This alert highlights those threats.
CCTC Top Indicators
A continuously updated comprehensive list of the vetted top threat indicators (domains, hashes,
IPs, and URLs) by the COVID-19 Cyber Threat Coalition can be found here:
o https://otx.alienvault.com/pulse/5e8e82183197e44938ee9eb8
o https://blacklist.cyberthreatcoalition.org/vetted/
General News & Advisories
- The weekly COVID19 Cyber Threat Coalition Town Hall took place on Thursday 4/30. A full
replay can be found on the CCTC YouTube channel:
https://www.youtube.com/channel/UCHfhxcqhQADRV2h5hFgqAww (removed) - EUROPOL: BEYOND THE PANDEMIC – WHAT WILL THE CRIMINAL LANDSCAPE LOOK LIKE AFTER
COVID-19?
o New Europol report assesses the impact of the pandemic on serious and organized crime
across three phases
o https://www.europol.europa.eu/newsroom/news/beyond-pandemic-what-will-criminallandscape-look-after-covid-19 - Cyber Shield Bulletin – April 30, 2020
o https://slack-files.com/files-pri-safe/T01029239SBF0131H5NTN0/cyber_shield_043020.pdf?c=1588326076-08db40b2f9dd584b - Criminals Quick to Exploit COVID-19 Crisis in Europe
o https://www.securityweek.com/criminals-quick-exploit-covid-19-crisis-europe - Michigan Man Charged With COVID-19-Related Wire Fraud Scheme
o https://www.justice.gov/usao-ndca/pr/michigan-man-charged-covid-19-related-wirefraud-scheme - Measuring Abuse: How Much COVID-Related Abuse Is There, Really?
o http://www.circleid.com/posts/20200430-measuring-abuse-how-much-covid-relatedabuse-is-there/
Indicators of Compromise
- COVID-19 fraudulent domains, malware hashes, and emails
- Indicators include 200+ domains/URLs/hostnames, along with 4 hashes, which can be found at
this link: https://otx.alienvault.com/pulse/5eaad977d4146a7212cbe3b0
Email Threats
- Email Addresses tied to Coronavirus “test-kits” and “N95 surgical masks” scam
o Indicators include 1 domain, 1 hostname, and 36 emails, which can be found at this link:
o https://otx.alienvault.com/pulse/5eaac9d9fc8c9733c7bc92cb - Here is a bucket of email addresses, about half of which are tied to a list of 39 domains found
earlier this week, which were posted to the anti-fraud/ anti-BEC forum StopScamFraud (Medical
Scams). These are all tied to a scam advertising N95 face masks and Coronavirus test kits.
If anyone has any information related to this alert, the GIOC can be contacted at GIOC@usss.dhs.gov.
Sources & Additional Resources:
- United States Secret Service
- COVID-19 Exploited by Malicious Cyber Actors. Alert (AA20-099A)
- Fact Sheet: DHS is Taking on COVID-19 Related Fraud
- Department of Justice Announces Disruption of Hundreds of Online COVID-19 Related Scams
- Threat actors exploiting the novel corona virus epidemic
- Remote Cyber Security Solutions Suite
- Increase in Extortionate Emails – USSS Information Alert
- Cyber Emergency Response – Incident Response Retainer
Is your company hit by a Cyber Crime? Contact LIFARS today for 24/7 help, more information and guidance!