Hack For Hire Group Targets Legal, Finance and Travel Institutions

JannicabDeathstalkerHackforHirePowersingEvilnumRebsecVoid Balaur

Unlike malware-as-a-service (MAAS), hacking-for-hire companies carry out sophisticated, hands-on attacks and exploit vulnerabilities in executing their campaigns, according to a report by researchers Their interest in gathering sensitive business information leads us to believe that DeathStalker is a group of mercenaries offering hacking-for-hire services, or acting as some sort of information broker in financial circles.

Indicators of Compromise

process.nameSOCRadar2023-04-06

mizuhogroup.usSOCRadar2023-04-06

vote.anobaka.infoSOCRadar2023-04-06

careers.mizuhogroup.usSOCRadar2023-04-06

offerings.cloudSOCRadar2023-04-06

angelbridge.capitalSOCRadar2023-04-06

abf-cap.coSOCRadar2023-04-06

bankofamerica.nycSOCRadar2023-04-06

tptf.usSOCRadar2023-04-06

www.abf-cap.comSOCRadar2023-04-06

docs.azure-protection.cloudSOCRadar2023-04-06

beyondnextventures.coSOCRadar2023-04-06

anobaka.jpSOCRadar2023-04-06

smbcgroup.usSOCRadar2023-04-06

tptf.coSOCRadar2023-04-06

tptf.ltdSOCRadar2023-04-06

mufg.tokyoSOCRadar2023-04-06

kvaladrigrosdrom.topSOCRadar2023-04-06

it.zvc.capitalSOCRadar2023-04-06

kerymarynicegross.topSOCRadar2023-04-06

smbc-vc.comSOCRadar2023-04-06

www.capmarketreport.comSOCRadar2023-04-06

avid.lno-prima.lolSOCRadar2023-04-06

www.angelbridge.jpSOCRadar2023-04-06

scellapreambulus.topSOCRadar2023-04-06

bankofamerica.telSOCRadar2023-04-06

www.onlinecloud.cloudSOCRadar2023-04-06

pillygreamstronh.comSOCRadar2023-04-06

cloud.beyondnextventures.coSOCRadar2023-04-06

smbc.ltdSOCRadar2023-04-06

perseus.bondSOCRadar2023-04-06

cloud.mufg.tokyoSOCRadar2023-04-06

beyondnextventures.comSOCRadar2023-04-06

lbegardingstorque.comSOCRadar2023-04-06

ms.msteam.bizSOCRadar2023-04-06

vppops.comSOCRadar2023-04-06

muasaashishaj.comSOCRadar2023-04-06

edwardpof.comSOCRadar2023-04-06

servicebu.orgSOCRadar2023-04-06

wazalpne.comSOCRadar2023-04-06

hubflash.coSOCRadar2023-04-06

azcloudazure.comSOCRadar2023-04-06

8as1s2.comSOCRadar2023-04-06

wizdomofdo.comSOCRadar2023-04-06

printer-hub.comSOCRadar2023-04-06

mslogger.orgSOCRadar2023-04-06

rombaic.comSOCRadar2023-04-06

zummaride.comSOCRadar2023-04-06

infntio.comSOCRadar2023-04-06

dnstotal.orgSOCRadar2023-04-06

global-imsec.comSOCRadar2023-04-06

msintsvc.comSOCRadar2023-04-06

poccodom.comSOCRadar2023-04-06

coinzre.websiteSOCRadar2023-04-06

qnmarry.comSOCRadar2023-04-06

windows-accs.liveSOCRadar2023-04-06

pinktwinlers.comSOCRadar2023-04-06

travinfor.comSOCRadar2023-04-06

webinfors.comSOCRadar2023-04-06

dustforms.comSOCRadar2023-04-06

borisjns.comSOCRadar2023-04-06

corpxtech.comSOCRadar2023-04-06

superimarkets.comSOCRadar2023-04-06

cdn-msft.comSOCRadar2023-04-06

sirius-market.comSOCRadar2023-04-06

amazoncontent.orgSOCRadar2023-04-06

udporm.comSOCRadar2023-04-06

fastnetbrowsing.comSOCRadar2023-04-06

azuredcloud.comSOCRadar2023-04-06

apidevops.orgSOCRadar2023-04-06

xre.popmonster.ruSOCRadar2023-04-06

roboecloud.comSOCRadar2023-04-06

