Pulse Detail — Threat Intelligence

PULSE NAME

ClickFix tactic: The Phantom Meet - Sekoia.io Blog

WHITE Marko Polo CyberHunter_NL 2024-10-21 Modified: 2024-11-20

181

IOCs

HIGH VOLUME

A new social engineering tactic used by cybercrime groups to spread malware has been identified by researchers at Sekoia Research, a leading security firm, in a report published in the journal Security Research.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1056 T1566 T1036 T1123 T1218 T1102 T1125 T1496

MALWARE FAMILIES

Matanbuchus NetSupport Lumma Stealc ClickFix AMOS

Indicators of Compromise (181)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0ba52a085647724ae6b56e29bab4af6e	MD5 of a834be6d2bec10f39019606451b507742b7e87ac8d19dc0643ae58df183f773c	2024-10-21
FileHash-MD5	51f8527e20dcb05ffd8586b853937a8a	—	2024-10-21
FileHash-MD5	6bee9adb58a318a61a3af447b31c7f3e	MD5 of 94379fa0a97cc2ecd8d5514d0b46c65b0d46ff9bb8d5a4a29cf55a473da550d5	2024-10-21
FileHash-MD5	acfba6ff2e80e0ebc80df9e7d326337c	MD5 of 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138	2024-10-21
FileHash-MD5	ba0767946d9cac95fd727d7076c7fec1	MD5 of 2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe	2024-10-21
FileHash-MD5	e7959e4089c1993045e01cb9c3cbc6a5	—	2024-10-21
FileHash-SHA1	1ee26f6cb803f456ba019ebae8eb818f0e48a962	SHA1 of a834be6d2bec10f39019606451b507742b7e87ac8d19dc0643ae58df183f773c	2024-10-21
FileHash-SHA1	31c713eabc90f61b44703a8d30e7ced6e2941f23	SHA1 of 2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe	2024-10-21
FileHash-SHA1	bc6587212e27111770ec0e61b735c7b527186c1b	SHA1 of 94379fa0a97cc2ecd8d5514d0b46c65b0d46ff9bb8d5a4a29cf55a473da550d5	2024-10-21
FileHash-SHA1	fe28d5756815fdac31a744a2f11c075f5b1892bc	SHA1 of 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138	2024-10-21
FileHash-SHA256	2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe	—	2024-10-21
FileHash-SHA256	92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138	—	2024-10-21
FileHash-SHA256	94379fa0a97cc2ecd8d5514d0b46c65b0d46ff9bb8d5a4a29cf55a473da550d5	—	2024-10-21
FileHash-SHA256	a834be6d2bec10f39019606451b507742b7e87ac8d19dc0643ae58df183f773c	—	2024-10-21
URL	http://77.221.157.170:3004/server.js	—	2024-10-21
URL	http://85.209.11.155/joinsystem	—	2024-10-21
URL	http://95.182.97.58/84b7b6f977dd1c65.php	—	2024-10-21
URL	https://carolinejuskus.com/f9dfbcf6a999/7cc2f5dc3c76/load.51f8527e20dcb05ffd8586b853937a8a.php?call=launcher	—	2024-10-21
URL	https://carolinejuskus.com/kusaka.php?call=launcher	—	2024-10-21
URL	https://googIedrivers.com/fix-error	—	2024-10-21
URL	https://meet.google.com-join.us/wmq-qcdn-orj	—	2024-10-21
URL	https://meet.google.us-join.com/ywk-batf-sfh	—	2024-10-21
URL	https://meet.google.us07host.com/coc-btru-ays	—	2024-10-21
URL	https://meet.google.webjoining.com/exw-jfaj-hpa	—	2024-10-21
URL	https://us18web-zoom.us/ram.exe	—	2024-10-21
