A few months ago I was informed of an investigation into a type of fraud that sees some infrastructure based in Russia at the center of attention. I was contacted because Matrix had reported a domain that was later used for fraud.
This is the report:
https://urlscan.io/result/37dd713d-0cfe-4fd4-a377-1f154ecd2f4f/
This is the full article on Qurium:
Following the chat with the journalist conducting the investigation, I developed some new indicators to detect this type of threat, you can find them (obviously on urlscan) here:
Emiliano Carlesi's blog 