🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Advisory Type |
Adversary Intelligence |
Threat Actors |
FIN7/Carbanak |
Intelligence |
IoCs , TTPs |
ppc-club.org | brazilian-love.org |
weekend-service.com | ass-pussy-fucking.net |
freemsk-dns.com | comixed.org |
levetas-marin.com | androidn.net |
baltazar-btc.com | castello-casta.com |
adguard.name | ihave5kbtc.biz |
public-dns.us | dimeline.eu |
zaydo.website | gendelf.com |
oerne.com | gooip-kumar.com |
critical-damage333.org | datsun-auto.com |
maorkkk-grot.xyz | jhecwhb7832873.com |
narko-cartel.com | vincenzo-bardelli.com |
cameron-archibald.com | systemsvc.net |
klyferyinsoxbabesy.biz | worldnewsonline.pw |
chugumshimusona.com | updateserver.info |
marcello-bascioni.com | narko-dispanser.com |
nder.com | nyugorta.com |
di-led.com | pasteronixus.com |
pasteronixca.com | casting-cortell.com |
publics-dns.com | java-update.co.uk |
akamai-technologies.org | 1povkjbdw87kgf518nl361.com |
strangeerglassingpbx.org | nikaka-ost.xyz |
wascodogamel.com | skaoow-loyal.net |
btcshop.cc | nancialnewsonline.pw |
oplesandroxgeoflax.org | akkso-dob.in |
namorushinoshi.com | my-amateur-gals.com |
nikaka-ost.in | paradise-plaza.com |
glonass-map.com | ihave5kbtc.org |
coral-trevel.com | zaydo.co |
shfdhghghfg.com | great-codes.com |
public-dns.com | advetureseller.com |
coral-travel.com | zaydo.space |
dragonn-force.com | update-java.net |
akkso-dob.xyz | c1pol361.com |
road-to-dominikana.biz | casas-curckos.com |
adventureseller.com | skaoow-loyal.xyz |
http://91.207.60.68:80 | http://88.150.175.102:443 |
http://69.195.129.72:80 | http://31.131.17.127:443 |
http://82.163.78.188:443 | http://95.215.45.228:443 |
http://89.46.103.42:443 | http://37.235.54.48:443 |
http://204.155.30.100:443 | http://194.146.180.40:80 |
http://179.43.140.82:443 | http://66.55.133.86:80 |
http://88.198.184.241:700 | http://89.144.14.65:80 |
http://83.166.234.250:443 | http://185.180.198.2:443 |
http://87.98.217.9:443 | http://194.146.180.44:80 |
http://94.156.77.149:80 | http://209.222.30.5:443 |
http://31.7.61.136:443 | http://108.61.197.254:80 |
http://204.155.30.87:443 | http://216.170.116.120:443 |
http://151.80.8.10:443 | http://162.221.183.109:443 |
http://31.131.17.128:443 | http://217.12.203.194:443 |
http://107.161.159.17:443 | http://62.75.218.45:80 |
http://46.165.228.24:443 | http://78.128.92.29:443 |
http://87.98.153.34:443 | http://216.170.117.88:443 |
http://5.199.169.188:443 | http://192.52.167.137:443 |
http://185.10.56.59:443 | http://87.236.210.109:443 |
http://141.255.167.28:443 | http://188.138.98.105:700 |
Tactic |
Technique |
Initial Access | Spear Phishing Attachment (T1566.001) |
Execution | Component Object Model and Distributed COM (T1021.003) Execution through API (T0871) PowerShell (T1059.001) Service Execution (T1569.002) User Execution (T1204) Windows Management Instrumentation (T1047) |
Persistence | New Service (T1543.003) Registry Run Keys / StartupFolder (T1547) Valid Accounts (T1078) |
Privilege Escalation | Bypass User Account Control (T1548) New Service (T1543.003) Valid Accounts (T1078) |
Defense Evasion | Code Signing (T1553) Deobfuscate/Decode Files or Information (T1140) Masquerading (T1036) Obfuscated Files or Information (T1027) Process Injection (T1055) Software Packing (T1027) |
Credential Access | Credential Dumping (T1003) Input Capture (T1056) |
Discovery | Application Window Discovery (T1010) Process Discovery (T1057) Remote System Discovery (T1018) System Network ConfigurationDiscovery (T1016) System Owner/User Discovery (T1033) |
Lateral Movement | Remote Desktop Protocol (T1021.001) Windows Admin Shares (T1021.002) |
Collection | Data from Local System (T1005) Input Capture (T1056) Screen Capture (T1113) |
Command & Control (C2) | Commonly Used Port (T1436) Connection Proxy (T1090) Standard Application LayerProtocol (T1071) Standard Cryptographic Protocol (T1521) |
Exfiltration | Exfiltration Over Command andControl Channel (T1041) |