Win$ton: a Russian-Speaking Scam Group Targeting Middle-Eastern Customers
Tags
| country: | Argentina United Arab Emirates Kuwait Italy Saudi Arabia Qatar Russia Taiwan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Phishing - T1660 Phishing - T1566 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 247b5947-c760-46f7-91f2-83a71a14d4c8 |
| Fingerprint | 9c208d5b290aa7cc |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 21, 2023, midnight |
| Added to db | Oct. 22, 2023, 11:48 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Win$ton: a Russian-Speaking Scam Group Targeting Middle-Eastern Customers |
| Title | Win$ton: a Russian-Speaking Scam Group Targeting Middle-Eastern Customers |
| Detected Hints/Tags/Attributes | 67/3/44 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 152 | ✔ | YLabs | https://labs.yarix.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | winston.example.com |
|
| Details | Domain | 1 | lacost.host |
|
| Details | Domain | 1 | albaik.drunkgnomes.com |
|
| Details | Domain | 1 | seangroathouse.com |
|
| Details | Domain | 1 | knowtheledgemedia.com |
|
| Details | Domain | 1 | modernmtman.com |
|
| Details | Domain | 1 | neelroadbaptistchurch.com |
|
| Details | Domain | 1 | meyaway.com |
|
| Details | Domain | 1 | drmelsmusings.com |
|
| Details | Domain | 1 | gymbotest.com |
|
| Details | Domain | 1 | goldensand.org |
|
| Details | Domain | 1 | uae-kfc.vigilantalliance.com |
|
| Details | Domain | 1 | emiratesdraw-uae.staypift.com |
|
| Details | Domain | 1 | aaryatables.com |
|
| Details | Domain | 1 | guildclone.com |
|
| Details | Domain | 1 | stylessierra.com |
|
| Details | Domain | 1 | drdermashop.com |
|
| Details | Domain | 1 | zeemanvacatures.com |
|
| Details | Domain | 1 | rmr-rfq.com |
|
| Details | Domain | 1 | toplinees.com |
|
| Details | Domain | 1 | maxframesss.com |
|
| Details | Domain | 1 | listcaves.com |
|
| Details | Domain | 1 | pricesonz.com |
|
| Details | Domain | 1 | allpcsz.com |
|
| Details | Domain | 1 | topnethsz.com |
|
| Details | Domain | 1 | promo.tajtechau.com |
|
| Details | Domain | 1 | dkanedev.com |
|
| Details | Domain | 1 | albaik-uae.nysxfund.com |
|
| Details | Domain | 1 | albaik-promo.healthyingo.com |
|
| Details | Domain | 1 | albaik-promo.drupality.com |
|
| Details | Domain | 1 | albaik-promo.novazgrada.com |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1 | winston.php |
|
| Details | File | 1 | sendtotg.php |
|
| Details | File | 1 | posttg.php |
|
| Details | File | 94 | config.php |
|
| Details | IPv4 | 1 | 62.204.41.61 |
|
| Details | IPv4 | 2 | 62.204.41.242 |
|
| Details | IPv4 | 1 | 62.204.41.145 |
|
| Details | IPv4 | 1 | 185.137.235.119 |
|
| Details | IPv4 | 1 | 185.161.248.250 |
|
| Details | IPv4 | 1 | 194.26.135.188 |
|
| Details | IPv4 | 1 | 31.41.244.47 |
|
| Details | IPv4 | 1 | 62.197.49.94 |