← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix tactic: The Phantom Meet
WHITE Slavic Nation Empire AlienVault 2024-10-18 Modified: 2024-11-17
172
IOCs
HIGH VOLUME
This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and macOS systems, spreading infostealers like Stealc, Rhadamanthys, and AMOS Stealer. The operation is linked to cybercrime groups 'Slavic Nation Empire' and 'Scamquerteo', sub-teams of larger cryptocurrency scam organizations. The report details the infection chain, infrastructure, and provides insights into the broader malware distribution ecosystem associated with these threat actors.
clickfixweb3social engineeringstealcamos stealerphishingcryptocurrencygoogle meetinfostealerrhadamanthys
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Stealc Rhadamanthys AMOS Stealer
Indicators of Compromise (144 / 172 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain alienmanfc6.com 2024-10-18
domain apunanwu.com 2024-10-18
domain argongame.com 2024-10-18
domain battleforge.cc 2024-10-18
domain battleultimate.xyz 2024-10-18
domain bowerchalke.com 2024-10-18
domain calipsoproject.com 2024-10-18
domain carolinejuskus.com 2024-10-18
domain cautrucanhtuan.com 2024-10-18
domain cozyland.xyz 2024-10-18
domain cozymeta.com 2024-10-18
domain cozymeta.fun 2024-10-18
domain cozymeta.xyz 2024-10-18
domain cozyweb3.com 2024-10-18
domain cozyworld.io 2024-10-18
domain cphoops.com 2024-10-18
domain darkblow.com 2024-10-18
domain dekhke.com 2024-10-18
domain doculuma.com 2024-10-18
domain fatoreader.com 2024-10-18
domain fatoreader.net 2024-10-18
domain gamascript.com 2024-10-18
domain googiedrivers.com 2024-10-18
domain iloanshop.com 2024-10-18
domain kansaskollection.com 2024-10-18
domain lastnuggets.com 2024-10-18
domain lirelasuisse.com 2024-10-18
domain lunacy3.com 2024-10-18
domain lunacy4.com 2024-10-18
domain mdalies.com 2024-10-18
domain mensadvancega.com 2024-10-18
domain mishapagerealty.com 2024-10-18
domain missingfrontier.com 2024-10-18
domain modoodeul.com 2024-10-18
domain mor-dex.world 2024-10-18
domain mordex.blog 2024-10-18
domain mordex.digital 2024-10-18
domain mordex.homes 2024-10-18
domain mybattleforge.xyz 2024-10-18
domain myultimate.xyz 2024-10-18
domain ngtmeta.io 2024-10-18
domain ngtmetaland.io 2024-10-18
domain ngtmetaweb.com 2024-10-18
domain ngtproject.com 2024-10-18
domain ngtstudio.io 2024-10-18
domain ngtstudio.online 2024-10-18
domain ngtverse.org 2024-10-18
domain night-support.xyz 2024-10-18
domain nightpredators.com 2024-10-18
domain nightstudio.io 2024-10-18
domain nightstudioweb.xyz 2024-10-18
domain nor-tex.eu 2024-10-18
domain nor-tex.pro 2024-10-18
domain nor-tex.world 2024-10-18
domain nor-tex.xyz 2024-10-18
domain nort-ex.eu 2024-10-18
domain nort-ex.lol 2024-10-18
domain nort-ex.world 2024-10-18
domain nortex-app.pro 2024-10-18
domain nortex-app.us 2024-10-18
domain nortex-app.xyz 2024-10-18
domain nortex.blog 2024-10-18
domain nortex.digital 2024-10-18
domain nortex.life 2024-10-18
domain nortex.limited 2024-10-18
domain nortex.lol 2024-10-18
domain nortex.uk 2024-10-18
domain nortexapp.com 2024-10-18
domain nortexapp.digital 2024-10-18
domain nortexapp.io 2024-10-18
domain nortexapp.me 2024-10-18
domain nortexapp.pro 2024-10-18
domain nortexapp.xyz 2024-10-18
domain nortexmessenger.blog 2024-10-18
domain nortexmessenger.digital 2024-10-18
domain nortexmessenger.pro 2024-10-18
domain nortexmessenger.us 2024-10-18
domain pakoyayinlari.com 2024-10-18
domain patrickcateman.com 2024-10-18
domain phperl.com 2024-10-18
domain playbattleforge.org 2024-10-18
domain playbattleforge.xyz 2024-10-18
domain playultimate.xyz 2024-10-18
domain projectcalipso.com 2024-10-18
domain riotrevelry.com 2024-10-18
domain sleipnirbrowser.org 2024-10-18
domain sleipnirbrowser.xyz 2024-10-18
domain stonance.com 2024-10-18
domain thecalipsoproject.com 2024-10-18
domain thewatch.com 2024-10-18
domain tooldream.live 2024-10-18
domain ultimategame.xyz 2024-10-18
domain ultimateplay.xyz 2024-10-18
domain us002webzoom.us 2024-10-18
domain us003webzoom.us 2024-10-18
domain us004web-zoom.us 2024-10-18
domain us005web-zoom.us 2024-10-18
domain us006web-zoom.us 2024-10-18
domain us007web-zoom.us 2024-10-18
domain us008web-zoom.us 2024-10-18
domain us01web-zoom.us 2024-10-18
domain us01web.us 2024-10-18
domain us03web-zoom.us 2024-10-18
domain us03web.us 2024-10-18
domain us050web-zoom.us 2024-10-18
domain us055web-zoom.us 2024-10-18
domain us07web-zoom.us 2024-10-18
domain us08web-zoom.us 2024-10-18
domain us08web.us 2024-10-18
domain us09web-zoom.us 2024-10-18
domain us09web.us 2024-10-18
domain us10web-zoom.us 2024-10-18
domain us12web.us 2024-10-18
domain us15web.us 2024-10-18
domain us18web-zoom.us 2024-10-18
domain us20web.us 2024-10-18
domain us30web-zoom.us 2024-10-18
domain us40web-zoom.us 2024-10-18
domain us40web.us 2024-10-18
domain us45web-zoom.us 2024-10-18
domain us4web-zoom.us 2024-10-18
domain us500web-zoom.us 2024-10-18
domain us505web-zoom.us 2024-10-18
domain us50web-zoom.us 2024-10-18
domain us50web.us 2024-10-18
domain us555web-zoom.us 2024-10-18
domain us55web.us 2024-10-18
domain us5web-zoom.us 2024-10-18
domain us60web-zoom.us 2024-10-18
domain us6web-zoom.us 2024-10-18
domain us70web-zoom.us 2024-10-18
domain us77web-zoom.us 2024-10-18
domain us80web-zoom.us 2024-10-18
domain us85web-zoom.us 2024-10-18
domain us95web-zoom.us 2024-10-18
domain utv4fun.com 2024-10-18
domain verdascript.com 2024-10-18
domain veriscroll.com 2024-10-18
domain web05-zoom.us 2024-10-18
domain web3dev.buzz 2024-10-18
domain webapizmland.com 2024-10-18
domain webjoining.com 2024-10-18
domain webroom-zoom.us 2024-10-18
domain worldcozy.com 2024-10-18
References (1)
↗ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/