luccares.comSOCRadar2023-04-06

ecodll.comSOCRadar2023-04-06

weareukrainepeople.comSOCRadar2023-04-06

rowfus.comSOCRadar2023-04-06

laurentprotector.comSOCRadar2023-04-06

hp-prints.comSOCRadar2023-04-06

zerobitfan.comSOCRadar2023-04-06

mscloudin.comSOCRadar2023-04-06

servicejap.comSOCRadar2023-04-06

officelivecloud.comSOCRadar2023-04-06

onesportinc.comSOCRadar2023-04-06

advflat.comSOCRadar2023-04-06

api-printsvc.co.inSOCRadar2023-04-06

namereslv.orgSOCRadar2023-04-06

showsvc.comSOCRadar2023-04-06

ihotel-deals.comSOCRadar2023-04-06

dellscanhw.comSOCRadar2023-04-06

bingapianalytics.comSOCRadar2023-04-06

advertbart.comSOCRadar2023-04-06

voipasst.comSOCRadar2023-04-06

gratedomofrome.comSOCRadar2023-04-06

picodehub.comSOCRadar2023-04-06

cloud-cdn.co.inSOCRadar2023-04-06

mailservicenow.comSOCRadar2023-04-06

mircosoftdoc.comSOCRadar2023-04-06

windowslive-detect.comSOCRadar2023-04-06

polanicia.comSOCRadar2023-04-06

questofma.comSOCRadar2023-04-06

esetupdater.comSOCRadar2023-04-06

www.microsoftbooks.dns-dns.comSOCRadar2023-04-06

moretraveladv.comSOCRadar2023-04-06

msdllopt.comSOCRadar2023-04-06

mediadv.orgSOCRadar2023-04-06

earthviehuge.comSOCRadar2023-04-06

shopamzn.orgSOCRadar2023-04-06

allrivercenter.comSOCRadar2023-04-06

pngdoma.comSOCRadar2023-04-06

multitrolli.comSOCRadar2023-04-06

applecloudnz.comSOCRadar2023-04-06

cloud-appint.comSOCRadar2023-04-06

b.popmonster.ruSOCRadar2023-04-06

econfuss.comSOCRadar2023-04-06

dbcallog.comSOCRadar2023-04-06

cdr-soft.comSOCRadar2023-04-06

corstand.comSOCRadar2023-04-06

imgncdn.onlineSOCRadar2023-04-06

printauthors.comSOCRadar2023-04-06

msftprintsvc.comSOCRadar2023-04-06

atomarket.orgSOCRadar2023-04-06

mailservice-ns.comSOCRadar2023-04-06

assistcustody.xyzSOCRadar2023-04-06

admex.orgSOCRadar2023-04-06

infcloudnet.comSOCRadar2023-04-06

booknerfix.comSOCRadar2023-04-06

liongracem.comSOCRadar2023-04-06

azure-affiliate.comSOCRadar2023-04-06

diamondncenter.bizSOCRadar2023-04-06

tripadvit.comSOCRadar2023-04-06

covidsrc.comSOCRadar2023-04-06

msftmnvm.comSOCRadar2023-04-06

traveladvnow.comSOCRadar2023-04-06

cloudazureservices.comSOCRadar2023-04-06

n90app.comSOCRadar2023-04-06

am-reader.comSOCRadar2023-04-06

amazonappservice.comSOCRadar2023-04-06

visitaustriaislands.comSOCRadar2023-04-06

navyedu.orgSOCRadar2023-04-06

pivotnet.orgSOCRadar2023-04-06

govdefi.comSOCRadar2023-04-06

datetime.datetime.nowSOCRadar2023-04-06

covdd.orgSOCRadar2023-04-06

coreadvc.comSOCRadar2023-04-06

hpcloudlive.comSOCRadar2023-04-06

areteir.comSOCRadar2023-04-06

community-approch.comSOCRadar2023-04-06

realshbe.comSOCRadar2023-04-06

scan-eset.comSOCRadar2023-04-06

cloudappcer.comSOCRadar2023-04-06

covsafezone.comSOCRadar2023-04-06

pal4u.netSOCRadar2023-04-06

api-pixtools.comSOCRadar2023-04-06

bgamifieder.comSOCRadar2023-04-06

ksbyz.jelikob.ruSOCRadar2023-04-06

planetjib.comSOCRadar2023-04-06

gvgnci.comSOCRadar2023-04-06

aidobe-update.comSOCRadar2023-04-06

api-printer-spool.comSOCRadar2023-04-06

murfyslaws.comSOCRadar2023-04-06

bookfinder-ltd.comSOCRadar2023-04-06

adsmachineio.comSOCRadar2023-04-06

