← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Modus operandi UAC-0177 (JokerDPR) on the example of one of the cyber attacks
WHITE AlienVault 2023-12-21 Modified: 2024-01-20
298
IOCs
HIGH VOLUME
CERT-UA investigated incidents involving phishing attacks targeting Google, Ukr.Net, Outlook, EXMO, and Binance accounts, revealing the use of distinctive domain names created with Tucows/Namecheap registrars and email distribution from compromised accounts for malicious purposes.
phishingcredential stealing
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (298)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://edisk.ukr.net.ssl2.link/shared/ 2023-12-21
domain authcheck.in 2023-12-21
domain authssl.in 2023-12-21
domain authssl.link 2023-12-21
domain authssl.online 2023-12-21
domain authssl.org 2023-12-21
domain authssl.site 2023-12-21
domain certifiedauth.in 2023-12-21
domain connectssl.in 2023-12-21
domain exmo.day 2023-12-21
domain getssl.click 2023-12-21
domain getssl.ink 2023-12-21
domain goaccount.link 2023-12-21
domain hsts.online 2023-12-21
domain personlog.in 2023-12-21
domain ssl1.online 2023-12-21
domain ssl1.site 2023-12-21
domain ssl2.in 2023-12-21
domain ssl2.link 2023-12-21
domain ssl2.online 2023-12-21
domain ssl2.site 2023-12-21
domain ssl3.online 2023-12-21
domain ssl3.site 2023-12-21
domain ssl4.online 2023-12-21
domain ssl4.site 2023-12-21
hostname account.certifiedauth.in 2023-12-21
hostname account.coinbase.exmo.day 2023-12-21
hostname account.google.com.getssl.ink 2023-12-21
hostname account.live.com.exmo.day 2023-12-21
hostname account.live.com.getssl.click 2023-12-21
hostname account.outlook.live.com.exmo.day 2023-12-21
hostname accounts.binance.com.exmo.day 2023-12-21
hostname accounts.binance.com.personlog.in 2023-12-21
hostname accounts.certifiedauth.in 2023-12-21
hostname accounts.google.com.getssl.click 2023-12-21
hostname accounts.google2.certifiedauth.in 2023-12-21
hostname accounts.personlog.in 2023-12-21
hostname accounts.ukr.net.ssl2.in 2023-12-21
hostname accounts.ukr.net.ssl2.link 2023-12-21
hostname admin.certifiedauth.in 2023-12-21
hostname analytics.certifiedauth.in 2023-12-21
hostname analytics.google.com.getssl.click 2023-12-21
hostname analytics.google2.certifiedauth.in 2023-12-21
hostname api.binance.com.exmo.day 2023-12-21
hostname api.binance.com.personlog.in 2023-12-21
hostname api.personlog.in 2023-12-21
hostname apis.certifiedauth.in 2023-12-21
hostname apis.google.com.getssl.click 2023-12-21
hostname apis.google2.certifiedauth.in 2023-12-21
hostname azwus1-client-s.gateway.messenger.certifiedauth.in 2023-12-21
hostname azwus1-client-s.gateway.messenger.exmo.day 2023-12-21
hostname azwus1-client-s.gateway.messenger.live.com.getssl.click 2023-12-21
hostname b.stats.certifiedauth.in 2023-12-21
hostname bin.binance.com.exmo.day 2023-12-21
hostname bin.binance.com.personlog.in 2023-12-21
hostname bin.personlog.in 2023-12-21
hostname binance.com.exmo.day 2023-12-21
hostname binance.com.personlog.in 2023-12-21
hostname blogger.certifiedauth.in 2023-12-21
hostname blogger.google.com.getssl.click 2023-12-21
hostname blogger.google2.certifiedauth.in 2023-12-21
hostname browser.events.data.certifiedauth.in 2023-12-21
hostname browser.events.data.exmo.day 2023-12-21
hostname browser.events.data.live.com.getssl.click 2023-12-21
hostname c.certifiedauth.in 2023-12-21
