← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.
Tycoon 2FA was discovered by Sekoia analysts in October 2023 during routine threat hunting, but it has been active since at least August 2023, when the Saad Tycoon group offered it through private Telegram channels. The PhaaS kit shares similarities with other adversary-in-the-middle (AitM) platforms, such as Dadsec OTT, suggesting possible code reuse or a collaboration between developers.
Indicators of Compromise (70)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| BitcoinAddress | 19NReVFKJsYYCCFLq1uNKYrUqQE2bB4Jwx | — | 2024-03-26 | |
| FileHash-MD5 | cfcd208495d565ef66e7dff9f98764da | MD5 of 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 | 2024-03-26 | |
| FileHash-SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c | SHA1 of 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 | 2024-03-26 | |
| FileHash-SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 | — | 2024-03-26 | |
| URL | http://i9152.cisele0.com/34S7EHRE0DB8QrFfvijoRMsX632e0GRF8rZ89110 | — | 2024-03-26 | |
| URL | http://i9152.cisele0.com/lbuakdidnqmytlcBiVbomCGYTSPFFZAABOLJGWUCZHXZKPGZOQRAVFAAF?317727838333203306556902opEXJOOmXGJPZNFTJIXPAAFUILTKKRQQEFFSNIABRZNUPXEUOAKDATDS | — | 2024-03-26 | |
| URL | http://i9152.cisele0.com/web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket | — | 2024-03-26 | |
| URL | https://7374.ginvet9.com/ | — | 2024-03-26 | |
| URL | https://blockexplorer.one/bitcoin/mainnet/address/19NReVFKJsYYCCFLq1uNKYrUqQE2bB4Jwx | — | 2024-03-26 | |
| URL | https://i9152.cisele0.com/NOZcbtTxxEiGj/ | — | 2024-03-26 | |
| URL | https://i9152.cisele0.com/NOZcbtTxxEiGj/?r | — | 2024-03-26 | |
| URL | https://i9152.cisele0.com/NOZcbtTxxEiGj/?rr | — | 2024-03-26 | |
| URL | https://i9152.cisele0.com/NOZcbtTxxEiGj/X | — | 2024-03-26 | |
| domain | blockexplorer.one | — | 2024-03-26 | |
| domain | bloggcenter.com | — | 2024-03-26 | |
| domain | codecrafters.su | — | 2024-03-26 | |
| domain | codecrafterspro.com | — | 2024-03-26 | |
| domain | devcraftingsolutions.com | — | 2024-03-26 | |
| domain | tlger-surveillance.com | — | 2024-03-26 | |
| domain | tycoongroup.ws | — | 2024-03-26 | |
| hostname | 0q5e0.nemen9.com | — | 2024-03-26 | |
| hostname | 25rw2.canweal.com | — | 2024-03-26 | |
| hostname | 35fu2.ouchar.ru | — | 2024-03-26 | |
| hostname | 4343w.jgu0.com | — | 2024-03-26 | |
| hostname | 43rw98nop8.m1p8z.com | — | 2024-03-26 | |
| hostname | 4m2swl.7e2r.com | — | 2024-03-26 | |
| hostname | 5me78.methw.ru | — | 2024-03-26 | |
| hostname | 6j312.rchan0.com | — | 2024-03-26 | |
| hostname | 7374.ginvet9.com | — | 2024-03-26 | |
| hostname | 77p3e.rimesh3.com | — | 2024-03-26 | |
| hostname | 8000n.uqin.ru | — | 2024-03-26 | |
| hostname | 8uecv.gnornamb.com | — | 2024-03-26 | |
| hostname | 98q5e.ructin.com | — | 2024-03-26 | |
| hostname | 9c43r.theq0.com | — | 2024-03-26 | |
| hostname | 9oc0y2isa27.demur3.com | — | 2024-03-26 | |
| hostname | beacon.diremsto.com | — | 2024-03-26 | |
| hostname | buneji.fiernmar.com | — | 2024-03-26 | |
| hostname | e85t8.nechsha.com | — | 2024-03-26 | |
| hostname | ex1uo.rhknt.ru | — | 2024-03-26 | |
| hostname | explore.atlester.ru | — | 2024-03-26 | |
| hostname | fiq75d.rexj.ru | — | 2024-03-26 | |
| hostname | fisaca.trodeckh.com | — | 2024-03-26 | |
| hostname | galume.aricente.com | — | 2024-03-26 | |
| hostname | gz238.uatimin.com | — | 2024-03-26 | |
| hostname | horizon.sologerg.com | — | 2024-03-26 | |
| hostname | i9152.cisele0.com | — | 2024-03-26 | |
| hostname | jp1y36.it2ua.com | — | 2024-03-26 | |
| hostname | k348d.venti71.com | — | 2024-03-26 | |
| hostname | kjlvo.ningeona.com | — | 2024-03-26 | |
| hostname | kjsdflwe.nitertym.ru | — | 2024-03-26 | |
| hostname | l846d.ferver8.com | — | 2024-03-26 | |
| hostname | libudi.oreversa.com | — | 2024-03-26 | |
| hostname | n29k4.ilert.ru | — | 2024-03-26 | |
| hostname | n9zph.lw8opi.com | — | 2024-03-26 | |
| hostname | o6t94g.3tdx2r.com | — | 2024-03-26 | |
| hostname | oo99v.coqqwx.ru | — | 2024-03-26 | |
| hostname | p1v12.17nor.com | — | 2024-03-26 | |
| hostname | pmd8ot6xhw.3qjpc.com | — | 2024-03-26 | |
| hostname | q908q.refec7.com | — | 2024-03-26 | |
| hostname | r298y.sem01.com | — | 2024-03-26 | |
| hostname | rlpq.tk9u.com | — | 2024-03-26 | |
| hostname | roriku.orankfix.com | — | 2024-03-26 | |
| hostname | tnyr.moporins.com | — | 2024-03-26 | |
| hostname | wasogo.shantowd.com | — | 2024-03-26 | |
| hostname | x12y.restrice.ru | — | 2024-03-26 | |
| hostname | xrs.chenebystie.com | — | 2024-03-26 | |
| hostname | xva.tjlpkcia.com | — | 2024-03-26 | |
| hostname | zaqaxu.dthiterp.ru | — | 2024-03-26 | |
| hostname | zekal6.tnjxb.com | — | 2024-03-26 | |
| hostname | zemj4f.ymarir.ru | — | 2024-03-26 |