In the following (historical) intelligence brief, I'll provide you with some raw domain data of fake companies that are known to have attempted to recruit money mules over the past 2 years.
The domains listed here were registered by the same gang of cybercriminals that I've been extensively profiling in previous "Keeping Money Mule Recruiters on a Short Leash" posts.
Money mule recruitment domains:
compassllc-usa.com
linkllc-uk.com
very-compllc.com
click-n-art.com
infotechgroup-inc.com
amplitude-groupmain.tw
magnet-groupinc.cc
allston-groupsec.cc
DEVELOP-INC.COM
MERCYGROUPNET.NET
MERCY-INC.COM
SOLARISGROUPINC.COM
SOLARISGROUPNET.NET
JVC-INC.COM
JVCGROUPNET.NET
EVOLVINGSYSINC.NET
ATCANETWORKS.NET
ATCA-INC.COM
GALLEOGROUPNET.NET
GALLEO-INC.COM
EVOLVINGSYSINC.NET
EVOLVING-INC.COM
NETMARKET-INC.COM
NETMARKETTECH.NET
INFOTECH-GROUPCO.NET
INFOTECH-GROUPINC.COM
INFOTECHGROUP-INC.COM
BANDS-GROUPSVC.COM
BANDS-INC.COM
BANDSGROUP-INC.NET
BANDSGROUPNET.CC
ICT-GROUPCO.COM
ICT-GROUPSVC.NET
ICTGROUPINC.COM
ICTGROUPNET.CC
GIANT-GROUPCO.NET
GIANT-GROUPINC.COM
GIANT-GROUPNET.CC
GIANTGROUPINC.COM
IMPERIAL-GROUPINC.COM
IMPERIAL-GROUPSVC.NET
IMPERIALGROUPCO.COM
HOSTGROUP-INC.COM
HOSTGROUPINC.COM
HOSTGROUPNET.CC
HOST-GROUPSVC.NET
CNLGROUP-INC.CC
CNLGROUPNET.NET
CNL-GROUPSVC.COM
CNL-INC.COM
bands-groupsvc.com
bands-inc.com
bandsgroup-inc.net
bandsgroupnet.cc
cnl-groupsvc.com
cnl-inc.com
cnlgroup-inc.cc
cnlgroupnet.net
giant-groupco.net
giant-groupinc.com
giant-groupnet.cc
giantgroupinc.com
host-groupsvc.net
hostgroup-inc.com
hostgroupinc.com
hostgroupnet.cc
ict-groupco.com
ict-groupsvc.net
ictgroupinc.com
ictgroupnet.cc
imperial-groupinc.com
imperial-groupsvc.net
imperialgroupco.com
infotech-groupco.net
infotech-groupinc.com
infotechgroup-inc.com
itcom-groupco.net
itcom-groupfine.cc
itcom-groupsvc.com
itcomgroup-inc.com
mgm-groupsvc.com
mgmgroup-inc.net
mgmgroupinc.com
mgmgroupnet.cc
usi-groupinc.net
usigroup-inc.com
usigroupinc.com
usigroupnet.cc
NOVARIS-GROUPLLC.TW
NOVARISGROUPMAIN.TW
NOVARIS-GROUPORG.CC
VITAL-GROUPCO.CC
VITAL-GROUPCO.TW
VITAL-GROUPINC.TW
PERSEUS-GROUPFINE.TW
PERSEUS-GROUPINC.TW
PERSEUSGROUPLLC.CC
Consider going through my previous research into one of the most popular 'risk-forwarding' tactic used by cybercriminals, namely, money mule recruitment.
Related posts on money mule recruitment:
Keeping Money Mule Recruiters on a Short Leash - Part Eleven
Keeping Money Mule Recruiters on a Short Leash - Part Ten
Keeping Money Mule Recruiters on a Short Leash - Part Nine
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev's blog.