← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing attacks from APT28 in 2019
WHITE Sofacy AlienVault 2020-03-19 Modified: 2020-03-19
34
IOCs
MEDIUM VOLUME
Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets.
pawnstormapt28fancy bearrussiagru
Indicators of Compromise (34)
All hostname URL domain
TYPEINDICATORDESCRIPTIONCREATED
hostname login.yahoo.com.id24556.tk 2020-03-19
hostname login.yahoo-change-password.com 2020-03-19
hostname yahoo.com.change-password.ml 2020-03-19
URL http://yahoo.com.change-password.ml/ 2020-03-19
hostname login.yahoo.com.0x4fc271.tk 2020-03-19
URL http://login.yahoo.com.0x4fc271.tk/ 2020-03-19
hostname login.yahoo.user-id.0xf4a54cf56.tk 2020-03-19
URL http://0xf4a54cf56.tk/ 2020-03-19
URL http://login.yahoo.user-id.0xf4a54cf56.tk/ 2020-03-19
hostname login.yahoo.com.user-id.546874.tk 2020-03-19
URL http://546874.tk/ 2020-03-19
URL http://login.yahoo.com.user-id.546874.tk/ 2020-03-19
URL https://login.yahoo.com.user-id.546874.tk/ 2020-03-19
hostname change-password.yahoo.user-id.0xf4a5.tk 2020-03-19
hostname user-id.0xf4a5.tk 2020-03-19
hostname login.yahoo.user-id.0xf4a5.tk 2020-03-19
URL http://change-password.yahoo.user-id.0xf4a5.tk/ 2020-03-19
URL http://user-id.0xf4a5.tk/ 2020-03-19
URL https://login.yahoo.user-id.0xf4a5.tk/ 2020-03-19
hostname e.mail.ru.consumer.id6589.com 2020-03-19
hostname login.yahoo.com.id6589.com 2020-03-19
URL http://id6589.com/ 2020-03-19
hostname login.yahoo.com.id451295.com 2020-03-19
URL http://id451295.com/ 2020-03-19
URL http://login.yahoo.com.id451295.com/ 2020-03-19
domain id6589.com 2020-03-19
domain 0xf4a5.tk 2020-03-19
domain yahoo-change-password.com 2020-03-19
domain id451295.com 2020-03-19
domain id24556.tk 2020-03-19
domain change-password.ml 2020-03-19
domain 0x4fc271.tk 2020-03-19
domain 0xf4a54cf56.tk 2020-03-19
domain 546874.tk 2020-03-19
References (1)
↗ https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/probing-pawn-storm-cyberespionage-campaign-through-scanning-credential-phishing-and-more