hostname c6.certifiedauth.in 2023-12-21
hostname cdn.certifiedauth.in 2023-12-21
hostname cdn.exmo.day 2023-12-21
hostname cdn.live.com.getssl.click 2023-12-21
hostname coinbase.exmo.day 2023-12-21
hostname content.certifiedauth.in 2023-12-21
hostname content.exmo.day 2023-12-21
hostname content.google.com.getssl.click 2023-12-21
hostname content.google2.certifiedauth.in 2023-12-21
hostname csp.certifiedauth.in 2023-12-21
hostname csp.exmo.day 2023-12-21
hostname csp.live.com.getssl.click 2023-12-21
hostname data.certifiedauth.in 2023-12-21
hostname data.exmo.day 2023-12-21
hostname data.live.com.getssl.click 2023-12-21
hostname docs.gdrive.com.authssl.site 2023-12-21
hostname docs.gdrive.com.ssl2.online 2023-12-21
hostname docs.gdrive.com.ssl2.site 2023-12-21
hostname docs.googie.com.authssl.online 2023-12-21
hostname docs.googie.com.authssl.site 2023-12-21
hostname docs.googie.com.connectssl.in 2023-12-21
hostname docs.googie.com.ssl2.site 2023-12-21
hostname docs.googie.com.ssl3.online 2023-12-21
hostname docs.googie.com.ssl4.online 2023-12-21
hostname docs.google.com.ssl2.site 2023-12-21
hostname docs.google.com.ssl3.site 2023-12-21
hostname docs.googleauth.com.ssl3.site 2023-12-21
hostname docs.googledrive.com.ssl2.site 2023-12-21
hostname docs.ukr.net.ssl2.in 2023-12-21
hostname docs.ukr.net.ssl2.site 2023-12-21
hostname docs.ukr.net.ssl4.site 2023-12-21
hostname drive.certifiedauth.in 2023-12-21
hostname drive.gdocs.com.authssl.site 2023-12-21
hostname drive.gdocs.com.personlog.in 2023-12-21
hostname drive.gdocs.com.ssl2.online 2023-12-21
hostname drive.googie.com.connectssl.in 2023-12-21
hostname drive.googie.com.ssl2.site 2023-12-21
hostname drive.googie.com.ssl4.online 2023-12-21
hostname drive.google.com.getssl.click 2023-12-21
hostname drive.google2.certifiedauth.in 2023-12-21
hostname drive.googles.com.personlog.in 2023-12-21
hostname dynamic.exmo.day 2023-12-21
hostname edisk.ukr.net.ssl1.online 2023-12-21
hostname edisk.ukr.net.ssl2.in 2023-12-21
hostname edisk.ukr.net.ssl2.link 2023-12-21
hostname edisk.ukr.net.ssl3.site 2023-12-21
hostname events.data.certifiedauth.in 2023-12-21
hostname events.data.exmo.day 2023-12-21
hostname events.data.live.com.getssl.click 2023-12-21
hostname exceptions.exmo.day 2023-12-21
hostname files.ukr.net.ssl2.in 2023-12-21
hostname files.ukr.net.ssl2.online 2023-12-21
hostname files.ukr.net.ssl4.online 2023-12-21
hostname fonts.certifiedauth.in 2023-12-21
hostname fonts.google.com.getssl.click 2023-12-21
hostname fonts.google2.certifiedauth.in 2023-12-21
hostname frontend-m.binance.com.exmo.day 2023-12-21
hostname frontend-m.binance.com.personlog.in 2023-12-21
hostname frontend-m.personlog.in 2023-12-21
hostname gateway.messenger.certifiedauth.in 2023-12-21
hostname gateway.messenger.exmo.day 2023-12-21
hostname gateway.messenger.live.com.getssl.click 2023-12-21
hostname gdocs.com.authssl.site 2023-12-21
hostname gdocs.com.personlog.in 2023-12-21
hostname gdocs.com.ssl2.online 2023-12-21
hostname gdrive.com.authssl.site 2023-12-21
hostname gdrive.com.ssl2.online 2023-12-21
hostname gdrive.com.ssl2.site 2023-12-21
hostname geolocation.authcheck.in 2023-12-21
hostname googie.com.authssl.online 2023-12-21
hostname googie.com.authssl.site 2023-12-21
hostname googie.com.connectssl.in 2023-12-21
hostname googie.com.ssl2.site 2023-12-21
