Domains Mimicking of Major Brands Including Facebook, Apple, Amazon and Netflix done by Attackers to Scam Consumers

 


Domains Mimicking of Major Brands Including Facebook, Apple, Amazon and Netflix done by Attackers to Scam Consumers

 

When Cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands, with the intent of profiting from user mistakes. This is known as cybersquatting. The purpose of squatting domains is to confuse users into believing that the targeted brands own these domain names or to profit from users’ typing mistakes. While cybersquatting is not always malicious toward users, it is illegal in the U.S and squatting domains are often used or repurposed for attacks.  


 Indicator Of Compromise(IOC)

IP

217.182.227[.]117

File Hashes

5acd6d9ac235104f90f9a39c11807c37cdfb103d6c151cc1a2e4e38bf3dbe41f

fa28b59eb0ccd21d3994b0778946679497399b72c2e256ebf2434553cb7bf373

e7fb436bf7d8784da092315bce1d3511a6055da41fe67362bad7a4c5d3f0294e

4192c0a946c5bd9b544b4656d9f624a4

6312930a139fa3ed22b87abb75c16afa

Domains 

amazon-india[.]online

apple.com.recover[.]support

com-finder-me[.]info

com-secure-login[.]info

facebook.com-account-login-manage.yourfiresale[.]com

icloud.com-iphone[.]support

microsoft-alert[.]club

microsoft-sback-server[.]com

microsoft-store-drm-server[.]com

microsofŧ[.]com (xn--microsof-wyb[.]com)

netflix-payments[.]com

netflixbrazilcovid[.]com

rbyroyalbank[.]com

safety.microsoft.com.mdmfmztwjj.l6kan7uf04p102xmpq[.]bid

samsungeblyaiphone[.]com

samsungpr0mo[.]online

secure-wellsfargo[.]org

store-in-box[.]com

stt-box[.]com

www.icloud.com-secure-login[.]info

Grayware Hostname

4ever21[.]com

facebookwinners2020[.]com

micposoft[.]com

walrmart44[.]com

whatsalpp[.]com

URLs 

samsungeblyaiphone[.]com/dolce.exe

samsungeblyaiphone[.]com/index.php

 

Comments

Post a Comment

Popular posts from this blog

Revil Ransomware Targeted Kaseya

Image
  Revil Ransomware Targeted Kaseya   REvil is a ransomware-as-a-service (RaaS), delivered by “affiliate” actor groups who are paid by the ransomware’s developers. The REvil actors launched a malicious update package that targeted customers of managed service providers and enterprise users of the on-site version of Kaseya’s VSA remote monitoring and management platform.   Indicators of Compromise URLs/Domains: architekturbuero-wagner.net mindpackstudios.com vitavia.lt bouncingbonanza.com lukeshepley.wordpress.com igfap.com bockamp.com levihotelspa.fi exenberger.at tinyagency.com familypark40.com alfa-stroy72.com boompinoy.com mdacares.com architecturalfiberglass.org slupetzky.at sinal.org qualitus.com deepsouthclothingcompany.com groupe-frayssinet.fr synlab.lt kamienny-dywan24.pl ilcdover.com humancondition.co...
Read more

BANDOOK(RAT)

Image
    BANDOOK(RAT)-Malware   The payload in this attack is a variant of an old full-featured RAT named Bandook. Written in both Delphi and C++, Bandook has a long history, starting in 2007 as a commercially available RAT that was developed by a Lebanese individual nicknamed PrinceAli.Bandook’s execution flow starts with a loader, written in Delphi, that uses the Process Hollowing technique to create a new instance of an Internet Explorer process and inject a malicious payload into it. The payload contacts the C&C server sends basic information about the infected machine and waits for additional commands from the server. Indicators of Compromise File Hash MD5 27f8d8bbbeeda5fc439ee18d9d4da343 44584c8d010242fddb44afe5ce860872 a6501c62b3a6ffa8d028a88138fe509f 7c15ee5b9a12dacaace8fb62271f12f1 4e9e12c98cfbc5f3aa3c1345bd063fa0 7ef261c151519e66ec369c63e4b1aed4 6effed1b1bb5e9ed6aafacb075c1d4e2 0475771b8bc3efc28b1834f3add608f3 045ce6679ed4086e2ded58470e24c15a 28ad9ace11919b57bf54...
Read more

Buer Loader provides malware-as-a-service

Image
  Buer Loader provides malware-as-a-service       Buer is a malware-as-a-service offering that is used to deliver whatever package the service customer desires, providing initial compromise of targets’ Windows PCs and allowing them to establish a digital beachhead for further malicious activity. Buer has previously been tied to banking trojan attacks and other malware deployments—and now, apparently, has been embraced by ransomware operators. In many ways, Buer is positioned as an alternative to Emotet and Trickbot’s emerging Bazar loader. “A new modular bot…written in pure C” with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers). Indicators of Compromise File Hashes 10943b90969722bf359e4b039d2953e02072e03e0a7f1bdb1dea09d9197288b1 32616f41a71fc7a4286736a6fc77da2a555dbc8301a8bd5fbdbab231955a42c5 5b607f001ba62e042344d30b65cad2774df2deb50e0b92c33da85e9338c123c4   6c7f43434e5db8703c0a47dedeeab976159d8704bfb...
Read more