URL	https://us18web-zoom.us/stealc.exe	—	2024-10-21
URL	https://webapizmland.com/api/cmdruned	—	2024-10-21
domain	alienmanfc6.com	—	2024-10-21
domain	apunanwu.com	—	2024-10-21
domain	argongame.com	—	2024-10-21
domain	battleforge.cc	—	2024-10-21
domain	battleultimate.xyz	—	2024-10-21
domain	bowerchalke.com	—	2024-10-21
domain	calipsoproject.com	—	2024-10-21
domain	carolinejuskus.com	—	2024-10-21
domain	cautrucanhtuan.com	—	2024-10-21
domain	cozyland.xyz	—	2024-10-21
domain	cozymeta.com	—	2024-10-21
domain	cozymeta.fun	—	2024-10-21
domain	cozymeta.xyz	—	2024-10-21
domain	cozyweb3.com	—	2024-10-21
domain	cozyworld.io	—	2024-10-21
domain	cphoops.com	—	2024-10-21
domain	darkblow.com	—	2024-10-21
domain	dekhke.com	—	2024-10-21
domain	doculuma.com	—	2024-10-21
domain	fatoreader.com	—	2024-10-21
domain	fatoreader.net	—	2024-10-21
domain	gamascript.com	—	2024-10-21
domain	googiedrivers.com	—	2024-10-21
domain	iloanshop.com	—	2024-10-21
domain	kansaskollection.com	—	2024-10-21
domain	lastnuggets.com	—	2024-10-21
domain	lirelasuisse.com	—	2024-10-21
domain	lunacy3.com	—	2024-10-21
domain	lunacy4.com	—	2024-10-21
domain	mdalies.com	—	2024-10-21
domain	mensadvancega.com	—	2024-10-21
domain	mishapagerealty.com	—	2024-10-21
domain	missingfrontier.com	—	2024-10-21
domain	modoodeul.com	—	2024-10-21
domain	mor-dex.world	—	2024-10-21
domain	mordex.blog	—	2024-10-21
domain	mordex.digital	—	2024-10-21
domain	mordex.homes	—	2024-10-21
domain	mybattleforge.xyz	—	2024-10-21
domain	myultimate.xyz	—	2024-10-21
domain	ngtmeta.io	—	2024-10-21
domain	ngtmetaland.io	—	2024-10-21
domain	ngtmetaweb.com	—	2024-10-21
domain	ngtproject.com	—	2024-10-21
domain	ngtstudio.io	—	2024-10-21
domain	ngtstudio.online	—	2024-10-21
domain	ngtverse.org	—	2024-10-21
domain	night-support.xyz	—	2024-10-21
domain	nightpredators.com	—	2024-10-21
domain	nightstudio.io	—	2024-10-21
domain	nightstudioweb.xyz	—	2024-10-21
domain	nor-tex.eu	—	2024-10-21
domain	nor-tex.pro	—	2024-10-21
domain	nor-tex.world	—	2024-10-21
domain	nor-tex.xyz	—	2024-10-21
domain	nort-ex.eu	—	2024-10-21
domain	nort-ex.lol	—	2024-10-21
domain	nort-ex.world	—	2024-10-21
domain	nortex-app.pro	—	2024-10-21
domain	nortex-app.us	—	2024-10-21
domain	nortex-app.xyz	—	2024-10-21
domain	nortex.blog	—	2024-10-21
domain	nortex.digital	—	2024-10-21
domain	nortex.life	—	2024-10-21
domain	nortex.limited	—	2024-10-21
domain	nortex.lol	—	2024-10-21
domain	nortex.uk	—	2024-10-21
domain	nortexapp.com	—	2024-10-21
domain	nortexapp.digital	—	2024-10-21
domain	nortexapp.io	—	2024-10-21
domain	nortexapp.me	—	2024-10-21
domain	nortexapp.pro	—	2024-10-21
domain	nortexapp.xyz	—	2024-10-21
domain	nortexmessenger.blog	—	2024-10-21
domain	nortexmessenger.digital	—	2024-10-21
domain	nortexmessenger.pro	—	2024-10-21
domain	nortexmessenger.us	—	2024-10-21
domain	pabloarruda.com	—	2024-10-21
domain	pakoyayinlari.com	—	2024-10-21
domain	patrickcateman.com	—	2024-10-21