hostname googie.com.ssl3.online 2023-12-21
hostname googie.com.ssl4.online 2023-12-21
hostname google.com.getssl.click 2023-12-21
hostname google.com.getssl.ink 2023-12-21
hostname google.com.ssl2.site 2023-12-21
hostname google.com.ssl3.site 2023-12-21
hostname google.exmo.day 2023-12-21
hostname google2.certifiedauth.in 2023-12-21
hostname googleauth.com.ssl3.site 2023-12-21
hostname googledrive.com.ssl2.site 2023-12-21
hostname googles.com.personlog.in 2023-12-21
hostname googletag.exmo.day 2023-12-21
hostname hnd.stats.certifiedauth.in 2023-12-21
hostname images.exmo.day 2023-12-21
hostname lh3.google.com.getssl.click 2023-12-21
hostname lh3.google2.certifiedauth.in 2023-12-21
hostname live.com.exmo.day 2023-12-21
hostname live.com.getssl.click 2023-12-21
hostname login.certifiedauth.in 2023-12-21
hostname login.exmo.day 2023-12-21
hostname login.live.com.exmo.day 2023-12-21
hostname login.live.com.getssl.click 2023-12-21
hostname login.outlook.live.com.exmo.day 2023-12-21
hostname logincdn.certifiedauth.in 2023-12-21
hostname logincdn.exmo.day 2023-12-21
hostname m.binance.com.exmo.day 2023-12-21
hostname m.binance.com.personlog.in 2023-12-21
hostname m.personlog.in 2023-12-21
hostname mail.certifiedauth.in 2023-12-21
hostname mail.google.com.getssl.click 2023-12-21
hostname mail.google2.certifiedauth.in 2023-12-21
hostname messenger.certifiedauth.in 2023-12-21
hostname messenger.exmo.day 2023-12-21
hostname messenger.live.com.getssl.click 2023-12-21
hostname monitor.binance.com.exmo.day 2023-12-21
hostname monitor.binance.com.personlog.in 2023-12-21
hostname monitor.personlog.in 2023-12-21
hostname myaccount.certifiedauth.in 2023-12-21
hostname myaccount.google.com.getssl.click 2023-12-21
hostname myaccount.google2.certifiedauth.in 2023-12-21
hostname net.ssl1.online 2023-12-21
hostname net.ssl1.site 2023-12-21
hostname net.ssl2.in 2023-12-21
hostname net.ssl2.link 2023-12-21
hostname net.ssl2.online 2023-12-21
hostname net.ssl2.site 2023-12-21
hostname net.ssl3.online 2023-12-21
hostname net.ssl3.site 2023-12-21
hostname net.ssl4.online 2023-12-21
hostname net.ssl4.site 2023-12-21
hostname notifications.certifiedauth.in 2023-12-21
hostname notifications.google.com.getssl.click 2023-12-21
hostname notifications.google2.certifiedauth.in 2023-12-21
hostname ns1.authcheck.in 2023-12-21
hostname ns1.authssl.in 2023-12-21
hostname ns1.authssl.link 2023-12-21
hostname ns1.authssl.online 2023-12-21
hostname ns1.authssl.org 2023-12-21
hostname ns1.authssl.site 2023-12-21
hostname ns1.certifiedauth.in 2023-12-21
hostname ns1.connectssl.in 2023-12-21
hostname ns1.exmo.day 2023-12-21
hostname ns1.getssl.click 2023-12-21
hostname ns1.goaccount.link 2023-12-21
hostname ns1.personlog.in 2023-12-21
hostname ns2.authcheck.in 2023-12-21
hostname ns2.authssl.in 2023-12-21
hostname ns2.authssl.link 2023-12-21
hostname ns2.authssl.online 2023-12-21
hostname ns2.authssl.org 2023-12-21
hostname ns2.authssl.site 2023-12-21
hostname ns2.certifiedauth.in 2023-12-21
hostname ns2.connectssl.in 2023-12-21
hostname ns2.exmo.day 2023-12-21
hostname ns2.getssl.click 2023-12-21
hostname ns2.goaccount.link 2023-12-21
hostname ns2.personlog.in 2023-12-21
hostname ogs.certifiedauth.in 2023-12-21
hostname ogs.google.com.getssl.click 2023-12-21
hostname ogs.google2.certifiedauth.in 2023-12-21
hostname outlook-1.cdn.certifiedauth.in 2023-12-21
