← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - CloudZ RAT potentially steals OTP messages using Pheno plugin
WHITE celestre 2026-05-13 Modified: 2026-05-13
16
IOCs
MEDIUM VOLUME
Windows Phone Link (formerly "Your Phone") is a synchronization tool developed by Microsoft and built directly into Windows 10 and 11 that bridges a PC and a smartphone (Android or iPhone). By establishing a secure connection via Wi-Fi and Bluetooth, the application mirrors essential phone activities (such as application notifications and SMS messages) onto the computer screen, reducing the user’s need to physically interact with the mobile device while working on the computer. The Phone Link application writes synchronized phone data such as SMS messages, call logs, and the application notification history to the Windows PC in the application’s SQLite database file.
linkyour phonealienvaultiocmicrosoft phonehuntinglocalappdatarusty droppercloudz ratplugin pheno
Indicators of Compromise (5 / 16 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 02545a4560e0cd6662d1061973244f18 MD5 of 33af554562176eff34598a839051b8e91692b0305edfdbb4d8eb9df0103ffd98 2026-05-13
FileHash-MD5 719fead8f2408fa00998f245a0bb11c3 MD5 of 24398b75be2645e6c695e529e62e60deb418143a4bbea13c561d3c361419eb54 2026-05-13
FileHash-MD5 a39299719bb4151c373a0e9b92b2bd05 MD5 of 5b7284bcf30569ae400e416a62391720cc9081e6047f15816f9d1a04a06eb321 2026-05-13
FileHash-MD5 cdc678b4ad968121fbaaf8e04511cef3 MD5 of 65fcd965040fabeb6f092df0a4b6856125018bb3b6a1876342da458139f77dac 2026-05-13
FileHash-MD5 d6e5f9733d4c0313125d1700dc0e3746 MD5 of ed5de036edbbda52ab0049d2163607038d38a49404a46b6bcfc4bac26b743832 2026-05-13
References (1)
↗ https://blog.talosintelligence.com/cloudz-pheno-infostealer/