According to a blog post by Sekoia.io, their technical investigation confirmed the link between the previously known intrusion set Star Blizzard (aka CALISTO) and Andrey Korinets, who was recently sanctioned by the USA and UK governments for his involvement in CALISTO operations. Sekoia.io's investigation was based on Korinets' emails and a former CALISTO infrastructure, which allowed them to identify several email addresses used by Korinets associated with it. The investigation disclosed links between Korinets' activities and a large technical cluster composed of dozens of CALISTO phishing domains and multiple servers. Sekoia.io's findings concurred with Reuters' investigation on FSB-related Andrey Korinets`
IoC
IPv4
- 185.72.179.132
- 37.1.206.114
- 95.171.17.36
- 139.162.145.184
- 158.69.149.52
- 185.212.128.28
- 185.99.134.22
- 86.110.117.172
- 95.213.194.163
DOMAIN
- accounts-mail.asia
- anabol.in
- auth-login.top
- authentification-request.top
- be-strong.org
- drive-aoi.icu
- drive-meet-goodle.ru
- emailapp.pw
- en-microsofl.live
- en-office365.club
- eu-office365.co
- eu-office365.com
- expert-service.tech
- file-sharing.online
- file-sharing.site
- gmail-techdoc.pw
- google-plus.top
- hghshop.top
- icloud-service.pw
- live-login.info
- login-access.top
REFERENCES
- https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/
- https://otx.alienvault.com/pulse/65845530e91ba2f86699a818
TAGS
star blizzard, phishing
No comments:
Post a Comment