Anything sold on the market, especially necessities, are fair game to phishers as campaign hooks. And that’s just what we saw happening with an ongoing phishing campaign targeting German car dealership companies.1
Apart from avoiding 37 domains identified as indicators of compromise (IoCs), blocking access to a couple more artifacts we found through an in-depth analysis may be necessary. We discovered:
- A couple of unredacted registrant email addresses
- More than 1,200 possibly connected domains (some registered using the identified unredacted email addresses while others shared the domain IoCs’ IP hosts or contained the same strings)
- Several IP address resolutions of the domain IoCs
- A dozen possibly connected domains dubbed “malicious” by various malware engines
Download a sample of the threat research materials now or contact us for accessing the complete research materials.
---
- [1] https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/
- [2] https://otx.alienvault.com/pulse/628310c8bc783c2680c6ea60