— Google

Countering threats from Iran

Technical Details

Indicators from APT28 phishing campaign:

service-reset-password-moderate-digital.rf[.]gd

reset-service-identity-mail.42web[.]io

digital-email-software.great-site[.]net

Indicators from APT35 campaigns:

Abused Google Properties:

https://sites.google[.]com/view/ty85yt8tg8-download-rtih4ithr/

https://sites.google[.]com/view/user-id-568245/

https://sites.google[.]com/view/hhbejfdwdhwuhscbsb-xscvhdvbc/

Abused Dropbox Properties:

https://www.dropbox[.]com/s/68y4vpfu8pc3imf/Iraq&Jewish.pdf

Phishing Domains:

nco2[.]live

summit-files[.]com

filetransfer[.]club

continuetogo[.]me

accessverification[.]online

customers-verification-identifier[.]site

service-activity-session[.]online

identifier-service-review[.]site

recovery-activity-identification[.]site

review-session-confirmation[.]site

recovery-service-activity[.]site

verify-service-activity[.]site

service-manager-notifications[.]info

Android App:

https://www.virustotal.com/gui/file/5d3ff202f20af915863eee45916412a271bae1ea3a0e20988309c16723ce4da5/detection

Android App C2:

communication-shield[.]site

cdsa[.]xyz

Source

What is your reaction?

0
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly

Leave a reply

Your email address will not be published. Required fields are marked *