Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.
We’ve decided to take a closer look at the U.S Elecetion 2016 interference provoked by several spear phishing and malicious campaigns courtesy of Russia for the purpose of offering and providing actionable threat intelligence including possible attribution clues for some of the known participants in this campaign potentially assisting fellow researchers and Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns.
In this analysis we’ll take a closer look at the Internet connected infrastructure behind the U.S Election 2016 campaign in terms of malicious activity and offer practical and relevant including actionable threat intelligence on their whereabouts.
Sample malicious and fraudulent C&C domains known to have participated in the U.S Elections 2016 campaign:
linuxkrnl[.]net
accounts-qooqle[.]com
account-gooogle[.]com
accoounts-google[.]com
account-yahoo[.]com
accounts-googlc[.]com
accoutns-google[.]com
addmereger[.]com
akamainet[.]net
akamaivirusscan[.]com
apple-icloud-services[.]com
apple-notification[.]com
arabianbusinessreport[.]com
azamtelecom[.]com
babylonn[.]com
baengmail[.]com
boobleg[.]com
chinainternetservices[.]com
com-hdkurknfkjdnkrnngujdknhgfr[.]com
combin-banska-stiavnica[.]com
cvk-leaks[.]com
fb-security[.]com
g00qle[.]com
global-exchange[.]net
googlesetting[.]com
hlbnk[.]com
homesecuritysystems-sale[.]com
icloud-localisation[.]com
imperialc0nsult[.]com
informationen24[.]com
interglobalswiss[.]com
intra-asiarisk[.]com
invest-sro[.]com
iphone-onlineshopping[.]net
kur4[.]com
lastdmp[.]com
localisation-apple-icloud[.]com
localisation-apple-support[.]com
localisation-mail[.]com
login-163[.]com
login-kundenservice[.]com
magic-exchange[.]com
mail-apple-icloud[.]com
mailpho[.]com
malprosoft[.]com
medicalalertgroup[.]com
megafileuploader[.]com
mfadaily[.]com
mfapress[.]com
militaryexponews[.]com
msoftonline[.]com
myaccountgoogle[.]com
myaccountsgoogle[.]com
mydomainlookup[.]net
mypmpcert[.]com
net-a-porter-coupon[.]com
newiphone-online[.]net
newiphone-supply[.]net
newreviewgames[.]com
nobel-labs[.]net
nvidiaupdate[.]com
obamacarerx[.]net
onlinecsportal[.]com
pass-google[.]com
password-google[.]com
paydaytoday-uk[.]com
pb-forum[.]com
planetaryprogeneration[.]com
regionoline[.]com
security-notifications[.]com
service-facebook[.]com
servicesupdates[.]com
set121[.]com
set132[.]com
set133[.]com
sicherheitsteam-pp[.]com
sicherheitsteam-pp[.]net
skypeupdate[.]com
smp-cz[.]com
soft-storage[.]com
solutionmanualtestbank[.]com
ssl-icloud[.]com
team-google[.]com
techlicenses[.]com
techlicenses[.]net
ua-freedom[.]com
updates-verify[.]com
us-mg7mail-transferservice[.]com
us-westmail-undeliversystem[.]com
us6-yahoo[.]com
vatlcan[.]com
wordpressjointventure[.]com
ya-support[.]com
yandex-site[.]com
yepost[.]com
Related malicious and fraudulent emails known to have participated in the U[.]S Elections 2016 campaign:
julienobruno@hotmail[.]com
jenna[.]stehr@mail[.]com
s[.]simonis@mail[.]com
domreg@247livesupport[.]biz
kumarhpt@yahoo[.]com
aksnes[.]thomas@yahoo[.]com
yingw90@yahoo[.]com
andre_roy@mail[.]com
myprimaryreger@gmail[.]com
okorsukov@yahoo[.]com
tzubtfpx5@mail[.]ru
annaablony@mail[.]com
jamesyip823@gmail[.]com
tmazaker@gmail[.]com
