{"id":19000,"date":"2024-08-14T19:51:50","date_gmt":"2024-08-14T19:51:50","guid":{"rendered":"http:\/\/scannn.com\/google\/iranian-backed-group-steps-up-phishing-campaigns-against-israel-u-s\/"},"modified":"2024-08-14T19:51:50","modified_gmt":"2024-08-14T19:51:50","slug":"iranian-backed-group-steps-up-phishing-campaigns-against-israel-u-s","status":"publish","type":"post","link":"https:\/\/scannn.com\/lv\/iranian-backed-group-steps-up-phishing-campaigns-against-israel-u-s\/","title":{"rendered":"Iranian backed group steps up phishing campaigns against Israel, U.S."},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<h2 data-block-key=\"omhv1\">Indicators of Compromise<\/h2>\n<h3 data-block-key=\"4ql06\">APT42 Domains and URLs<\/h3>\n<p data-block-key=\"fs75g\"><i>DWP Phishing Kit related<\/i><\/p>\n<p data-block-key=\"ddcfa\">accredit-navigation[.]online<\/p>\n<p data-block-key=\"7gt6s\">hXXps:\/\/n9[.]cl\/4xgro<\/p>\n<p data-block-key=\"bn1ls\"><i>GCollection Phishing Kit related<\/i><\/p>\n<p data-block-key=\"fa6me\">panel-short-check[.]live<\/p>\n<p data-block-key=\"9biuj\">check-pabnel-status[.]live<\/p>\n<p data-block-key=\"9kqtr\">meetroomonlin1925.w3spaces[.]com<\/p>\n<p data-block-key=\"b84r5\">smaaaal[.]cfd<\/p>\n<p data-block-key=\"8sbat\">click-choose-figured[.]cfd<\/p>\n<p data-block-key=\"jpsi\">short-ion-per[.]live<\/p>\n<p data-block-key=\"1lhfd\">checking-paneling[.]live<\/p>\n<p data-block-key=\"ak2bf\">hXXps:\/\/panel-short-check[.]live\/PhyfkFQX<\/p>\n<p data-block-key=\"f0qoe\">hXXps:\/\/check-pabnel-status[.]live\/Gcollection\/Ref\/CkliPwaM<\/p>\n<p data-block-key=\"9e30v\">hXXps:\/\/check-pabnel-status[.]live\/Gcollection\/Password<\/p>\n<p data-block-key=\"912q5\">hXXps:\/\/panel-short-check[.]live\/ZZqt3LYD<\/p>\n<p data-block-key=\"c40f1\">hXXps:\/\/check-pabnel-status[.]live\/Lcollection\/Ref\/F53OQQkE<\/p>\n<p data-block-key=\"5q5ba\">hXXps:\/\/check-pabnel-status[.]live\/Lcollection\/Password<\/p>\n<p data-block-key=\"9611k\">hXXps:\/\/meetroomonlin1925.w3spaces[.]com\/<\/p>\n<p data-block-key=\"fri32\">hXXps:\/\/smaaaal[.]cfd\/Wp59tqKU<\/p>\n<p data-block-key=\"au1kf\">hXXps:\/\/click-choose-figured[.]cfd\/Gallery\/Ref\/FSaEM5gG<\/p>\n<p data-block-key=\"1lv6a\">hXXps:\/\/click-choose-figured[.]cfd\/Gallery\/Password<\/p>\n<p data-block-key=\"asbis\">hXXps:\/\/short-ion-per[.]live\/08EFNZ1<\/p>\n<p data-block-key=\"554tj\">hXXps:\/\/checking-paneling[.]live\/aliasauthG\/Password<\/p>\n<p data-block-key=\"4mehn\">hXXps:\/\/checking-paneling[.]live\/aliasauthG\/autoref\/vNSX6c2m<\/p>\n<p data-block-key=\"1d3ge\"><i>Other<\/i><\/p>\n<p data-block-key=\"e9pmt\">understandingthewar[.]org<\/p>\n<p data-block-key=\"7d075\">brookings[.]email<\/p>\n<p data-block-key=\"vcpt\">sharedrive.webredirect[.]org<\/p>\n<p data-block-key=\"7283a\">visioneditor.loseyourip[.]com<\/p>\n<p data-block-key=\"4b7to\">s3api[.]shop<\/p>\n<p data-block-key=\"egffb\">hXXps:\/\/sharedrive.webredirect[.]org\/Khn\/shoaGzA\/cGNt\/dMPaV\/kvvhK<\/p>\n<p data-block-key=\"clko2\">hXXps:\/\/firebasestorage.googleapis[.]com\/v0\/b\/share-box-5f395.appspot.com\/o\/onedrive-qrty45.html<\/p>\n<p data-block-key=\"13scl\">hXXps:\/\/visioneditor.loseyourip[.]com<\/p>\n<p data-block-key=\"e106r\">hXXps:\/\/s3api[.]shop\/api\/<\/p>\n<h3 data-block-key=\"ckkpc\">APT42 Samples (SHA256)<\/h3>\n<p data-block-key=\"7m9i2\">c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32 <i>(NEWSTERMINAL)<\/i><\/p>\n<p data-block-key=\"dse4o\">bc2597ce09987022ff0498c6710a9b51a1a47ed8082ac044be2838b384157527 (<i>OFFICEFUEL)<\/i><\/p>\n<p data-block-key=\"f6uf4\">baac058ddfc96c8aea8c0057077505f0ad3ff20311d999886fed549924404849 (<i>OFFICEFUEL)<\/i><\/p>\n<p