hostname outlook-1.cdn.exmo.day 2023-12-21
hostname outlook-1.cdn.live.com.getssl.click 2023-12-21
hostname outlook.certifiedauth.in 2023-12-21
hostname outlook.exmo.day 2023-12-21
hostname outlook.live.com.exmo.day 2023-12-21
hostname outlook.live.com.getssl.click 2023-12-21
hostname outlook.outlook.live.com.exmo.day 2023-12-21
hostname play.certifiedauth.in 2023-12-21
hostname play.google.com.getssl.click 2023-12-21
hostname play.google2.certifiedauth.in 2023-12-21
hostname r4.res.certifiedauth.in 2023-12-21
hostname r4.res.exmo.day 2023-12-21
hostname r4.res.live.com.getssl.click 2023-12-21
hostname res.certifiedauth.in 2023-12-21
hostname res.exmo.day 2023-12-21
hostname res.live.com.getssl.click 2023-12-21
hostname secure.certifiedauth.in 2023-12-21
hostname sensors.binance.com.exmo.day 2023-12-21
hostname sensors.binance.com.personlog.in 2023-12-21
hostname sensors.personlog.in 2023-12-21
hostname share.ukr.net.ssl1.site 2023-12-21
hostname share.ukr.net.ssl3.online 2023-12-21
hostname shared.document.drive.googie.com.ssl4.site 2023-12-21
hostname shared.drive.googie.com.ssl4.online 2023-12-21
hostname shared.drive.googie.com.ssl4.site 2023-12-21
hostname ssl.certifiedauth.in 2023-12-21
hostname ssl.google.com.getssl.click 2023-12-21
hostname ssl.google2.certifiedauth.in 2023-12-21
hostname static.binance.com.exmo.day 2023-12-21
hostname static.binance.com.personlog.in 2023-12-21
hostname static.certifiedauth.in 2023-12-21
hostname static.personlog.in 2023-12-21
hostname stats.certifiedauth.in 2023-12-21
hostname t.certifiedauth.in 2023-12-21
hostname ukr.net.ssl1.online 2023-12-21
hostname ukr.net.ssl1.site 2023-12-21
hostname ukr.net.ssl2.in 2023-12-21
hostname ukr.net.ssl2.link 2023-12-21
hostname ukr.net.ssl2.online 2023-12-21
hostname ukr.net.ssl2.site 2023-12-21
hostname ukr.net.ssl3.online 2023-12-21
hostname ukr.net.ssl3.site 2023-12-21
hostname ukr.net.ssl4.online 2023-12-21
hostname ukr.net.ssl4.site 2023-12-21
hostname ws.exmo.day 2023-12-21
hostname www.authcheck.in 2023-12-21
hostname www.authssl.in 2023-12-21
hostname www.authssl.online 2023-12-21
hostname www.binance.com.exmo.day 2023-12-21
hostname www.binance.com.personlog.in 2023-12-21
hostname www.certifiedauth.in 2023-12-21
hostname www.connectssl.in 2023-12-21
hostname www.getssl.ink 2023-12-21
hostname www.google2.certifiedauth.in 2023-12-21
hostname www.hsts.online 2023-12-21
hostname www.personlog.in 2023-12-21
hostname www.ssl2.in 2023-12-21
hostname www.ssl2.link 2023-12-21
hostname www.ssl4.site 2023-12-21
hostname www2.certifiedauth.in 2023-12-21
hostname www2.google.com.getssl.click 2023-12-21
hostname www2.google2.certifiedauth.in 2023-12-21
hostname www3.google.com.getssl.click 2023-12-21
hostname www3.google2.certifiedauth.in 2023-12-21
domain passport2.zip 2023-12-21
hostname com.authssl.online 2023-12-21
hostname com.authssl.site 2023-12-21
hostname com.connectssl.in 2023-12-21
hostname com.exmo.day 2023-12-21
hostname com.getssl.click 2023-12-21
hostname com.getssl.ink 2023-12-21
hostname com.personlog.in 2023-12-21
hostname com.ssl2.online 2023-12-21
hostname com.ssl2.site 2023-12-21
hostname com.ssl3.online 2023-12-21
hostname com.ssl3.site 2023-12-21
hostname com.ssl4.online 2023-12-21
hostname ns1.passport2.zip 2023-12-21
hostname ns2.passport2.zip 2023-12-21
References (1)
↗ https://cert.gov.ua/article/6276799