Category: Google

Countering threats from Iran

Technical DetailsIndicators from APT28 phishing campaign:service-reset-password-moderate-digital.rf[.]gdreset-service-identity-mail.42web[.]iodigital-email-software.great-site[.]netIndicators from APT35 campaigns:Abused Google Properties:https://sites.google[.]com/view/ty85yt8tg8-download-rtih4ithr/https://sites.google[.]com/view/user-id-568245/https://sites.google[.]com/view/hhbejfdwdhwuhscbsb-xscvhdvbc/Abused Dropbox Properties:https://www.dropbox[.]com/s/68y4vpfu8pc3imf/Iraq&Jewish.pdfPhishing Domains:nco2[.]livesummit-files[.]comfiletransfer[.]clubcontinuetogo[.]meaccessverification[.]onlinecustomers-verification-identifier[.]siteservice-activity-session[.]onlineidentifier-service-review[.]siterecovery-activity-identification[.]sitereview-session-confirmation[.]siterecovery-service-activity[.]siteverify-service-activity[.]siteservice-manager-notifications[.]infoAndroid App:https://www.virustotal.com/gui/file/5d3ff202f20af915863eee45916412a271bae1ea3a0e20988309c16723ce4da5/detectionAndroid App C2:communication-shield[.]sitecdsa[.]xyz