In the following (historical) intelligence brief, I'll provide you with some raw domain data of fake companies that are known to have attempted to recruit money mules over the past 2 years.
The domains listed here were registered by the same gang of cybercriminals that I've been extensively profiling in previous "Keeping Money Mule Recruiters on a Short Leash" posts.
Money mule recruitment domains:
compassllc-usa.com
linkllc-uk.com
very-compllc.com
click-n-art.com
infotechgroup-inc.com
amplitude-groupmain.tw
magnet-groupinc.cc
allston-groupsec.cc
DEVELOP-INC.COM
MERCYGROUPNET.NET
MERCY-INC.COM
SOLARISGROUPINC.COM
SOLARISGROUPNET.NET
JVC-INC.COM
JVCGROUPNET.NET
EVOLVINGSYSINC.NET
ATCANETWORKS.NET
ATCA-INC.COM
GALLEOGROUPNET.NET
GALLEO-INC.COM
EVOLVINGSYSINC.NET
EVOLVING-INC.COM
NETMARKET-INC.COM
NETMARKETTECH.NET
INFOTECH-GROUPCO.NET
INFOTECH-GROUPINC.COM
INFOTECHGROUP-INC.COM
BANDS-GROUPSVC.COM
BANDS-INC.COM
BANDSGROUP-INC.NET
BANDSGROUPNET.CC
ICT-GROUPCO.COM
ICT-GROUPSVC.NET
ICTGROUPINC.COM
ICTGROUPNET.CC
GIANT-GROUPCO.NET
GIANT-GROUPINC.COM
GIANT-GROUPNET.CC
GIANTGROUPINC.COM
IMPERIAL-GROUPINC.COM
IMPERIAL-GROUPSVC.NET
IMPERIALGROUPCO.COM
HOSTGROUP-INC.COM
HOSTGROUPINC.COM
HOSTGROUPNET.CC
HOST-GROUPSVC.NET
CNLGROUP-INC.CC
CNLGROUPNET.NET
CNL-GROUPSVC.COM
CNL-INC.COM
bands-groupsvc.com
bands-inc.com
bandsgroup-inc.net
bandsgroupnet.cc
cnl-groupsvc.com
cnl-inc.com
cnlgroup-inc.cc
cnlgroupnet.net
giant-groupco.net
giant-groupinc.com
giant-groupnet.cc
giantgroupinc.com
host-groupsvc.net
hostgroup-inc.com
hostgroupinc.com
hostgroupnet.cc
ict-groupco.com
ict-groupsvc.net
ictgroupinc.com
ictgroupnet.cc
imperial-groupinc.com
imperial-groupsvc.net
imperialgroupco.com
infotech-groupco.net
infotech-groupinc.com
infotechgroup-inc.com
itcom-groupco.net
itcom-groupfine.cc
itcom-groupsvc.com
itcomgroup-inc.com
mgm-groupsvc.com
mgmgroup-inc.net
mgmgroupinc.com
mgmgroupnet.cc
usi-groupinc.net
usigroup-inc.com
usigroupinc.com
usigroupnet.cc
NOVARIS-GROUPLLC.TW
NOVARISGROUPMAIN.TW
NOVARIS-GROUPORG.CC
VITAL-GROUPCO.CC
VITAL-GROUPCO.TW
VITAL-GROUPINC.TW
PERSEUS-GROUPFINE.TW
PERSEUS-GROUPINC.TW
PERSEUSGROUPLLC.CC
Consider going through my previous research into one of the most popular 'risk-forwarding' tactic used by cybercriminals, namely, money mule recruitment.
Related posts on money mule recruitment:
Keeping Money Mule Recruiters on a Short Leash - Part Eleven
Keeping Money Mule Recruiters on a Short Leash - Part Ten
Keeping Money Mule Recruiters on a Short Leash - Part Nine
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev's blog.
No comments:
Post a Comment