← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BlueNoroff Group cryptoaffair: "ghost" investments and bogus job offers
WHITE BlueNoroff PetrP.73 2025-11-12 Modified: 2025-12-12
188
IOCs
HIGH VOLUME
The BlueNoroff Group, known by various aliases including APT38 and TA444, has been actively targeting blockchain developers and Web3 executives through its operational campaigns, notably SnatchCrypto. A significant part of this operation involves the GhostCall and GhostHire campaigns, which exploit social engineering tactics. The GhostCall campaign, operational since mid-2023, employs deceptive video conferencing to recruit victims. Attackers masquerade as venture capitalists via platforms like Telegram, using compromised accounts of legitimate entrepreneurs. They initiate contact with potential targets and arrange meetings through spoofed Zoom links or direct messages, utilizing disguised phishing URLs. The attackers leverage multi-stage execution chains; the infection typically begins with the DownTroy malware, which downloads various self-contained executables, including keyloggers and data stealers like CosmicDoor and RooTroy.
apple macosaptbluenoroffchatgptgithublinuxmicrosoft windowstelegramwindowsapplescriptzoomcosmicdoordowntroyrootroygillyinjectorbase64macosrustpythonswiftpowershellpathmachosapphiredownexecexodustargetagentinstallerdittoeffectinstallpremiumzerokonnithemidalsassexodus web3lazarushuntressnimc httpsgoogie llcteamsclutchmicrosoft teamsdowntroy v1safariupdate
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (188)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://flashserve.store/update 2025-11-12
FileHash-MD5 00dd47af3db45548d2722fe8a4489508 2025-11-12
FileHash-MD5 01d3ed1c228f09d8e56bfbc5f5622a6c 2025-11-12
FileHash-MD5 0af11f610da1f691e43173d44643283f 2025-11-12
FileHash-MD5 0ca37675d75af0e7def0025cd564d6c5 2025-11-12
FileHash-MD5 10cd1ef394bc2a2d8d8f2558b73ac7b8 2025-11-12
FileHash-MD5 1243968876262c3ad4250e1371447b23 2025-11-12
FileHash-MD5 1653d75d579872fadec1f22cf7fee3c0 2025-11-12
FileHash-MD5 17baae144d383e4dc32f1bf69700e587 2025-11-12
FileHash-MD5 19a7e16332a6860b65e6944f1f3c5001 2025-11-12
FileHash-MD5 1ee10fa01587cec51f455ceec779a160 2025-11-12
FileHash-MD5 261a409946b6b4d9ce706242a76134e3 2025-11-12
FileHash-MD5 2b499eb3865a7ef17264d15252b7f73e 2025-11-12
FileHash-MD5 2c42253ebf9a743814b9b16a89522bef 2025-11-12
FileHash-MD5 31b88dd319af8e4b8a96fc9732ebc708 2025-11-12
FileHash-MD5 358c2969041c8be74ce478edb2ffcd19 2025-11-12
FileHash-MD5 389447013870120775556bb4519dba97 2025-11-12
FileHash-MD5 38c8d80dd32d00e9c9440a498f7dd739 2025-11-12
FileHash-MD5 3bbe4dfe3134c8a7928d10c948e20bee 2025-11-12
FileHash-MD5 50f341b24cb75f37d042d1e5f9e3e5aa 2025-11-12
FileHash-MD5 529fe6eff1cf452680976087e2250c02 2025-11-12
FileHash-MD5 5ad40a5fd18a1b57b69c44bc2963dc6b 2025-11-12
FileHash-MD5 5cb4f0084f3c25e640952753ed5b25d0 2025-11-12
FileHash-MD5 60bfe4f378e9f5a84183ac505a032228 2025-11-12
FileHash-MD5 6348b49f3499d760797247b94385fda3 2025-11-12