data-block-key=\"b8ilf\">0180f4f29c550aa1ffaa21af51711b29de99fb1d7c932d008a0e9356ae8a7d60 (<i>FUELDUMP<\/i>)<\/p>\n<p data-block-key=\"38vku\">f83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060 (<i>FUELDUMP<\/i>)<\/p>\n<p data-block-key=\"752n1\">82ae2eb470a5a16ca39ec84b387294eaa3ae82e5ada4b252470c1281e1f31c0a <i>(FUELDUMP)<\/i><\/p>\n<p data-block-key=\"b4hrv\">89c1d1b61d7f863f8a651726e29f2ae3de7958f36b49a756069021817947d06c <i>(FUELDUMP)<\/i><\/p>\n<p data-block-key=\"dfpj\">c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3 <i>(GORBLE PS &#8211; LNK)<\/i><\/p>\n<p data-block-key=\"af22o\">33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156 (<i>GORBLE PS &#8211; Stage 1)<\/i><\/p>\n<p data-block-key=\"5k71l\">4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f (<i>GORBLE PS &#8211; Stage 2)<\/i><\/p>\n<h3 data-block-key=\"cn6cm\">APT42 &#8211; IPs Addresses<\/h3>\n<p data-block-key=\"ctd08\">49.13.194[.]118 (C2 &#8211; OFFICEFUEL\/FUELDUMP)<\/p>\n<p data-block-key=\"odv6\">91.107.150[.]184 (C2 &#8211; OFFICEFUEL\/FUELDUMP)<\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.google\/threat-analysis-group\/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Indicators of Compromise APT42 Domains and URLs DWP Phishing Kit related accredit-navigation[.]online hXXps:\/\/n9[.]cl\/4xgro GCollection Phishing Kit related panel-short-check[.]live check-pabnel-status[.]live meetroomonlin1925.w3spaces[.]com smaaaal[.]cfd click-choose-figured[.]cfd short-ion-per[.]live checking-paneling[.]live hXXps:\/\/panel-short-check[.]live\/PhyfkFQX hXXps:\/\/check-pabnel-status[.]live\/Gcollection\/Ref\/CkliPwaM hXXps:\/\/check-pabnel-status[.]live\/Gcollection\/Password hXXps:\/\/panel-short-check[.]live\/ZZqt3LYD hXXps:\/\/check-pabnel-status[.]live\/Lcollection\/Ref\/F53OQQkE hXXps:\/\/check-pabnel-status[.]live\/Lcollection\/Password hXXps:\/\/meetroomonlin1925.w3spaces[.]com\/ hXXps:\/\/smaaaal[.]cfd\/Wp59tqKU hXXps:\/\/click-choose-figured[.]cfd\/Gallery\/Ref\/FSaEM5gG hXXps:\/\/click-choose-figured[.]cfd\/Gallery\/Password hXXps:\/\/short-ion-per[.]live\/08EFNZ1 hXXps:\/\/checking-paneling[.]live\/aliasauthG\/Password hXXps:\/\/checking-paneling[.]live\/aliasauthG\/autoref\/vNSX6c2m Other understandingthewar[.]org brookings[.]email sharedrive.webredirect[.]org visioneditor.loseyourip[.]com s3api[.]shop hXXps:\/\/sharedrive.webredirect[.]org\/Khn\/shoaGzA\/cGNt\/dMPaV\/kvvhK hXXps:\/\/firebasestorage.googleapis[.]com\/v0\/b\/share-box-5f395.appspot.com\/o\/onedrive-qrty45.html hXXps:\/\/visioneditor.loseyourip[.]com hXXps:\/\/s3api[.]shop\/api\/ APT42 Samples (SHA256) c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32 (NEWSTERMINAL) bc2597ce09987022ff0498c6710a9b51a1a47ed8082ac044be2838b384157527 (OFFICEFUEL) baac058ddfc96c8aea8c0057077505f0ad3ff20311d999886fed549924404849 [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":19001,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[100],"tags":[],"class_list":["post-19000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-google"],"_links":{"self":[{"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/posts\/19000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/comments?post=19000"}],"version-history":[{"count":0,"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/posts\/19000\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/media\/19001"}],"wp:attachment":[{"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/media?parent=19000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/categories?post=19000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/scannn.com\/lv\/wp-json\/wp\/v2\/tags?post=19000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}