Countering threats from Iran
Technical Details
Indicators from APT28 phishing campaign:
service-reset-password-moderate-digital.rf[.]gd
reset-service-identity-mail.42web[.]io
digital-email-software.great-site[.]net
Indicators from APT35 campaigns:
Abused Google Properties:
https://sites.google[.]com/view/ty85yt8tg8-download-rtih4ithr/
https://sites.google[.]com/view/user-id-568245/
https://sites.google[.]com/view/hhbejfdwdhwuhscbsb-xscvhdvbc/
Abused Dropbox Properties:
https://www.dropbox[.]com/s/68y4vpfu8pc3imf/Iraq&Jewish.pdf
Phishing Domains:
nco2[.]live
summit-files[.]com
filetransfer[.]club
continuetogo[.]me
accessverification[.]online
customers-verification-identifier[.]site
service-activity-session[.]online
identifier-service-review[.]site
recovery-activity-identification[.]site
review-session-confirmation[.]site
recovery-service-activity[.]site
verify-service-activity[.]site
service-manager-notifications[.]info
Android App:
Android App C2:
communication-shield[.]site
cdsa[.]xyz