FileHash-MD5 6422795a6df10c45c1006f92d686ee7e 2025-11-12
FileHash-MD5 6aa93664b4852cb5bad84ba1a187f645 2025-11-12
FileHash-MD5 7168ce5c6e5545a5b389db09c90038da 2025-11-12
FileHash-MD5 73d26eb56e5a3426884733c104c3f625 2025-11-12
FileHash-MD5 7581854ff6c890684823f3aed03c210f 2025-11-12
FileHash-MD5 76ace3a6892c25512b17ed42ac2ebd05 2025-11-12
FileHash-MD5 7e50c3f301dd045eb189ba1644ded155 2025-11-12
FileHash-MD5 7f94ed2d5f566c12de5ebe4b5e3d8aa3 2025-11-12
FileHash-MD5 8006efb8dd703073197e5a27682b35bf 2025-11-12
FileHash-MD5 8f8942cd14f646f59729f83cbd4c357b 2025-11-12
FileHash-MD5 931cec3c80c78d233e3602a042a2e71b 2025-11-12
FileHash-MD5 9551b4af789b2db563f9452eaf46b6aa 2025-11-12
FileHash-MD5 963f473f1734d8b3fbb8c9a227c06d07 2025-11-12
FileHash-MD5 a070b77c5028d7a5d2895f1c9d35016f 2025-11-12
FileHash-MD5 a0eb7e480752d494709c63aa35ccf36c 2025-11-12
FileHash-MD5 a26f2b97ca4e2b4b5d58933900f02131 2025-11-12
FileHash-MD5 a6ce961f487b4cbdfe68d0a249647c48 2025-11-12
FileHash-MD5 ab1e8693931f8c694247d96cf5a85197 2025-11-12
FileHash-MD5 b2e9a6412fd7c068a5d7c38d0afd946f 2025-11-12
FileHash-MD5 b567bfdaac131a2d8a23ad8fd450a31d 2025-11-12
FileHash-MD5 c42c7a2ea1c2f00dddb0cc4c8bfb5bcf 2025-11-12
FileHash-MD5 c446682f33641cff21083ac2ce477dbe 2025-11-12
FileHash-MD5 c6f0c8d41b9ad4f079161548d2435d80 2025-11-12
FileHash-MD5 d63805e89053716b6ab93ce6decf8450 2025-11-12
FileHash-MD5 d8529855fab4b4aa6c2b34449cb3b9fb 2025-11-12
FileHash-MD5 de93e85199240de761a8ba0a56f0088d 2025-11-12
FileHash-MD5 e33f942cf1479ca8530a916868bad954 2025-11-12
FileHash-MD5 e8680d17fba6425e4a9bb552fb8db2b1 2025-11-12
FileHash-MD5 e9fdd703e60b31eb803b1b59985cabec 2025-11-12
FileHash-MD5 eda0525c078f5a216a977bc64e86160a 2025-11-12
FileHash-MD5 f1bad0efbd3bd5a4202fe740756f977a 2025-11-12
FileHash-MD5 f1d2af27b13cd3424556b18dfd3cf83f 2025-11-12
FileHash-MD5 f8bb2528bf35f8c11fbc4369e68c4038 2025-11-12
FileHash-SHA1 023a15ac687e2d2e187d03e9976a89ef5f6c1617 SHA1 of e33f942cf1479ca8530a916868bad954 2025-11-12
FileHash-SHA1 0602a5b8f089f957eeda51f81ac0f9ad4e336b87 SHA1 of eda0525c078f5a216a977bc64e86160a 2025-11-12
FileHash-SHA1 06566eabf54caafe36ebe94430d392b9cf3426ba SHA1 of ab1e8693931f8c694247d96cf5a85197 2025-11-12
FileHash-SHA1 1269e7279b701777a660c7fa982f480cd1ffa43b SHA1 of 1653d75d579872fadec1f22cf7fee3c0 2025-11-12
FileHash-SHA1 132b79aa68b0843f1166ed46c0b5363d04951475 SHA1 of 8006efb8dd703073197e5a27682b35bf 2025-11-12
FileHash-SHA1 177ddf491fb66c87f17570b50890e0c0fbcafc21 SHA1 of a26f2b97ca4e2b4b5d58933900f02131 2025-11-12
FileHash-SHA1 1793c038d3ec1986a767b15379a8b218c64c7df2 SHA1 of c42c7a2ea1c2f00dddb0cc4c8bfb5bcf 2025-11-12
FileHash-SHA1 1e76f497051829fa804e72b9d14f44da5a531df8 SHA1 of c446682f33641cff21083ac2ce477dbe 2025-11-12
FileHash-SHA1 3f4c2532f57d56cde608b9606f05927cf1fdc81b SHA1 of 5ad40a5fd18a1b57b69c44bc2963dc6b 2025-11-12
FileHash-SHA1 416ef3352638e2fe5815fca722df4e9ec70b550f SHA1 of 9551b4af789b2db563f9452eaf46b6aa 2025-11-12