domain	phperl.com	—	2024-10-21
domain	playbattleforge.org	—	2024-10-21
domain	playbattleforge.xyz	—	2024-10-21
domain	playultimate.xyz	—	2024-10-21
domain	projectcalipso.com	—	2024-10-21
domain	riotrevelry.com	—	2024-10-21
domain	sleipnirbrowser.org	—	2024-10-21
domain	sleipnirbrowser.xyz	—	2024-10-21
domain	stonance.com	—	2024-10-21
domain	thecalipsoproject.com	—	2024-10-21
domain	thewatch.com	—	2024-10-21
domain	tooldream.live	—	2024-10-21
domain	ultimategame.xyz	—	2024-10-21
domain	ultimateplay.xyz	—	2024-10-21
domain	us002webzoom.us	—	2024-10-21
domain	us003webzoom.us	—	2024-10-21
domain	us004web-zoom.us	—	2024-10-21
domain	us005web-zoom.us	—	2024-10-21
domain	us006web-zoom.us	—	2024-10-21
domain	us007web-zoom.us	—	2024-10-21
domain	us008web-zoom.us	—	2024-10-21
domain	us01web-zoom.us	—	2024-10-21
domain	us01web.us	—	2024-10-21
domain	us03web-zoom.us	—	2024-10-21
domain	us03web.us	—	2024-10-21
domain	us050web-zoom.us	—	2024-10-21
domain	us055web-zoom.us	—	2024-10-21
domain	us07web-zoom.us	—	2024-10-21
domain	us08web-zoom.us	—	2024-10-21
domain	us08web.us	—	2024-10-21
domain	us09web-zoom.us	—	2024-10-21
domain	us09web.us	—	2024-10-21
domain	us10web-zoom.us	—	2024-10-21
domain	us12web.us	—	2024-10-21
domain	us15web.us	—	2024-10-21
domain	us18web-zoom.us	—	2024-10-21
domain	us20web.us	—	2024-10-21
domain	us30web-zoom.us	—	2024-10-21
domain	us40web-zoom.us	—	2024-10-21
domain	us40web.us	—	2024-10-21
domain	us45web-zoom.us	—	2024-10-21
domain	us4web-zoom.us	—	2024-10-21
domain	us500web-zoom.us	—	2024-10-21
domain	us505web-zoom.us	—	2024-10-21
domain	us50web-zoom.us	—	2024-10-21
domain	us50web.us	—	2024-10-21
domain	us555web-zoom.us	—	2024-10-21
domain	us55web.us	—	2024-10-21
domain	us5web-zoom.us	—	2024-10-21
domain	us60web-zoom.us	—	2024-10-21
domain	us6web-zoom.us	—	2024-10-21
domain	us70web-zoom.us	—	2024-10-21
domain	us77web-zoom.us	—	2024-10-21
domain	us80web-zoom.us	—	2024-10-21
domain	us85web-zoom.us	—	2024-10-21
domain	us95web-zoom.us	—	2024-10-21
domain	utv4fun.com	—	2024-10-21
domain	verdascript.com	—	2024-10-21
domain	veriscroll.com	—	2024-10-21
domain	web05-zoom.us	—	2024-10-21
domain	web3dev.buzz	—	2024-10-21
domain	webapizmland.com	—	2024-10-21
domain	webjoining.com	—	2024-10-21
domain	webroom-zoom.us	—	2024-10-21
domain	worldcozy.com	—	2024-10-21
hostname	meet.googie.com-join.us	—	2024-10-21
hostname	meet.google.cdm-join.us	—	2024-10-21
hostname	meet.google.com-join.us	—	2024-10-21
hostname	meet.google.us-join.com	—	2024-10-21
hostname	meet.google.us07host.com	—	2024-10-21
hostname	meet.google.web-join.com	—	2024-10-21
hostname	meet.google.webjoining.com	—	2024-10-21
URL	http://91.103.140.200:9078/3936a074a2f65761a5eb8/6fmfpmi7.fwf4p	—	2024-10-21
URL	https://gist.github.com/qbourgue/e7959e4089c1993045e01cb9c3cbc6a5	—	2024-10-21

References (1)

↗ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/