← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
North/Southeast "Toll Road" SMS Phishing Scam Extracted IOCs - Lighthouse Phishing Kit
WHITE euphixey 2025-03-04 Modified: 2025-04-03
6755
IOCs
HIGH VOLUME
Extracted indicators from iMessage/RCS spear-phishing messages using urgent tolling violation messages masquerading as legitimate U.S. state-run toll facilities such as E-ZPass/Sunpass/EZDriveMA. Evasion: Cloudflare tunneling; Checks user-agent header strings for mobile indicators--desktop user-agent redirects to 404.
identifyingphishingezpassscamtolliosspearphishingsmsicloudphishing kitRCSlighthouse phishing kitphishing-as-a-servicesunpassmassdot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (1 / 6755 total)
All CIDR FileHash-MD5 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0463a09b452fb06609941e08316e0bbf 2025-03-04
References (2)
↗ https://krebsonsecurity.com/2025/01/chinese-innovations-spawn-wave-of-toll-phishing-via-sms/ ↗ https://www.ic3.gov/PSA/2024/PSA240412?os=...&ref=app