FileHash-SHA1 4818af3d199ec7d59ca8671df05d4938f2570cff SHA1 of 6348b49f3499d760797247b94385fda3 2025-11-12
FileHash-SHA1 4d101f0ca2bd81c23f0e68dbf34b3cd6625188b7 SHA1 of 73d26eb56e5a3426884733c104c3f625 2025-11-12
FileHash-SHA1 4fc1a0ea8dfab79fb95c1bef71295ba2b78dea6b SHA1 of 50f341b24cb75f37d042d1e5f9e3e5aa 2025-11-12
FileHash-SHA1 5474451c25e8070d872102e88e65967f5f039290 SHA1 of 6422795a6df10c45c1006f92d686ee7e 2025-11-12
FileHash-SHA1 57973754f9d98bdb9b5682953234a1a8da15e74d SHA1 of 963f473f1734d8b3fbb8c9a227c06d07 2025-11-12
FileHash-SHA1 5b16e9d6e92be2124ba496bf82d38fb35681c7ad SHA1 of 76ace3a6892c25512b17ed42ac2ebd05 2025-11-12
FileHash-SHA1 79f37e0b728de2c5a4bfe8fcf292941d54e121b8 SHA1 of e8680d17fba6425e4a9bb552fb8db2b1 2025-11-12
FileHash-SHA1 7e07765bf8ee2d0b2233039623016d6dfb610a6d SHA1 of 529fe6eff1cf452680976087e2250c02 2025-11-12
FileHash-SHA1 945fcd3e08854a081c04c06eeb95ad6e0d9cdc19 SHA1 of d8529855fab4b4aa6c2b34449cb3b9fb 2025-11-12
FileHash-SHA1 a4933676e28dd47d685edeb8dd5be4533cd0f77d SHA1 of 0af11f610da1f691e43173d44643283f 2025-11-12
FileHash-SHA1 c91d54b555f14002a07667dc094eea44262a92e1 SHA1 of 931cec3c80c78d233e3602a042a2e71b 2025-11-12
FileHash-SHA1 d3609d97f3cd1bba378210aa5526989b943117a8 SHA1 of 5cb4f0084f3c25e640952753ed5b25d0 2025-11-12
FileHash-SHA1 de3f83af6897a124d1e85a65818a80570b33c47c SHA1 of a0eb7e480752d494709c63aa35ccf36c 2025-11-12
FileHash-SHA1 decb44a5361e336ee5e576355f86c4fc17edd2b1 SHA1 of 1243968876262c3ad4250e1371447b23 2025-11-12
FileHash-SHA1 df9894ceaf81945a771b4c230fc730b5b72c5ea2 SHA1 of 01d3ed1c228f09d8e56bfbc5f5622a6c 2025-11-12
FileHash-SHA256 0d1e3a9e6f3211b7e3072d736e9a2e6be363fc7c100b90bf7e1e9bee121e30df SHA256 of ab1e8693931f8c694247d96cf5a85197 2025-11-12
FileHash-SHA256 14e9bb6df4906691fc7754cf7906c3470a54475c663bd2514446afad41fa1527 SHA256 of 0af11f610da1f691e43173d44643283f 2025-11-12
FileHash-SHA256 236e9e6fa09e309c3412fa4aa616ffd41dae8159f27e2bdfb44aac45fcb687fe SHA256 of 963f473f1734d8b3fbb8c9a227c06d07 2025-11-12
FileHash-SHA256 29f68201b878ccf21c41d9dc6a060961d49c55a6c2d32e2c205915320aff7bbe SHA256 of 6348b49f3499d760797247b94385fda3 2025-11-12
FileHash-SHA256 2b0758b36ccefaf5f126e2eac16637249c1b5f27b89b791a716c96ff4b319f1f SHA256 of 8006efb8dd703073197e5a27682b35bf 2025-11-12
FileHash-SHA256 3315e5a4590e430550a4d85d0caf5f521d421a2966b23416fcfc275a5fd2629a SHA256 of c42c7a2ea1c2f00dddb0cc4c8bfb5bcf 2025-11-12
FileHash-SHA256 3dd226d0b700f33974f409142defb62a8cd172ae5f2eb9beb7f5750eb1702e2a 2025-11-12
FileHash-SHA256 41660a23e5db77597994e17f9f773d02976f767276faf3b5bac0510807a9a36f SHA256 of 76ace3a6892c25512b17ed42ac2ebd05 2025-11-12
FileHash-SHA256 4451ee8bc53ea7c148d8348bc7b82aca9977bdd31c0156dfe25c4a879a1d2190 2025-11-12
FileHash-SHA256 45224b7d4b44833a4853729205e539b41b101381ab3b3d1e8dbe3e5efa936fb9 SHA256 of 6422795a6df10c45c1006f92d686ee7e 2025-11-12
FileHash-SHA256 4f0083f6a6796c327adba24b9e80c2d71203074e038bfcbce8bca45803a1d9ec SHA256 of a26f2b97ca4e2b4b5d58933900f02131 2025-11-12
FileHash-SHA256 5b77f83ecefa0e32ba922f61c9efff7f755ba51a010db844ca7e8ad3db28650a 2025-11-12
