Operation Celestial Force is advanced persistent threat (APT) group Cosmic Leopard’s latest campaign targeting organizations primarily based in India.1 The threat actors used an Android and Windows malware combination to steal confidential data from targets.
A report of an in-depth investigation of Operation Celestial Force identified 19 domains as indicators of compromise (IoCs), which the WhoisXML API research team expanded to uncover other potentially connected artifacts.
Our in-depth analysis aided by DNS intelligence led to the discovery of:
- Three email-connected domains
- 15 IP addresses, all of which turned out to be malicious
- 35 string-connected domains
- 3,927 brand-containing domains, nine of which turned out to be associated with various threats
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://blog.talosintelligence.com/cosmic-leopard/