← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - New widespread EvilTokens kit: device code phishing as-a-service – Part 1
In March 2026, through our monitoring of phishing-focused cybercrime communities, Sekoia’s Threat Detection & Research (TDR) team uncovered EvilTokens, a new turnkey Microsoft device code phishing kit sold as Phishing-as-a-Service (PhaaS). These phishing pages have been circulating since mid-February 2026, and were rapidly adopted by cybercriminals specialising in Adversary-in-the-Middle (AitM) phishing and Business Email Compromise (BEC).
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | authdocspro.com | — | 2026-03-31 | |
| domain | backdoor-hub.com | — | 2026-03-31 | |
| domain | bumpgames.net | — | 2026-03-31 | |
| domain | carbatterygurgaon.com | — | 2026-03-31 | |
| domain | careldutoit-el.co.za | — | 2026-03-31 | |
| domain | eqfit.co.za | — | 2026-03-31 | |
| domain | eventcalender-schedule.com | — | 2026-03-31 | |
| domain | evobothub.org | — | 2026-03-31 | |
| domain | framebound.cloud | — | 2026-03-31 | |
| domain | infinitechai.org | — | 2026-03-31 | |
| domain | macmamo.com | — | 2026-03-31 | |
| domain | mirsanotolastik.com | — | 2026-03-31 | |
| domain | mirzanyapi.com | — | 2026-03-31 | |
| domain | newmobilepolojean.com | — | 2026-03-31 | |
| domain | notificationsmanagersec.com | — | 2026-03-31 | |
| domain | pelangiservice.com | — | 2026-03-31 | |
| domain | prcservis.com | — | 2026-03-31 | |
| domain | serenitygovsupplys.com | — | 2026-03-31 | |
| domain | smstltle.net | — | 2026-03-31 | |
| domain | suctwocesonesstory.com | — | 2026-03-31 | |
| domain | thesafarigarden.com | — | 2026-03-31 | |
| domain | topbuysella.com | — | 2026-03-31 | |
| domain | totalhomesafe.com | — | 2026-03-31 | |
| domain | xlkconsulting.co.za | — | 2026-03-31 | |
| domain | yankeepine.co | — | 2026-03-31 | |
| domain | youremplregroup.com | — | 2026-03-31 | |
| hostname | docusend.networkssolutionmail.com | — | 2026-03-31 | |
| hostname | internalmemorecord.bxwancheng.com | — | 2026-03-31 | |
| hostname | promanager.outboundciwidey.com | — | 2026-03-31 | |
| hostname | signaturerequired.thecoolcactus.com | — | 2026-03-31 | |
| hostname | statushelper.aguasomos.com | — | 2026-03-31 | |
| hostname | update.youcreadio.cfd | — | 2026-03-31 | |
| hostname | well.atlantaperlnatal.com | — | 2026-03-31 |