FileHash-SHA256 5c83daca1be2c9997550a95f23133ee096deb7548e87b4232a8f965aee3af449 SHA256 of 1243968876262c3ad4250e1371447b23 2025-11-12
FileHash-SHA256 5f4063e3a5583e62ddec2f84ca88eb97fbcfbee31d9269742ab438f441f0cd58 SHA256 of 931cec3c80c78d233e3602a042a2e71b 2025-11-12
FileHash-SHA256 65b98ddc821212d13e0e64265353725f0adf6bcf3f4129c18d9d6327b8a69e11 SHA256 of a0eb7e480752d494709c63aa35ccf36c 2025-11-12
FileHash-SHA256 69d23457d837d4d7fa5be2c853d54420c25792a3d4fba690b41d97ee12a7d17c SHA256 of 50f341b24cb75f37d042d1e5f9e3e5aa 2025-11-12
FileHash-SHA256 71b743c529f0b27735f7774a0903cb908edc93423b60fe9be49a3729982d0e8d 2025-11-12
FileHash-SHA256 74cbec210ba601caeb063d44e510fc012075b65a0482d3fa2d2d08837649356a SHA256 of d8529855fab4b4aa6c2b34449cb3b9fb 2025-11-12
FileHash-SHA256 7ffc83877389ebb86d201749d73b5e3706490070015522805696c9b94fa95ccb SHA256 of e33f942cf1479ca8530a916868bad954 2025-11-12
FileHash-SHA256 81612cab25c707a4c5d12bb21ff5f87386fb52dcd0a12bbd063a9b4b11f2df14 SHA256 of 1653d75d579872fadec1f22cf7fee3c0 2025-11-12
FileHash-SHA256 a1a09c0b98a69681707ccd054b480afe07ce1d7fc07fbaf84a51b312ec33d5aa SHA256 of 5ad40a5fd18a1b57b69c44bc2963dc6b 2025-11-12
FileHash-SHA256 a6c1a7ce43b029a1ef4ae69b26f745440ecce8368c89f11ac999d4ed04a31572 2025-11-12
FileHash-SHA256 ad01beb19f5b8c7155ee5415781761d4c7d85a31bb90b618c3f5d9f737f2d320 SHA256 of 01d3ed1c228f09d8e56bfbc5f5622a6c 2025-11-12
FileHash-SHA256 b3cc15c1033de79024f9cf3cd6a6a7a9b7e54a1a57d3156036f5c05f541694b7 2025-11-12
FileHash-SHA256 b494a0ae421afe170f6cb9de2c1193a78fbe16f627f85139676afc5d9bfe93a2 2025-11-12
FileHash-SHA256 bcef50a375c8b4edbe7c80e220c1bb52f572ce379768fec3527d31c1d51138fc SHA256 of eda0525c078f5a216a977bc64e86160a 2025-11-12
FileHash-SHA256 bd2aa5805b76f272b43a595b3d73e29d0fc4647e15e87950b8f904ea26dcf053 SHA256 of 529fe6eff1cf452680976087e2250c02 2025-11-12
FileHash-SHA256 c24bb2b28d322faee5a0162675c0c579a5224149874742acdd0bdf0157359756 SHA256 of 9551b4af789b2db563f9452eaf46b6aa 2025-11-12
FileHash-SHA256 c4db903322d17c8cbf1d1db55124854c0b070d6ece54162b6a4d06df24c572df 2025-11-12
FileHash-SHA256 ccf7f7678965105142f6878d7b1f1f1c6f31fdbc45b0e50b8e70d0441f0b7472 SHA256 of 73d26eb56e5a3426884733c104c3f625 2025-11-12
FileHash-SHA256 d21e88f255d49476bad526796cfadaf14c4ceb1c5cba08bc9d8bf7c7d8146e84 SHA256 of 5cb4f0084f3c25e640952753ed5b25d0 2025-11-12
FileHash-SHA256 d5f41ea8dbf1ed159a0a4cfce563a917c1df32bb8ac8d321b4d3dcf67271dd25 SHA256 of c446682f33641cff21083ac2ce477dbe 2025-11-12
FileHash-SHA256 ebaaf177e746f9f0e16c906f1ffea95af771252b07136ca6a13995508fce34aa SHA256 of e8680d17fba6425e4a9bb552fb8db2b1 2025-11-12
URL http://first.longlastfor.online:8080/client 2025-11-12
URL http://firstfromsep.online/client 2025-11-12
URL http://second.systemupdate.cloud/client 2025-11-12
URL http://signsafe.xyz/update 2025-11-12
URL http://web.commoncome.online:8080/client 2025-11-12
URL http://web071zoom.us/fix/audio-fv/7217417464 2025-11-12
URL http://web071zoom.us/fix/audio-tr/7217417464 2025-11-12
