← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution
WHITE Threat Armature_TIP 2025-02-22 Modified: 2025-03-24
54
IOCs
HIGH VOLUME
A look at the key points of EclecticIQ's 20th Century Threat Intelligence Platform (CTI) research, published in the New York Journal of Intelligence and Research on Thursday, 2023.
onnx storejavascript codeonlineeclecticiqtelegram bottelegrammicrosoftcaffeineonnxcloudflaretycoonransomwarefebruaryservicecodeamerdefenseexamplefindcrackattackthreatcookiestore telegramfigureonnx paasjunebackendcyber espionage
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cookie Store Telegram Cyber Espionage
Indicators of Compromise (54)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0250a5ba26791e7ffddb4b294d486479 MD5 of 432b1b688e21e43d2ccc68e040b3ecac4734b7d1d4356049f9e1297814627cb3 2025-02-22
FileHash-MD5 10d6e16a05965be5bc0059131dc5ae7c MD5 of f99b01620ef174bb48e22e54327ca9cffa4520868f49a41c524b81ab6d935070 2025-02-22
FileHash-MD5 15ef89d1a2aa023ab664e1adcd75cbfd MD5 of 3d58733b646431a60d39394be99ff083d6db3583796b503e8422baebed8d097e 2025-02-22
FileHash-MD5 1932d8238769b203693d1bbb56e541d2 MD5 of 4751234ac4e1b0a5d4685b870de1ea1a7754258977f5d1d9534631c09c748732 2025-02-22
FileHash-MD5 2a0576dc8628b3f27190755d291750e4 MD5 of 52e04c615b08af10b4982506c1cee74cb062116d31f0300ed027f6efd3119b1a 2025-02-22
FileHash-MD5 3f042b126e54b3a57485bf034d31fb39 MD5 of 702008cae9a145741e817e6c6566cd1d79c737d51b718f13a2d16d72a00cd5a7 2025-02-22
FileHash-MD5 6193c137f3b5b0da106b86f74670cf6f MD5 of 51fdaa65511e7c3a8d4d08af59d310a2ad8a18093ca8d3c817147d79a89f44a1 2025-02-22
FileHash-MD5 6980444399f1de17eec169e844d0b30e MD5 of d3b03f79cf1d088d2ed41e25c961e9945533aeabb93eac2d33ebc4b589ba6172 2025-02-22
FileHash-MD5 77e03c77a2bdbc09d5279fa316a35db0 MD5 of 0f5be6f53fe198ca32d82a75339fe832b70d676563ce8b7ca446d1902b926856 2025-02-22
FileHash-MD5 83dac37771e8592e006f671666ebf590 MD5 of 47b12127c3d1d2af24f6d230e8e86a7b0c661b4e70ba3b77a9beca4998a491ea 2025-02-22
FileHash-MD5 d125e7ed32bc2ce320489f5b5cd3ffdc MD5 of 908af49857b6f5d1e0384a5e6fc8ee53ca1df077601843ebdd7fc8a4db8bcb12 2025-02-22
FileHash-SHA1 00610bfd4c015cefdad2149d9f2f3c89f4fe5452 SHA1 of 3d58733b646431a60d39394be99ff083d6db3583796b503e8422baebed8d097e 2025-02-22
FileHash-SHA1 0f13cc4784d4b8123abf3eda514608e96b16e351 SHA1 of 4751234ac4e1b0a5d4685b870de1ea1a7754258977f5d1d9534631c09c748732 2025-02-22
FileHash-SHA1 159648bdb70c0e7510d06295344276e06f94a4f2 SHA1 of 908af49857b6f5d1e0384a5e6fc8ee53ca1df077601843ebdd7fc8a4db8bcb12 2025-02-22
FileHash-SHA1 281e71c639da615d13efd0246c8162bf283a463e SHA1 of 0f5be6f53fe198ca32d82a75339fe832b70d676563ce8b7ca446d1902b926856 2025-02-22
FileHash-SHA1 2e68d5a9ae45af0c1faee31896269a0d9648026b SHA1 of f99b01620ef174bb48e22e54327ca9cffa4520868f49a41c524b81ab6d935070 2025-02-22
FileHash-SHA1 2ed2deeb3cc6917a4065d6921033a886ae52b643 SHA1 of 702008cae9a145741e817e6c6566cd1d79c737d51b718f13a2d16d72a00cd5a7 2025-02-22