shopadvs.comSOCRadar2023-04-06

amzbooks.orgSOCRadar2023-04-06

enigmadah.comSOCRadar2023-04-06

yomangaw.comSOCRadar2023-04-06

cosmoscld.comSOCRadar2023-04-06

faxing-mon.bestSOCRadar2023-04-06

bukjut11.comSOCRadar2023-04-06

cloudhckpoint.comSOCRadar2023-04-06

mlcrosoft.siteSOCRadar2023-04-06

netoode.comSOCRadar2023-04-06

circlett.comSOCRadar2023-04-06

hostboxapp.comSOCRadar2023-04-06

refinance-ltd.comSOCRadar2023-04-06

msftld.comSOCRadar2023-04-06

msftinfo.comSOCRadar2023-04-06

philipfin.comSOCRadar2023-04-06

tomandos.comSOCRadar2023-04-06

deltacldll.comSOCRadar2023-04-06

samsthesis.comSOCRadar2023-04-06

voipreq12.comSOCRadar2023-04-06

squerlyh.comSOCRadar2023-04-06

zalofilescdn.comSOCRadar2023-04-06

chaindefend.bidSOCRadar2023-04-06

amazonpmnt.comSOCRadar2023-04-06

myhomelap.comSOCRadar2023-04-06

informaxima.orgSOCRadar2023-04-06

worldchangeos.comSOCRadar2023-04-06

textmaticz.comSOCRadar2023-04-06

musthavethisapp.comSOCRadar2023-04-06

govtoffice.orgSOCRadar2023-04-06

alipayglobal.orgSOCRadar2023-04-06

covidaff.orgSOCRadar2023-04-06

pdfscan-now.comSOCRadar2023-04-06

ns1.microsoftsonline.netSOCRadar2023-04-06

worldsiclock.comSOCRadar2023-04-06

schememicrosoft.comSOCRadar2023-04-06

afftrackmedia.comSOCRadar2023-04-06

installcb.onlineSOCRadar2023-04-06

msft-cdn.cloudSOCRadar2023-04-06

svclouds.comSOCRadar2023-04-06

amazoncld.comSOCRadar2023-04-06

leads-management.netSOCRadar2023-04-06

eclipso.chSOCRadar2023-04-06

msftapp.comSOCRadar2023-04-06

agagian.comSOCRadar2023-04-06

webdirectoryuk.comSOCRadar2023-04-06

trvolume.netSOCRadar2023-04-06

streamsrvc.comSOCRadar2023-04-06

bunflun.comSOCRadar2023-04-06

ammaze.orgSOCRadar2023-04-06

ezteching.comSOCRadar2023-04-06

upservicemc.comSOCRadar2023-04-06

audio-azure.comSOCRadar2023-04-06

kgcharles.comSOCRadar2023-04-06

refsurface.comSOCRadar2023-04-06

meetomoves.comSOCRadar2023-04-06

konyork.comSOCRadar2023-04-06

weatherlocate.comSOCRadar2023-04-06

msftcd.comSOCRadar2023-04-06

bookaustriavisit.comSOCRadar2023-04-06

api.win640.comSOCRadar2023-04-06

moreofestonia.comSOCRadar2023-04-06

orbiz.meSOCRadar2023-04-06

book-advp.comSOCRadar2023-04-06

flightpassist.comSOCRadar2023-04-06

covidsvcrc.comSOCRadar2023-04-06

www.atomicmatryoshka.comSOCRadar2023-04-06

msft-domains.comSOCRadar2023-04-06

rocketcht.ruSOCRadar2023-04-06

json.ama-prime-client.comSOCRadar2023-04-06

orklaus.comSOCRadar2023-04-06

estoniaforall.comSOCRadar2023-04-06

www.mlcrosoft.siteSOCRadar2023-04-06

azueracademy.comSOCRadar2023-04-06

netpixelds.comSOCRadar2023-04-06

kamikirim.my.idSOCRadar2023-04-06

jarviservice.orgSOCRadar2023-04-06

flyingpackagetrack.comSOCRadar2023-04-06

prodeload.comSOCRadar2023-04-06

vvxtech.netSOCRadar2023-04-06

telefx.netSOCRadar2023-04-06

938jss.comSOCRadar2023-04-06

msftcrs.comSOCRadar2023-04-06

9356.popmonster.ruSOCRadar2023-04-06

apple-sdk.comSOCRadar2023-04-06

msfsvctassist.comSOCRadar2023-04-06

outlooksyn.comSOCRadar2023-04-06

networkcanner.comSOCRadar2023-04-06

api.adobe.com.kzSOCRadar2023-04-06

mstreamvc.comSOCRadar2023-04-06

