Dear blog readers,
In this analysis I'll provide actionable intelligence on the LabHost phishing as a service cybercrime enterprise.
Sample URLs known to have been involved in the campaign include:
hxxp://labhost[.]cc
hxxp://labhost[.]co
hxxp://labhost[.]xyz - Email: zztopd[.]rambler.ru
hxxp://labhost[.]ru
hxxp://lab-host[.]ru
Related domains known to have been registered using [email protected]:
hxxp://russiancloud[.]xyz
hxxp://onelab[.]xyz
hxxp://onebio[.]xyz
hxxp://inforussia[.]xyz
hxxp://labservice[.]xyz
hxxp://labcentral[.]xyz
hxxp://gorussian[.]xyz
hxxp://ecoserver[.]xyz
hxxp://iotmed[.]xyz
hxxp://ecolenta[.]xyz
hxxp://fedlab[.]xyz
hxxp://fedinfo[.]xyz
hxxp://fedhost[.]xyz
hxxp://freerussia[.]xyz
hxxp://federalpost[.]xyz
hxxp://federalnet[.]xyz
hxxp://federalinfo[.]xyz
hxxp://federalhost[.]xyz
hxxp://murietta[.]ru
hxxp://federalcloud[.]xyz
hxxp://medcloud[.]xyz
hxxp://5koleso[.]xyz
hxxp://webrussia[.]xyz
hxxp://redmachine[.]xyz
hxxp://russianweb[.]xyz
hxxp://ru-linux[.]xyz
hxxp://medlenta[.]xyz
hxxp://mybiocloud[.]xyz
hxxp://medithink[.]xyz
hxxp://red-square[.]xyz
hxxp://invitrolab[.]xyz
hxxp://federalweb[.]xyz
hxxp://fedserver[.]xyz
hxxp://biocasino[.]xyz
hxxp://biosms[.]xyz
hxxp://fednet[.]xyz
hxxp://biodroid[.]xyz
hxxp://bioserver[.]xyz
hxxp://bioportal[.]xyz
hxxp://biolive[.]xyz
hxxp://biolenta[.]xyz
hxxp://biohost[.]xyz
hxxp://kindzadza[.]xyz
hxxp://gomama[.]xyz
hxxp://redsquare[.]xyz
hxxp://liveinternet[.]xyz
hxxp://rulinux[.]xyz
hxxp://papa-mama[.]xyz
hxxp://onbio[.]xyz
hxxp://astra77[.]xyz
Sample responding IPs:
34[.]98[.]99[.]30
91[.]215[.]43[.]219
185[.]156[.]42[.]4
158[.]69[.]138[.]108
194[.]28[.]86[.]146
23[.]111[.]174[.]83
23[.]111[.]137[.]182
91[.]195[.]240[.]117
170[.]178[.]183[.]18
103[.]224[.]212[.]219
199[.]115[.]116[.]43
103[.]224[.]182[.]250
5[.]79[.]79[.]212
103[.]224[.]212[.]210
91[.]214[.]124[.]221
81[.]171[.]22[.]6
185[.]178[.]208[.]34
194[.]58[.]112[.]165
91[.]215[.]43[.]156
104[.]21[.]65[.]189
172[.]67[.]191[.]126
172[.]67[.]30[.]242
104[.]22[.]11[.]98
104[.]22[.]10[.]98
172[.]67[.]165[.]61
198[.]105[.]254[.]11
104[.]21[.]73[.]181
69[.]64[.]155[.]178
52[.]87[.]81[.]7
108[.]61[.]211[.]100
52[.]72[.]115[.]242
45[.]76[.]92[.]34
8[.]5[.]1[.]32
34[.]120[.]137[.]41
37[.]140[.]192[.]148
37[.]140[.]192[.]254