← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PoisonSeed Campaign Hijacks CRM Systems to Spread Malicious Crypto Seed Phrases
WHITE Superpro 2025-04-07 Modified: 2025-05-07
45
IOCs
MEDIUM VOLUME
A new malicious campaign, dubbed PoisonSeed, is exploiting stolen credentials from CRM platforms and bulk email services to send spam messages containing fake cryptocurrency seed phrases. The goal is to trick victims into importing these phrases into their digital wallets, allowing attackers to drain their funds.
cryptochameleonpoisonseedwhoissilent pushmarchtroy huntstateakamai sendgridakamaicoinbaseupgradeaprilpushclickback
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
PoisonSeed
Indicators of Compromise (45)
All URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://212.224.88.188/login/ 2025-04-07
domain active-mailgun.com 2025-04-07
domain barefoots-api.com 2025-04-07
domain cloudflare-sendgrid.com 2025-04-07
domain complete-sendgrid.com 2025-04-07
domain connect1-coinbase.com 2025-04-07
domain connect5-coinbase.com 2025-04-07
domain firmware-llive.com 2025-04-07
domain firmware-server12.com 2025-04-07
domain hubservices-crm.com 2025-04-07
domain inquiry-loginp.com 2025-04-07
domain iosjdfsmdkf.com 2025-04-07
domain live-sso.com 2025-04-07
domain mail-chimpservices.com 2025-04-07
domain mailchimp-sso.com 2025-04-07
domain mailchimp-ssologin.com 2025-04-07
domain myaccount-hbspot.com 2025-04-07
domain mysite-clflre.com 2025-04-07
domain mysrver-chbackend.com 2025-04-07
domain myw-cbw.com 2025-04-07
domain mywallet-cbsmartw.com 2025-04-07
domain mywallet-cbsmw.com 2025-04-07
domain mywallet-cbupgrade.com 2025-04-07
domain nikafk244.com 2025-04-07
domain password-proxy-redirect.com 2025-04-07
domain redirect-sso.com 2025-04-07
domain response-crmsg.com 2025-04-07
domain response-loginportal.com 2025-04-07
domain response16-sendgrid.com 2025-04-07
domain response20-sendgrid.com 2025-04-07
domain responseinquiry-tos.com 2025-04-07
domain responsesendgrid.com 2025-04-07
domain review-termsconditions.com 2025-04-07
domain revokecblink.com 2025-04-07
domain rseponse-manageprod.com 2025-04-07
domain rseponse25-sendgrid.com 2025-04-07
domain rseponsequery.com 2025-04-07
domain server12-mchimp.com 2025-04-07
domain server9-hubspot.com 2025-04-07
domain server9-mailgun.com 2025-04-07
domain server9-sendgrid.net 2025-04-07
domain sso-account.com 2025-04-07
domain sso-signon.com 2025-04-07
domain support-zoho.com 2025-04-07
domain swallet-coinbase.com 2025-04-07
References (1)
↗ https://www.silentpush.com/blog/poisonseed/