The provided links do not contain the specific details of the "Modus operandi UAC-0177 (JokerDPR)" cyber attack. As a result, I'm unable to provide the example of the cyber attack. If you have access to other sources that provide details about this cyber attack, I would be happy to help you analyze the information and provide insights.
IoC
IPv4
- 179.43.162.29
- 185.196.9.215
- 80.78.22.194
URL
- http://edisk.ukr.net.ssl2.link/shared/
DOMAIN
- authcheck.in
- authssl.in
- authssl.link
- authssl.online
- authssl.org
- authssl.site
- certifiedauth.in
- connectssl.in
- exmo.day
- getssl.click
- getssl.ink
- goaccount.link
- hsts.online
- personlog.in
- ssl1.online
- ssl1.site
- ssl2.in
- ssl2.link
- ssl2.online
- ssl2.site
- ssl3.online
- ssl3.site
- ssl4.online
- ssl4.site
HOSTNAME
- account.certifiedauth.in
- account.coinbase.exmo.day
REFERENCES
- https://cert.gov.ua/article/6276799
- https://otx.alienvault.com/pulse/6584684fa9224d5643a0e891
TAGS
phishing, credential stealing
No comments:
Post a Comment