THREAT OPS › Threat News › Welcome to BlackFile: Inside a Vishing Extortion Operation
Welcome to BlackFile: Inside a Vishing Extortion Operation
<div class="block-paragraph_advanced"><p>Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo</p> <hr /></div> <div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span><strong style="vertical-align: baseline;"> </strong></h3> <p><span style="vertical-align: baseline;">Google Threat Intelligence Group (GTIG) has continued to track an expa
Attributed threat actors
- SilenceG0091
MITRE ATT&CK techniques
- Adversary-in-the-MiddleT1557
- SharepointT1213.002
- IP AddressesT1590.005
- Email AccountsT1586.002
- Social EngineeringT1684
- Email AccountsT1585.002
- Email AddressesT1589.002
- Search EnginesT1593.002
- Employee NamesT1589.003
- Automated ExfiltrationT1020
- Device RegistrationT1098.005
- PowerShellT1059.001
- Multi-Factor AuthenticationT1556.006
Indicators of compromise
- 59b667464a0d3c503320bfa43b165d4633288fd0d4226ff51108ac0f9dd02a97sha256
- https://organization.sharepoint.com/sites/Legal_Archive/url
- https://company.sharepoint.com/sites/ProductionOps/url
- https://www.virustotal.com/gui/collection/59b667464a0d3c503320bfa43b165d4633288fd0d4226ff51108ac0f9dd02a97/summaryurl
- victim.user@organization.comemail
- victim.user@company.comemail
- 179.43.185.226ipv4
- enrollms.comdomain
- passkeyms.comdomain
- setupsso.comdomain
- gmail.comdomain
- getsession.orgdomain