Saturday, December 02, 2023

The Conti Ransomware Gang's OSINT Artifacts

The following is a set of OSINT artifacts courtesy of the Conti Ransomware gang.

hxxp://cc2-btc.cc

hxxp://dyncheck.com

hxxp://luxchecker.pw

hxxp://major.ms

hxxp://securecall.club

hxxp://securecall.top

hxxp://checkzilla.io

Including the following two XMPP/Jabber accounts:

mcduckgroup@exploit.im

uvoice@xmpp.jp

- No comments:

Typosquatted GMail Malware Domains

The following are currently active typosquatted GMail domains known to be used in malware campaigns. 

Sample domains include:

hxxp://account-disk-gmail[.]com
hxxp://account-mail-my-gmail[.]com
hxxp://account-my-mail-gmail[.]com
hxxp://account-oauth-gmail[.]com
hxxp://accounts-mail-goglemail[.]com
hxxp://accounts-mail-my-gmail[.]com
hxxp://accounts-my-mail-gmail[.]com
hxxp://accounts-oauth-gmail[.]com
hxxp://cloud-accounts-goglemail[.]com
hxxp://cloud-myaccount-goglemail[.]com
hxxp://mail-accounts-my-gmail[.]com
hxxp://mail-my-account-gmail[.]com
hxxp://mail-my-accounts-gmail[.]com
hxxp://mail-myaccount-yahoo[.]com
hxxp://mail-myaccount[.]com
hxxp://mail-myaccounts-gmail[.]com
hxxp://mail-yahoo-my-account[.]com
hxxp://mail-yahoo-myaccount[.]com
hxxp://mail-yahoo-myaccounts[.]com
hxxp://my-account-security-goglemail[.]com
hxxp://my-mail-account-gmail[.]com
hxxp://my-mail-account-yahoo[.]com
hxxp://my-mail-accounts-gmail[.]com
hxxp://my-mail-gmail[.]com
hxxp://my-mail-yahoo-accounts[.]com
hxxp://my-oauth-account-gmail[.]com
hxxp://my-security-goglemail[.]com
hxxp://my-signin-account-gmail[.]com
hxxp://my-signin-accounts-gmail[.]com
hxxp://myaccount-mail-goglemail[.]com
hxxp://myaccount-mail-my-gmail[.]com
hxxp://myaccount-my-mail-gmail[.]com
hxxp://myaccounts-gmail[.]com
hxxp://myaccounts-mail-gmail[.]com
hxxp://myaccounts-mail-my-gmail[.]com
hxxp://myaccounts-mail-yahoo[.]com
hxxp://myaccounts-my-mail-gmail[.]com
hxxp://mysecurity-goglemail[.]com
hxxp://security-accounts-goglemail[.]com
hxxp://security-my-account-goglemail[.]com
hxxp://security-my-accounts-goglemail[.]com
hxxp://security-my-goglemail[.]com
hxxp://security-myaccount-goglemail[.]com
hxxp://security-myaccounts-goglemail[.]com
hxxp://yahoo-oauth-accounts[.]com

Stay tuned!

- No comments:

Emennet Pasargad

The following are domains and personally identifiable email address accounts belonging to Iran's Emennet Pasargad also known as Eeleyanet Gostar and Eeleyanet Gostar.

Sample domains:

eeleyanet.com

eeleyanet.ir

Sample personally identifiable email address accounts:

sidafin@mihanmail.ir

amirhaghighi2014@yahoo.com

safary.mansoor@gmail.com

Rahimi@Live.com

faranakbehjati@yahoo.com

h.boloukat@gmail.com

- No comments:
Subscribe to: Posts (Atom)