← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix tactic: The Phantom Meet
WHITE Slavic Nation Empire AlienVault 2024-10-18 Modified: 2024-11-17
172
IOCs
HIGH VOLUME
This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and macOS systems, spreading infostealers like Stealc, Rhadamanthys, and AMOS Stealer. The operation is linked to cybercrime groups 'Slavic Nation Empire' and 'Scamquerteo', sub-teams of larger cryptocurrency scam organizations. The report details the infection chain, infrastructure, and provides insights into the broader malware distribution ecosystem associated with these threat actors.
clickfixweb3social engineeringstealcamos stealerphishingcryptocurrencygoogle meetinfostealerrhadamanthys
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Stealc Rhadamanthys AMOS Stealer
Indicators of Compromise (172)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 51f8527e20dcb05ffd8586b853937a8a 2024-10-18
FileHash-MD5 ba0767946d9cac95fd727d7076c7fec1 2024-10-18
FileHash-MD5 e7959e4089c1993045e01cb9c3cbc6a5 2024-10-18
FileHash-SHA1 31c713eabc90f61b44703a8d30e7ced6e2941f23 2024-10-18
FileHash-SHA256 2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe 2024-10-18
FileHash-SHA256 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138 2024-10-18
FileHash-SHA256 94379fa0a97cc2ecd8d5514d0b46c65b0d46ff9bb8d5a4a29cf55a473da550d5 2024-10-18
FileHash-SHA256 a834be6d2bec10f39019606451b507742b7e87ac8d19dc0643ae58df183f773c 2024-10-18
URL http://77.221.157.170:3004/server.js 2024-10-18
URL http://85.209.11.155/joinsystem 2024-10-18
URL http://95.182.97.58/84b7b6f977dd1c65.php 2024-10-18
URL https://carolinejuskus.com/f9dfbcf6a999/7cc2f5dc3c76/load.51f8527e20dcb05ffd8586b853937a8a.php?call=launcher 2024-10-18
URL https://carolinejuskus.com/kusaka.php?call=launcher 2024-10-18
URL https://googIedrivers.com/fix-error 2024-10-18
URL https://meet.google.com-join.us/wmq-qcdn-orj 2024-10-18
URL https://meet.google.us-join.com/ywk-batf-sfh 2024-10-18
URL https://meet.google.us07host.com/coc-btru-ays 2024-10-18
URL https://meet.google.webjoining.com/exw-jfaj-hpa 2024-10-18
URL https://us18web-zoom.us/ram.exe 2024-10-18
URL https://us18web-zoom.us/stealc.exe 2024-10-18
URL https://webapizmland.com/api/cmdruned 2024-10-18
domain alienmanfc6.com 2024-10-18
domain apunanwu.com 2024-10-18
domain argongame.com 2024-10-18
domain battleforge.cc 2024-10-18
domain battleultimate.xyz 2024-10-18
domain bowerchalke.com 2024-10-18
domain calipsoproject.com 2024-10-18
domain carolinejuskus.com 2024-10-18
domain cautrucanhtuan.com 2024-10-18
domain cozyland.xyz 2024-10-18
domain cozymeta.com 2024-10-18
domain cozymeta.fun 2024-10-18
domain cozymeta.xyz 2024-10-18
domain cozyweb3.com 2024-10-18
domain cozyworld.io 2024-10-18
domain cphoops.com 2024-10-18
domain darkblow.com 2024-10-18
domain dekhke.com 2024-10-18
domain doculuma.com 2024-10-18
domain fatoreader.com 2024-10-18
domain fatoreader.net 2024-10-18
domain gamascript.com 2024-10-18
domain googiedrivers.com 2024-10-18
domain iloanshop.com 2024-10-18
domain kansaskollection.com 2024-10-18
domain lastnuggets.com 2024-10-18
domain lirelasuisse.com 2024-10-18
domain lunacy3.com 2024-10-18
domain lunacy4.com 2024-10-18
domain mdalies.com 2024-10-18
domain mensadvancega.com 2024-10-18
domain mishapagerealty.com 2024-10-18
domain missingfrontier.com 2024-10-18
domain modoodeul.com 2024-10-18
domain mor-dex.world 2024-10-18
domain mordex.blog 2024-10-18
domain mordex.digital 2024-10-18
domain mordex.homes 2024-10-18
domain mybattleforge.xyz 2024-10-18
domain myultimate.xyz 2024-10-18
domain ngtmeta.io 2024-10-18
domain ngtmetaland.io 2024-10-18
domain ngtmetaweb.com 2024-10-18
domain ngtproject.com 2024-10-18