emmer[.]brown@mail[.]com
qupton@mail[.]com
adel[.]rice@mail[.]com
trainerkart2@gmail[.]com
cowrob@mail[.]com
direct2playstore@gmail[.]com
cffaccll@mail[.]com
drgtradingllc@gmail[.]com
jack2020@outlook[.]com
pdkt00@Safe-mail[.]net
david_thompson62@aol[.]com
distardrupp@gmail[.]com
perplencorp@gmail[.]com
spammer11@superrito[.]com
jilberaner@yahoo[.]de
snowyowl@jpnsec[.]com
asainchuk@gmail[.]com
OKEKECHIDIC@GMAIL[.]COM
abelinmarcel@outlook[.]fr
idesk[.]corp[.]apple[.]com@gmail[.]com
mutantcode@outlook[.]fr
pier@pipimerah[.]com
vrickson@mail[.]com
prabhakar_malreddy@yahoo[.]com
Sample related email known to have participated in the U[.]S Elections 2016 campaign:
jack2020@outlook[.]com
Sample Maltego Graph of a sample malicious and fraudulent domain registrant known to have participated in the U.S Election 2016 campaign:
Sample related domains known to have participated in the U.S Elections 2016 campaign:
support-forum[.]org
oceaninformation[.]org
vodafoneupdate[.]org
succourtion[.]org
eascd[.]org
northropgruman[.]org
apple-iphone-services[.]com
localisation-security-icloud[.]com
applesecurity-supporticloud[.]com
icloud-iphone-services[.]com
icloud-id-localisation[.]com
apple-localisation-id[.]com
identification-icloud-id[.]com
cloud-id-localisation[.]com
support-security-icloud[.]com
identification-apple-id[.]com
localisation-apple-security[.]com
security-icloud-localisation[.]com
dabocom[.]com
quick-exchange[.]com
hygani[.]com
hztx88[.]com
sddqgs[.]net
qufu001[.]com
lutushiqi[.]com
gsctgs[.]com
tazehong[.]com
hthgj[.]com
kvistberga[.]com
bjytj[.]net
cqhuicang[.]com
softbank-tech[.]com
osce-press[.]org
maxidea[.]tw
sdti[.]tw
gmailcom[.]tw
zex[.]tw
gain-paris-notaire[.]fr
loto-fdj[.]fr
client-amzon[.]fr
idse-orange[.]fr
rgraduzkfghgd[.]com
jmhgjqtmhanoncp[.]com
stwdchstclovuzk[.]com
puxqtyrwzuzybgzehc[.]com
maatil[.]com[.]ng
surestbookings[.]com
asatuyouth[.]org[.]ng
hanna[.]ng
hostlink[.]com[.]ng
sirbenlimited[.]com
dce[.]edu[.]ng
eventsms[.]com[.]ng
krsbczmxwdsjwtizmx[.]com
alizirwzyjazurof[.]com
zslipanehule[.]com
cxotonspmjkxw[.]com
wpifmhyjkxyt[.]com
ngvsngpwdidmn[.]com
imperialvillas[.]com[.]ng
lipyhgpofsnifste[.]com
flexceeweb[.]com
fgfcpkdcnebgduls[.]com
shinjiru[.]us
supportchannel[.]net
couponofferte[.]com
psepaperindustrial[.]com
lakws[.]com
perplencorp[.]com
lbchemtrade[.]com
viaggibelli[.]com
liontitco[.]com
svendiamo[.]com
orogenicgroup[.]com
giudeviaggio[.]com
greenskill[.]net
siteseditor[.]net
e-mail-supports[.]com
biplen[.]com
infradesajohor[.]com
dealhot[.]net
suanmin[.]com
on9on9[.]com
accoutns-google[.]com
puroniq[.]com
sinqa[.]com
sadihadi[.]com
mrangkang[.]com
terumbu[.]com
phygitail[.]com
veraniq[.]com
potxr[.]com
icraw[.]com
thearoid[.]com
teempo[.]com
parblue[.]com
mydomainlookup[.]net
adrianvonziegler[.]net
zetindustries[.]com
researchs[.]com[.]ng
joymoontech[.]com
researchmaterials[.]com[.]ng
james823[.]com
oneibeauty[.]net
We’ll continue monitoring the campaign and post updates as soon as new developments take place.
Stay tuned!
The post Profiling Russia’s U.S Election Interference 2016 – An OSINT Analysis appeared first on Security Boulevard.
Article Link: Profiling Russia's U.S Election Interference 2016 - An OSINT Analysis - Security Boulevard