← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
WHITE Storm-1575 AlienVault 2024-12-03 Modified: 2024-12-03
36
IOCs
MEDIUM VOLUME
Trustwave SpiderLabs has been monitoring the rise of Phishing-as-a-Service (PaaS) platforms, focusing on a kit named 'Rockstar 2FA' linked to widespread adversary-in-the-middle (AiTM) phishing attacks. The campaign, targeting Microsoft user accounts, employs car-themed web pages and has seen a significant increase since August 2024. Rockstar 2FA, an updated version of the DadSec/Phoenix kit, operates under a PaaS model and offers features like 2FA bypass, cookie harvesting, and antibot protection. The attacks use various email delivery mechanisms and themes to bypass traditional filters, affecting users across multiple sectors and regions.
dadsecmicrosoft 365aitmphishing-as-a-serviceRockstar 2FA
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Rockstar 2FA DadSec Phoenix
Indicators of Compromise (15 / 36 total)
All CVE FileHash-MD5 FileHash-SHA1 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://bytequestixo.pro/wWge/ 2024-12-03
URL http://ctrk.klclick3.com/l/01J5V2NHDC0KB0P8B51Z9PCPZS_0 2024-12-03
URL http://cyberdynalumeo.ru/1RB3Y/ 2024-12-03
URL http://docsecureatt-docdrive-filedoc.pages.dev/ 2024-12-03
URL http://enterbuzztechscener.pl/pbtmx/ 2024-12-03
URL http://googlevoicesecrets.com/EHkslw5/auth/?_kx=lKiN48B6FuEu_OYp2PJPXw.Sdgjsn 2024-12-03
URL http://lifestylesyncteche.pro/Ykiy/ 2024-12-03
URL http://novatechies.cbg.ru/BUeEj/ 2024-12-03
URL http://payment-confirmation-to-your-bank-account-s-dabringhaus-licatec.packinqsystems.de/ 2024-12-03
URL http://pfremiumshirts.store/D91p/ 2024-12-03
URL http://pub-fe581134d7ae4857a97443270a27e0fa.r2.dev/0nedrive.html 2024-12-03
URL http://synthchromal.ru/Vc51/ 2024-12-03
URL http://system23cfb9.link.bmesend.com/api/LinkHandler/getaction2?redirectParam2=K09weU5vMDBKWXFUK0ZPdkw4azdKWHk5QlJsZkNXWXlLMUxiMHdXQU1YK3FFZGFsZG9ZQ2ZqNUdHd3ErZEpLeGpyeVE1U1hmU2xoSy9WemJySVEzQytGajZBVWE4em5jaEpuRHhEa05xOTZOcWxQRVdUN1g2S2ViR3YvZjN1K2dJZk9rQTRVajZmMD0%3d 2024-12-03
URL http://track.senderbulk.com/9164124/c?p=pDvu1IoaZGOuiG9hOsGCPPBXFmtx2_vWwJfaiQBzucIA8v9mjc3ztSyOneYxrKLjPngUzpA11TuGi1aI2aLIylOF1nHcpBoP4YzUvVEMYHtwY1nRlztPcQOoC6S6KSWuNNAgIAVnfapCVCgF1cOjSXtedVH_tWc1vLDH7FDQA0VZbtHORodc9jBuNuHh0DMH7zq9Mo6OMyLjnApzvQ3Kvw== 2024-12-03
URL http://www.curiosolucky.com/dos/ 2024-12-03
References (1)
↗ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa-a-driving-force-in-phishing-as-a-service-paas