FileHash-SHA1 5aabe0b495218f8559b088395c375b27fef6eeb7 SHA1 of 52e04c615b08af10b4982506c1cee74cb062116d31f0300ed027f6efd3119b1a 2025-02-22
FileHash-SHA1 5dfef0d6a7ae77355278706323e71ac96686615b SHA1 of 51fdaa65511e7c3a8d4d08af59d310a2ad8a18093ca8d3c817147d79a89f44a1 2025-02-22
FileHash-SHA1 6b2db1e10fcc74fe864dbe6399b6d26d0d67d3f3 SHA1 of 47b12127c3d1d2af24f6d230e8e86a7b0c661b4e70ba3b77a9beca4998a491ea 2025-02-22
FileHash-SHA1 ccb296c3b6365a0d9706e14b6ba9745cef88c4c3 SHA1 of d3b03f79cf1d088d2ed41e25c961e9945533aeabb93eac2d33ebc4b589ba6172 2025-02-22
FileHash-SHA1 ebcfcc832b957598354d3a2faacacf6fa91b58cb SHA1 of 432b1b688e21e43d2ccc68e040b3ecac4734b7d1d4356049f9e1297814627cb3 2025-02-22
FileHash-SHA256 0f5be6f53fe198ca32d82a75339fe832b70d676563ce8b7ca446d1902b926856 2025-02-22
FileHash-SHA256 3d58733b646431a60d39394be99ff083d6db3583796b503e8422baebed8d097e 2025-02-22
FileHash-SHA256 432b1b688e21e43d2ccc68e040b3ecac4734b7d1d4356049f9e1297814627cb3 2025-02-22
FileHash-SHA256 4751234ac4e1b0a5d4685b870de1ea1a7754258977f5d1d9534631c09c748732 2025-02-22
FileHash-SHA256 47b12127c3d1d2af24f6d230e8e86a7b0c661b4e70ba3b77a9beca4998a491ea 2025-02-22
FileHash-SHA256 51fdaa65511e7c3a8d4d08af59d310a2ad8a18093ca8d3c817147d79a89f44a1 2025-02-22
FileHash-SHA256 52e04c615b08af10b4982506c1cee74cb062116d31f0300ed027f6efd3119b1a 2025-02-22
FileHash-SHA256 702008cae9a145741e817e6c6566cd1d79c737d51b718f13a2d16d72a00cd5a7 2025-02-22
FileHash-SHA256 908af49857b6f5d1e0384a5e6fc8ee53ca1df077601843ebdd7fc8a4db8bcb12 2025-02-22
FileHash-SHA256 d3b03f79cf1d088d2ed41e25c961e9945533aeabb93eac2d33ebc4b589ba6172 2025-02-22
FileHash-SHA256 f99b01620ef174bb48e22e54327ca9cffa4520868f49a41c524b81ab6d935070 2025-02-22
URL https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/ 2025-02-22
URL https://crax.tube/@caffeinestore 2025-02-22
YARA 5cd87bfaa2d201efedd5efcd3e4709fdffc6a103 Searches for default ONNX Store API error 2025-02-22
domain authmicronlineonfication.com 2025-02-22
domain crax.tube 2025-02-22
domain httbin.org 2025-02-22
domain stream-verify-login.com 2025-02-22
domain verify-office-outlook.com 2025-02-22
hostname 473.kernam.com 2025-02-22
hostname 56789iugtfrd5t69i9ei9die9di9eidy7u889.rhiltons.com 2025-02-22
hostname agchoice.us-hindus.com 2025-02-22
hostname blog.sekoia.io 2025-02-22
hostname bsifinancial019.ssllst.cloud 2025-02-22
hostname docusign.multiparteurope.com 2025-02-22
hostname v744.r9gh2.com 2025-02-22
hostname zaq.gletber.com 2025-02-22
URL https://cti.eclecticiq.com/taxii/discovery. 2025-02-22
YARA 35b12baa6ce0490267924ccf063c8bb8f9f3ae4c Detects potentially malicious PDFs based on structural patterns 2025-02-22
YARA 708945061b1d33293f8e248c7866d07bd22bd25a Searches for default ONNX Store API error 2025-02-22
email research@eclecticiq.com 2025-02-22
hostname cti.eclecticiq.com 2025-02-22
References (1)
↗ https://blog.eclecticiq.com/onnx-store-targeting-financial-institution