estimefm.orgSOCRadar2023-04-06

inetp-service.comSOCRadar2023-04-06

fxmt4x.comSOCRadar2023-04-06

advideoc.orgSOCRadar2023-04-06

firedomez.comSOCRadar2023-04-06

plantgrn.comSOCRadar2023-04-06

dn-mcrosoft.comSOCRadar2023-04-06

check-avg.comSOCRadar2023-04-06

sherence.ruSOCRadar2023-04-06

netrcmapi.comSOCRadar2023-04-06

realmacblog.comSOCRadar2023-04-06

pcamanalytics.comSOCRadar2023-04-06

emobileservices.clubSOCRadar2023-04-06

trquotesys.comSOCRadar2023-04-06

searchvpics.comSOCRadar2023-04-06

extrasectr.comSOCRadar2023-04-06

driver-wds.comSOCRadar2023-04-06

symantecq.comSOCRadar2023-04-06

cloudamazonft.comSOCRadar2023-04-06

canopustr.comSOCRadar2023-04-06

appcellor.comSOCRadar2023-04-06

thesailormaid.comSOCRadar2023-04-06

olymacademy.comSOCRadar2023-04-06

eu-mcrosoft.comSOCRadar2023-04-06

appdllsvc.comSOCRadar2023-04-06

mailgunltd.comSOCRadar2023-04-06

xlmfx.comSOCRadar2023-04-06

invgov.orgSOCRadar2023-04-06

csmmmsp099q.comSOCRadar2023-04-06

praxpay.orgSOCRadar2023-04-06

cargoargs.comSOCRadar2023-04-06

isbigfish.xyzSOCRadar2023-04-06

jmarrycs.comSOCRadar2023-04-06

msft-dev.comSOCRadar2023-04-06

azurecontents.comSOCRadar2023-04-06

amzncldn.comSOCRadar2023-04-06

msfastbrowse.comSOCRadar2023-04-06

futureggs.comSOCRadar2023-04-06

robmkg.comSOCRadar2023-04-06

anypicsave.comSOCRadar2023-04-06

iteamates.comSOCRadar2023-04-06

azureservicesapi.comSOCRadar2023-04-06

trvol.comSOCRadar2023-04-06

ananoka.comSOCRadar2023-04-06

6b4s.popmonster.ruSOCRadar2023-04-06

netwebsoc.comSOCRadar2023-04-06

oauth-azure.comSOCRadar2023-04-06

pallomnareraebrazo.comSOCRadar2023-04-06

qeliabhat.comSOCRadar2023-04-06

forceground.coSOCRadar2023-04-06

bookingitnow.orgSOCRadar2023-04-06

goalrom.comSOCRadar2023-04-06

lgnsyjcm9801.openSOCRadar2023-04-06

appronto.inSOCRadar2023-04-06

ntlmsvc.comSOCRadar2023-04-06

cspapop110.comSOCRadar2023-04-06

globaladdressbook.cloudSOCRadar2023-04-06

crm-domain.netSOCRadar2023-04-06

procyonstr.comSOCRadar2023-04-06

cashcores.orgSOCRadar2023-04-06

auzebook.comSOCRadar2023-04-06

adsoftpic.comSOCRadar2023-04-06

ns.mircosoftdoc.comSOCRadar2023-04-06

www.ciphertechsolutions.comSOCRadar2023-04-06

mcafee-secd.comSOCRadar2023-04-06

oglmart.comSOCRadar2023-04-06

dnserviceapp.comSOCRadar2023-04-06

wicommerece.comSOCRadar2023-04-06

hostedl.comSOCRadar2023-04-06

iserverxmlhttprequest2.openSOCRadar2023-04-06

kalpoipolpmi.netSOCRadar2023-04-06

nvidiaupdater.comSOCRadar2023-04-06

storangefilecloud.vipSOCRadar2023-04-06

affijay.comSOCRadar2023-04-06

kdr.zarkada.ruSOCRadar2023-04-06

nortonalytics.comSOCRadar2023-04-06

rocketchat.gaSOCRadar2023-04-06

thismads.comSOCRadar2023-04-06

leandroascierto.comSOCRadar2023-04-06

eroclasp.comSOCRadar2023-04-06

covidgov.orgSOCRadar2023-04-06

azuredllservices.comSOCRadar2023-04-06

quotingtrx.comSOCRadar2023-04-06

roblexmeet.comSOCRadar2023-04-06

apiygate.comSOCRadar2023-04-06

elitefocuc.comSOCRadar2023-04-06

allmyad.comSOCRadar2023-04-06

apple-cdrp.comSOCRadar2023-04-06

service-azure.comSOCRadar2023-04-06

cloudreg-email.comSOCRadar2023-04-06