URL http://web071zoom.us/fix/audio/4542828056 2025-11-12
URL https://api.clearit.sbs/test 2025-11-12
URL https://api.clearit.sbs/uploadfiles 2025-11-12
URL https://api.flashstore.sbs/test 2025-11-12
URL https://api.flashstore.sbs/uploadfiles 2025-11-12
URL https://bots.autoupdate.online:8080/test 2025-11-12
URL https://chkactive.online/update 2025-11-12
URL https://cloud-server.store/update 2025-11-12
URL https://dataupload.store/uploadfiles 2025-11-12
URL https://download.datatabletemplate.xyz/account/register/id=8118555902061899&secret=QwLoOZSDakFh. 2025-11-12
URL https://file-server.store/update 2025-11-12
URL https://filedrive.online/uploadfiles 2025-11-12
URL https://metamask.awaitingfor.site/update 2025-11-12
URL https://safeup.store/test 2025-11-12
URL https://safeupload.online/uploadfiles 2025-11-12
URL https://support.ms-live.us/301631/check 2025-11-12
URL https://support.ms-live.us/register/22989524464UcX2b5w52 2025-11-12
URL https://support.ms-live.us/update/02583235891M49FYUN57 2025-11-12
URL https://urgent-update.cloud/uploadfiles 2025-11-12
URL https://writeup.live/test 2025-11-12
domain chkactive.online 2025-11-12
domain cloud-server.store 2025-11-12
domain dataupload.store 2025-11-12
domain file-server.store 2025-11-12
domain filedrive.online 2025-11-12
domain firstfromsep.online 2025-11-12
domain flashserve.store 2025-11-12
domain image-support.xyz 2025-11-12
domain instant-update.online 2025-11-12
domain readysafe.xyz 2025-11-12
domain real-update.xyz 2025-11-12
domain safefor.xyz 2025-11-12
domain safeup.store 2025-11-12
domain safeupload.online 2025-11-12
domain secondshop.online 2025-11-12
domain secondshop.store 2025-11-12
domain signsafe.site 2025-11-12
domain signsafe.xyz 2025-11-12
domain swissborg.blog 2025-11-12
domain urgent-update.cloud 2025-11-12
domain web071zoom.us 2025-11-12
domain writeup.live 2025-11-12
hostname api.clearit.sbs 2025-11-12
hostname api.flashstore.sbs 2025-11-12
hostname backdoor.python.agent.br 2025-11-12
hostname bots.autoupdate.online 2025-11-12
hostname botsc.autoupdate.xyz 2025-11-12
hostname check.datatabletemplate.shop 2025-11-12
hostname download.datatabletemplate.xyz 2025-11-12
hostname download.face-online.world 2025-11-12
hostname first.longlastfor.online 2025-11-12
hostname first.system-update.xyz 2025-11-12
hostname metamask.awaitingfor.site 2025-11-12
hostname pre.alwayswait.site 2025-11-12
hostname root.chkstate.online 2025-11-12
hostname root.security-update.xyz 2025-11-12
hostname second.awaitingfor.online 2025-11-12
hostname second.systemupdate.cloud 2025-11-12
hostname support.ms-live.us 2025-11-12
hostname support.video-meeting.online 2025-11-12
hostname system.updatecheck.store 2025-11-12
hostname trojan.shell.agent.gn 2025-11-12
hostname web.commoncome.online 2025-11-12
hostname check.datetabletemplate.shop 2025-11-12
hostname download.databletemplate.xyz 2025-11-12
References (1)
↗ https://securelist.ru/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/113883/