IOC Radar
TLP:WHITE5 IOCs

Ghostwriter Phishing Infrastructure Targets Gmail and Ukrainian Email Portal Users

CP
Cyber Press
Published June 29, 2026Original Report

Threat Actors

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYUNC1151INFRASTRUCTUREaccounts-verification…mail.service-support.…45.197.133.104CAPABILITYunknownVICTIMunknown
Adversary(1)
Infrastructure(3)
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise5

TypeIndicatorConfidenceScoreFirst Seen
SHA2562434e1a88cf2effa13fc4eb335560e3cf49790ddd4bd0df7e100de9867a19748
file-hashindicatorintel-blog
Medium
53
Jun 29, 26
Domainaccounts-verification.cc.cd
indicatorintel-blognetwork
High
58
Jun 29, 26
Domainmail.service-support.digital
indicatorintel-blognetwork
High
58
Jun 29, 26
SHA2566542f8fa3e1f00a3c0e9994c34d8b49d2c3d2684cf73c23a0b1030daaaaa4786
file-hashindicatorintel-blog
Medium
53
Jun 29, 26
IP45.197.133.104
indicatorintel-blognetwork
High
58
Jun 29, 26

IOC Relationship Graph

IOC Relationship Graph5 total IOCs
SHA256DomainIP
SHA2562Domain2IP1Actors1REPORTGhostwriter Phishing InfraUNC1151
scroll to zoom · drag to pan · click IOC to open