mailcloudservices.orgSOCRadar2023-04-06

amzn-services.comSOCRadar2023-04-06

deuoffice.orgSOCRadar2023-04-06

ve0.popmonster.ruSOCRadar2023-04-06

veritechx.comSOCRadar2023-04-06

sellcoread.comSOCRadar2023-04-06

dogeofcoin.comSOCRadar2023-04-06

mevcsft.comSOCRadar2023-04-06

plancetron.comSOCRadar2023-04-06

ssl-certinfo.euSOCRadar2023-04-06

azurecfd.comSOCRadar2023-04-06

aka7newmalp23.comSOCRadar2023-04-06

print-hpcloud.comSOCRadar2023-04-06

missft.comSOCRadar2023-04-06

msftprint.comSOCRadar2023-04-06

telecomwl.comSOCRadar2023-04-06

cyphschool.comSOCRadar2023-04-06

cloudpdom.comSOCRadar2023-04-06

windnetap.comSOCRadar2023-04-06

airmail.ccSOCRadar2023-04-06

soundstuner.comSOCRadar2023-04-06

findmypcs.comSOCRadar2023-04-06

travelbooknow.orgSOCRadar2023-04-06

rocketcht.cfSOCRadar2023-04-06

khnga.comSOCRadar2023-04-06

multizoom.orgSOCRadar2023-04-06

printfiledn.comSOCRadar2023-04-06

flowerads.cloudSOCRadar2023-04-06

amznapis.comSOCRadar2023-04-06

imageztun.comSOCRadar2023-04-06

mainsingular.comSOCRadar2023-04-06

oautho.comSOCRadar2023-04-06

sysconfwmi.comSOCRadar2023-04-06

msfbckupsc.comSOCRadar2023-04-06

imagegyne.comSOCRadar2023-04-06

freepbxs.comSOCRadar2023-04-06

mullticon.comSOCRadar2023-04-06

getappcloud.comSOCRadar2023-04-06

outlookfnd.comSOCRadar2023-04-06

netmsvc.comSOCRadar2023-04-06

newedgeso.comSOCRadar2023-04-06

svcscom.comSOCRadar2023-04-06

eroeurovc.comSOCRadar2023-04-06

windows-ddnl.comSOCRadar2023-04-06

anyfoodappz.comSOCRadar2023-04-06

moneybac.ruSOCRadar2023-04-06

totaledgency.comSOCRadar2023-04-06

voipssupport.comSOCRadar2023-04-06

microsft-community.comSOCRadar2023-04-06

checkpoint-ds.comSOCRadar2023-04-06

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Remediations

Ensure your website is HTTPs. Most sites I've seen in this realm use a combination of contact email and/or web form. You don't want sensitive information intercepted because of insecure websites. As few people as possible should have admin access to the site, and anything related to publishing. Use as few extensions and plugins as possible. Paying for domain anonymity services is useful if required.
Consider using an alias for public facing email addresses. Additionally, lock down all email addresses with multifactor authentication (MFA). The same goes for backup/recovery emails tied to the main account(s).
If you have the choice of SMS codes or authentication apps/hardware based security keys for 2FA, choose the latter. SMS won't work with no signal reception, and fraudsters may divert your SMS codes via SIM swapping.
Consider using a password manager for organization-specific passwords. If you need to share logins, use a management tool which allows you to share logins without revealing the password itself. Should you land on a phishing site, your password manager won't pre-fill your details into the bogus portal.

Reports & References3

[object Object][object Object][object Object]

Observed Countries14

AE (921)

AR (878)

CH (700)

CN (246)

CY (847)

EG (822)

GB (393)

GE (90)

IL (519)

LB (126)

RU (887)

SA (402)

TR (212)

TW (441)