← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evolution of Tycoon 2FA Defense Evasion Mechanisms
WHITE Saad Tycoon PetrP.73 2025-06-17 Modified: 2025-06-17
81
IOCs
HIGH VOLUME
The evolution of cybercriminals’s tactics for bypassing two-factor authentication (2FA) is revealed in a study by security researchers at the Institute for Strategic Studies (ISS).
tycoonstagemechanismaprilredirectattack detectedctrlpagecaptchapost requestshiftmetagenerictelegramaugustfindfalsemodelerrorstagesdatemanipulationinvisiblesaad tycoonencrypted
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Encrypted
Indicators of Compromise (81)
All FileHash-MD5 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 e0d37a504604ef874bad26435d62011f 2025-06-17
URL https://stellarnetwork.sucileton.com/EQn1RAKa/ 2025-06-17
domain deobfuscate.io 2025-06-17
domain location.search 2025-06-17
domain obfuscate.io 2025-06-17
hostname stellarnetwork.sucileton.com 2025-06-17
domain sucileton.com 2025-06-17
URL https://stellarnetwork.sucileton.com/34xdw8PBxy6XD6713 2025-06-17
URL https://stellarnetwork.sucileton.com/EQn1RAKa 2025-06-17
URL https://stellarnetwork.sucileton.com/eqn1raka/ 2025-06-17
URL https://stellarnetwork.sucileton.com/hdYChzlF8NDyL0mfez91q3kibS7yyomnQOpysLzEavnCzdTq0R6fa9y 2025-06-17
hostname api.deobfuscate.io 2025-06-17
hostname landing.deobfuscate.io 2025-06-17
hostname obf-io.deobfuscate.io 2025-06-17
URL http://api.deobfuscate.io 2025-06-17
URL http://api.deobfuscate.io/ 2025-06-17
URL http://landing.deobfuscate.io 2025-06-17
URL http://landing.deobfuscate.io/ 2025-06-17
URL http://obf-io.deobfuscate.io 2025-06-17
URL https://api.deobfuscate.io 2025-06-17
URL https://api.deobfuscate.io/ 2025-06-17
URL https://landing.deobfuscate.io 2025-06-17
URL https://obf-io.deobfuscate.io 2025-06-17
URL https://obf-io.deobfuscate.io/ 2025-06-17
hostname a.config.win.location.search 2025-06-17
hostname b.location.search 2025-06-17
hostname de.location.search 2025-06-17
hostname f.location.search 2025-06-17
hostname h.location.search 2025-06-17
hostname i.location.search 2025-06-17
hostname k.location.search 2025-06-17
hostname n.location.search 2025-06-17
hostname o.location.search 2025-06-17
hostname outer.location.search 2025-06-17
hostname r.location.search 2025-06-17
hostname self.location.search 2025-06-17
hostname t.location.search 2025-06-17
hostname this.aa.location.search 2025-06-17
hostname this.location.search 2025-06-17
hostname this.props.location.search 2025-06-17
hostname top.location.search 2025-06-17
hostname w.location.search 2025-06-17
hostname window.document.location.search 2025-06-17
hostname ze.location.search 2025-06-17
URL http://b.location.search/ 2025-06-17
URL http://de.location.search 2025-06-17
URL http://de.location.search/ 2025-06-17
URL http://h.location.search/ 2025-06-17
URL http://k.location.search 2025-06-17
URL http://k.location.search/ 2025-06-17
URL http://n.location.search/ 2025-06-17
URL http://outer.location.search/ 2025-06-17
URL http://t.location.search/ 2025-06-17
URL http://top.location.search/ 2025-06-17
URL https://de.location.search 2025-06-17
URL https://de.location.search/ 2025-06-17
URL https://document.location.search/ 2025-06-17
URL https://e.location.search/ 2025-06-17
URL https://i.location.search/ 2025-06-17
URL https://k.location.search 2025-06-17
URL https://k.location.search/ 2025-06-17
URL https://n.location.search/ 2025-06-17
URL https://this.aa.location.search/ 2025-06-17
URL https://window.location.search/ 2025-06-17
hostname mfamandatorysetupnoreplymicrosoft.sucileton.com 2025-06-17
URL http://adswu.sucileton.com/ 2025-06-17
URL http://mfamandatorysetupnoreplymicrosoft.sucileton.com 2025-06-17
URL http://mfamandatorysetupnoreplymicrosoft.sucileton.com/ 2025-06-17
URL http://stellarnetwork.sucileton.com 2025-06-17
URL http://stellarnetwork.sucileton.com/ 2025-06-17
URL http://wqd.sucileton.com/ 2025-06-17
URL https://adswu.sucileton.com/ 2025-06-17
URL https://adswu.sucileton.com/eqn1raka/ 2025-06-17
URL https://mfamandatorysetupnoreplymicrosoft.sucileton.com 2025-06-17
URL https://mfamandatorysetupnoreplymicrosoft.sucileton.com/ 2025-06-17
URL https://mfamandatorysetupnoreplymicrosoft.sucileton.com/EQn1RAKa 2025-06-17
URL https://mfamandatorysetupnoreplymicrosoft.sucileton.com/EQn1RAKa/ 2025-06-17
URL https://steelarnetwork.sucileton.com/EQn1RAKa/ 2025-06-17
URL https://stellarnetwork.sucileton.com 2025-06-17
URL https://stellarnetwork.sucileton.com/ 2025-06-17
URL https://wqd.sucileton.com/ 2025-06-17
References (2)
↗ https://any.run/cybersecurity-blog/tycoon2fa-evasion-analysis/ ↗ https://socradar.io/tycoon-2fa-an-evolving-phishing-kit-phaas-threats/