mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-07-03 00:35:31 +00:00
128 lines
1.9 KiB
Plaintext
128 lines
1.9 KiB
Plaintext
|
Credential Harvesting and Recon
|
||
|
|
||
|
noreply.user.subscripton@gmail[.]com
|
||
|
|
||
|
mirror.news.live@gmail[.]com
|
||
|
|
||
|
mail.noreplyportals@gmail[.]com
|
||
|
|
||
|
rnicrosoft-recovery-update@hotmail[.]com
|
||
|
|
||
|
noreply.subscribeuser.alert@gmail[.]com
|
||
|
|
||
|
noreply.users.validation@gmail[.]com
|
||
|
|
||
|
noreply.applc.id.service@gmail[.]com
|
||
|
|
||
|
noreply.user.subscripton@gmail[.]com
|
||
|
|
||
|
playbooy.magazine.update@outlook[.]com
|
||
|
|
||
|
noreply.goolgemail@gmail[.]com
|
||
|
|
||
|
dubaicalender.eventupdate@outlook[.]com
|
||
|
|
||
|
sputniknews@email[.]com
|
||
|
|
||
|
news_update@email[.]com
|
||
|
|
||
|
bbcnewsdailysubscribe@gmail[.]com
|
||
|
|
||
|
rnicrosoft-recovery-update@hotmail[.]com
|
||
|
|
||
|
noreply.goolgehangouts@gmail[.]com
|
||
|
|
||
|
|
||
|
|
||
|
squre39-cld[.]info
|
||
|
|
||
|
goolg-en[.]com
|
||
|
|
||
|
login-asmx[.]com
|
||
|
|
||
|
string2port[.]com
|
||
|
|
||
|
session-en[.]com
|
||
|
|
||
|
singin-go-olge[.]com
|
||
|
|
||
|
111.90.138[.]81
|
||
|
|
||
|
188.68.242[.]18
|
||
|
|
||
|
91.92.136[.]134
|
||
|
|
||
|
200.63.45[.]47
|
||
|
|
||
|
Android Agent
|
||
|
|
||
|
devotedtohumanity-fif[.]info
|
||
|
|
||
|
kashmir-weather-info[.]com
|
||
|
|
||
|
mxiplayer[.]com
|
||
|
|
||
|
6e5e7ecb929fdc29ba93058bf2f501842ac0f2c0 Khuai Translator (1.3)
|
||
|
|
||
|
0550dad8d55446e5b5dbae61783cfb7c78ee10d2 MXI Player (1.2)
|
||
|
|
||
|
00d000679baab456953b4302d8b2a1e65241ed12 Devoted to Humanity (1.0)
|
||
|
|
||
|
ddaf5e43da0b00884ef957c32d7b16ed692a057a Kashmir Weather (1.2)
|
||
|
|
||
|
Windows Agent
|
||
|
|
||
|
9850ac30c3357d3a412d0f6cec2716b63db6c21d
|
||
|
|
||
|
mxiplayer[.]com
|
||
|
|
||
|
Other Malware References
|
||
|
|
||
|
“Analysis Report on Kashmir.exe” 9e4596bfb4f58d8ecfe2bc3514c6c7b2170040d9acfb02f295ed1e9ab13ec560
|
||
|
|
||
|
“E-Challan.zip” 1518badcb2717e6b0fa9bdd883d5ff61fedddf7ddf22cc3dc04a38f4e137fc96)
|
||
|
|
||
|
|
||
|
|
||
|
mint-news-portal.hymnfork[.]com
|
||
|
|
||
|
online-tracking-status.hymnfork[.]com
|
||
|
|
||
|
Similar Infrastructure
|
||
|
|
||
|
insidecloud-aspx[.]com
|
||
|
|
||
|
data-covery[.]com
|
||
|
|
||
|
sa-google[.]com
|
||
|
|
||
|
rnail-aspx[.]com
|
||
|
|
||
|
session-service[.]com
|
||
|
|
||
|
session-owa[.]com
|
||
|
|
||
|
myinfocheck[.]com
|
||
|
|
||
|
host-auth[.]com
|
||
|
|
||
|
|
||
|
|
||
|
janko.kolar@bulletmail[.]org
|
||
|
|
||
|
jacbov.vjan@bulletmail[.]org
|
||
|
|
||
|
robert.warne@list[.]ru
|
||
|
|
||
|
viera.taafi@pobox[.]sk
|
||
|
|
||
|
aaron.drago@pobox[.]sk
|
||
|
|
||
|
marek.franko@pobox[.]sk
|
||
|
|
||
|
oliver.dagur@mail[.]ru
|
||
|
|
||
|
ralph.cramey@mail[.]ru
|
||
|
|
||
|
petru.negru@pobox[.]sk
|