← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns
WHITE Tr1sa111 2026-05-05 Modified: 2026-05-29
24
IOCs
MEDIUM VOLUME
credential harvestingsmishingphaasmfa bypassphoenix systemfinancial fraudbts injection
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (24)
All IPv4 URL
TYPEINDICATORDESCRIPTIONCREATED
IPv4 43.154.31.214 CC=HK ASN=AS132203 tencent building kejizhongyi avenue 2026-05-05
IPv4 43.156.61.150 CC=SG ASN=AS132203 tencent building kejizhongyi avenue 2026-05-05
IPv4 8.220.190.2 CC=SG ASN=ASNone 2026-05-05
IPv4 101.32.186.29 CC=HK ASN=AS132203 tencent building kejizhongyi avenue 2026-05-05
IPv4 156.245.145.174 CC=HK ASN=AS134548 dxtl tseung kwan o service 2026-05-05
IPv4 156.245.146.210 CC=HK ASN=AS134548 dxtl tseung kwan o service 2026-05-05
IPv4 23.95.166.127 CC=US ASN=AS36352 colocrossing 2026-05-05
IPv4 43.134.12.32 CC=SG ASN=AS132203 tencent building kejizhongyi avenue 2026-05-05
IPv4 43.134.239.46 CC=SG ASN=AS132203 tencent building kejizhongyi avenue 2026-05-05
IPv4 43.163.100.238 CC=SG ASN=ASNone 2026-05-05
IPv4 47.80.64.106 CC=US ASN=ASNone 2026-05-05
IPv4 47.80.70.114 CC=US ASN=ASNone 2026-05-05
IPv4 47.80.79.203 CC=US ASN=ASNone 2026-05-05
IPv4 8.212.128.102 CC=SG ASN=AS45102 alibaba (us) technology co. ltd. 2026-05-05
IPv4 8.220.130.133 CC=SG ASN=ASNone 2026-05-05
URL http://154.91.90.0 2026-05-05
URL http://38.162.114.0 2026-05-05
URL http://43.133.0.0 2026-05-05
URL http://43.134.0.0 2026-05-05
URL http://43.153.0.0 2026-05-05
URL http://43.160.192.0 2026-05-05
URL http://43.162.0.0 2026-05-05
URL http://45.203.220.0 2026-05-05
URL http://47.80.0.0 2026-05-05
References (1)
↗ https://www.group-ib.com/blog/phoenix-phaas-kit-smishing/