms-antispam.live" }, { "id": "", "name": "miles-and-mroe.com" }, { "id": "", "name": "meet-goo.org" }, { "id": "", "name": "meet2024.com" }, { "id": "", "name": "meet-goo.net" }, { "id": "", "name": "meet-gl.com" }, { "id": "", "name": "lexisnexis.top" }, { "id": "", "name": "lexisnexis.pro" }, { "id": "", "name": "lexisnexis.one" }, { "id": "", "name": "lexisnexis.lat" }, { "id": "", "name": "lexisnex.top" }, { "id": "", "name": "lexisnex.team" }, { "id": "", "name": "lexisnex.pro" }, { "id": "", "name": "lexis2024.info" }, { "id": "", "name": "lexis2024.pro" }, { "id": "", "name": "law360.one" }, { "id": "", "name": "law2024.info" }, { "id": "", "name": "law2024.top" }, { "id": "", "name": "gogogononono.top" }, { "id": "", "name": "gogogogogotests.xyz" }, { "id": "", "name": "gogogononono.xyz" }, { "id": "", "name": "edankhk.top" }, { "id": "", "name": "gl-meet2024.com" }, { "id": "", "name": "dr1v3.top" }, { "id": "", "name": "dr1v3.one" }, { "id": "", "name": "dhlpost.sbs" }, { "id": "", "name": "dhlpost.nl" }, { "id": "", "name": "dhlpost.lat" }, { "id": "", "name": "clio2024.top" }, { "id": "", "name": "clio2024.one" }, { "id": "", "name": "clio2024.info" }, { "id": "", "name": "clio.pw" }, { "id": "", "name": "clio.lat" }, { "id": "", "name": "blackrock-alladin.pro" }, { "id": "", "name": "ariba.lat" }, { "id": "", "name": "antispam-ms.pro" }, { "id": "", "name": "7zip2024.info" }, { "id": "", "name": "2024xero.com" }, { "id": "", "name": "2bonmai.buzz" }, { "id": "", "name": "2024mycase.win" }, { "id": "", "name": "2024sage.win" }, { "id": "", "name": "2024mycase.com" }, { "id": "", "name": "2024clio.top" }, { "id": "", "name": "2024clio.one" }, { "id": "", "name": "2024aimp.info" }, { "id": "", "name": "2024-aimp.pw" }, { "id": "", "name": "2024-aimp.info" }, { "id": "", "name": "2024-7zip.pw" }, { "id": "", "name": "2024-7zip.info" }, { "id": "", "name": "westlaw.top" }, { "id": "", "name": "thomsonreuter.pro" }, { "id": "", "name": "thomsonreuter.info" }, { "id": "", "name": "netepadtee.com" }, { "id": "", "name": "multyimap.com" }, { "id": "", "name": "hotnotepad.com" }, { "id": "", "name": "dr1ve.xyz" }, { "id": "", "name": "ariba.one" }, { "id": "", "name": "2024sharepoint.lat" }, { "id": "", "name": "abuse@stark-industries.solutions" }, { "id": "", "name": "ariba.business" } ], "intrusion_sets": [ { "id": "aa1038cb-7e0c-4c52-a676-b1889ed37998", "name": "FIN7", "slug": "fin7" } ], "attack_patterns": [ { "id": "7616ff60-a18f-4663-9824-b889aa01c8ce", "name": "T1588" }, { "id": "9c5a20d1-0df9-4e99-bcc5-0b731a78b5d1", "name": "T1608" }, { "id": "fe6f2946-a01e-460c-9636-8c48b45dd0e6", "name": "T1189" }, { "id": "eb118bf2-fdf2-4b49-a470-0acabf7608ad", "name": "T1505" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "af9ed2e3-4663-4723-beab-c606ddc312e0", "name": "T1543" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "c12e0e03-aab0-4646-a929-e921a3d27f02", "name": "T1219" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d", "name": "T1053" }, { "id": "fcd96dc0-500e-4354-bd97-5c65718a9004", "name": "T1562" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "b9eab970-53dd-4977-9a26-c4fe566e422d", "name": "T1133" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://www.team-cymru.com/post/fin7-the-truth-doesn-t-need-to-be-so-stark", "https://otx.alienvault.com/pulse/66bf0a1d4ef8f6026826890e" ] }