domain ngtstudio.io 2024-10-18
domain ngtstudio.online 2024-10-18
domain ngtverse.org 2024-10-18
domain night-support.xyz 2024-10-18
domain nightpredators.com 2024-10-18
domain nightstudio.io 2024-10-18
domain nightstudioweb.xyz 2024-10-18
domain nor-tex.eu 2024-10-18
domain nor-tex.pro 2024-10-18
domain nor-tex.world 2024-10-18
domain nor-tex.xyz 2024-10-18
domain nort-ex.eu 2024-10-18
domain nort-ex.lol 2024-10-18
domain nort-ex.world 2024-10-18
domain nortex-app.pro 2024-10-18
domain nortex-app.us 2024-10-18
domain nortex-app.xyz 2024-10-18
domain nortex.blog 2024-10-18
domain nortex.digital 2024-10-18
domain nortex.life 2024-10-18
domain nortex.limited 2024-10-18
domain nortex.lol 2024-10-18
domain nortex.uk 2024-10-18
domain nortexapp.com 2024-10-18
domain nortexapp.digital 2024-10-18
domain nortexapp.io 2024-10-18
domain nortexapp.me 2024-10-18
domain nortexapp.pro 2024-10-18
domain nortexapp.xyz 2024-10-18
domain nortexmessenger.blog 2024-10-18
domain nortexmessenger.digital 2024-10-18
domain nortexmessenger.pro 2024-10-18
domain nortexmessenger.us 2024-10-18
domain pakoyayinlari.com 2024-10-18
domain patrickcateman.com 2024-10-18
domain phperl.com 2024-10-18
domain playbattleforge.org 2024-10-18
domain playbattleforge.xyz 2024-10-18
domain playultimate.xyz 2024-10-18
domain projectcalipso.com 2024-10-18
domain riotrevelry.com 2024-10-18
domain sleipnirbrowser.org 2024-10-18
domain sleipnirbrowser.xyz 2024-10-18
domain stonance.com 2024-10-18
domain thecalipsoproject.com 2024-10-18
domain thewatch.com 2024-10-18
domain tooldream.live 2024-10-18
domain ultimategame.xyz 2024-10-18
domain ultimateplay.xyz 2024-10-18
domain us002webzoom.us 2024-10-18
domain us003webzoom.us 2024-10-18
domain us004web-zoom.us 2024-10-18
domain us005web-zoom.us 2024-10-18
domain us006web-zoom.us 2024-10-18
domain us007web-zoom.us 2024-10-18
domain us008web-zoom.us 2024-10-18
domain us01web-zoom.us 2024-10-18
domain us01web.us 2024-10-18
domain us03web-zoom.us 2024-10-18
domain us03web.us 2024-10-18
domain us050web-zoom.us 2024-10-18
domain us055web-zoom.us 2024-10-18
domain us07web-zoom.us 2024-10-18
domain us08web-zoom.us 2024-10-18
domain us08web.us 2024-10-18
domain us09web-zoom.us 2024-10-18
domain us09web.us 2024-10-18
domain us10web-zoom.us 2024-10-18
domain us12web.us 2024-10-18
domain us15web.us 2024-10-18
domain us18web-zoom.us 2024-10-18
domain us20web.us 2024-10-18
domain us30web-zoom.us 2024-10-18
domain us40web-zoom.us 2024-10-18
domain us40web.us 2024-10-18
domain us45web-zoom.us 2024-10-18
domain us4web-zoom.us 2024-10-18
domain us500web-zoom.us 2024-10-18
domain us505web-zoom.us 2024-10-18
domain us50web-zoom.us 2024-10-18
domain us50web.us 2024-10-18
domain us555web-zoom.us 2024-10-18
domain us55web.us 2024-10-18
domain us5web-zoom.us 2024-10-18
domain us60web-zoom.us 2024-10-18
domain us6web-zoom.us 2024-10-18
domain us70web-zoom.us 2024-10-18
domain us77web-zoom.us 2024-10-18
domain us80web-zoom.us 2024-10-18
domain us85web-zoom.us 2024-10-18
domain us95web-zoom.us 2024-10-18
domain utv4fun.com 2024-10-18
domain verdascript.com 2024-10-18
domain veriscroll.com 2024-10-18
domain web05-zoom.us 2024-10-18
domain web3dev.buzz 2024-10-18
domain webapizmland.com 2024-10-18
domain webjoining.com 2024-10-18
domain webroom-zoom.us 2024-10-18
domain worldcozy.com 2024-10-18
hostname meet.googie.com-join.us 2024-10-18
hostname meet.google.cdm-join.us 2024-10-18
hostname meet.google.com-join.us 2024-10-18
hostname meet.google.us-join.com 2024-10-18
hostname meet.google.us07host.com 2024-10-18
hostname meet.google.web-join.com 2024-10-18
hostname meet.google.webjoining.com 2024-10-18
References (1)
↗ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/