Monitor SG

@[email protected]
437 Followers
0 Following
1.6K Posts

Experimental automated monitoring of #SocGholish, #FakeSG, #ClearFake, #ClickFix, #KongTuke, #ParrotTDS and #SmartApeSG.

Samples and IOCs sent to MalwareBazaar and ThreatFox.

MalwareBazaarhttps://bazaar.abuse.ch/user/10197/
ThreatFoxhttps://threatfox.abuse.ch/user/5719/
Monitor SG15h ago

New #SocGholish C2:

hXXps://dash.dcf.co[.]il/XgdK7BK3H0mM1Cqftc45tcfD73s31S7pY0l=
dash.dcf.co[.]il
207[.]174.31.119
AS26383 Baxet Group Inc.

Monitor SG15h ago

Detected #SmartApeSG infection chain

Compromised site
-->
mezcalpro[.]com/scq (injected)
-->
dreniko[.]top/private/admin-serializer.php
-->
dreniko[.]top/private/endpoint-build.js (clickfix)
-->
polnexas[.]com/jj/pop (HTA)
-->
polnexas[.]com/pp/june (ZIP)

573f5dc988e9e25ca3b133e928c0671583029fd048a709944f6c89624a1eeab5 june

Monitor SG16h ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
qlorexa[.]top/private/admin-serializer.php
-->
qlorexa[.]top/private/endpoint-build.js (clickfix)

Monitor SG20h ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
qlorexa[.]top/private/admin-serializer.php
-->
qlorexa[.]top/private/endpoint-build.js (clickfix)
-->
polnexas[.]com/jj/pop (HTA)
-->
polnexas[.]com/pp/june (ZIP)

573f5dc988e9e25ca3b133e928c0671583029fd048a709944f6c89624a1eeab5 june

Monitor SG1d ago

New #SocGholish C2:

hXXps://cl-api.israel-wealth[.]com/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
cl-api.israel-wealth[.]com
86[.]38.216.176
AS46475 Limestone Networks, Inc.

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
qlorexa[.]top/private/admin-serializer.php
-->
qlorexa[.]top/private/endpoint-build.js (clickfix)
-->
polnexas[.]com/jj/pop (HTA)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
qlorexa[.]top/private/admin-serializer.php
-->
qlorexa[.]top/private/endpoint-build.js (clickfix)
-->
polnexas[.]com/jj/pop (HTA)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)
-->
vexnali[.]com/ss/look (ZIP)

ec7350861106cdb07ea23d9cb39b45221d5979979d4c4727d3e41e866a0778e2 look

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
gralino[.]top/realm/audit-worker.js
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)
-->
vexnali[.]com/ss/look (ZIP)

ec7350861106cdb07ea23d9cb39b45221d5979979d4c4727d3e41e866a0778e2 look