Monitor SG

@[email protected]
437 Followers
0 Following
1.6K Posts

Experimental automated monitoring of #SocGholish, #FakeSG, #ClearFake, #ClickFix, #KongTuke, #ParrotTDS and #SmartApeSG.

Samples and IOCs sent to MalwareBazaar and ThreatFox.

MalwareBazaarhttps://bazaar.abuse.ch/user/10197/
ThreatFoxhttps://threatfox.abuse.ch/user/5719/
Monitor SG12m ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)

Monitor SG3h ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG7h ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG9h ago

New #SocGholish C2:

hXXps://events.wealth-london[.]com/XgdK7BK31Nfn1obBi0dg1oqDtc451v7D7cs3eBWT
events.wealth-london[.]com
96[.]30.194.250
AS20473 The Constant Company, LLC

Monitor SG11h ago

New #SocGholish C2:

hXXps://api-gw.nycwealth[.]com/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
api-gw.nycwealth[.]com
38[.]135.54.89
AS26383 Baxet Group Inc.

Monitor SG12h ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
munqera[.]top/settings/permission-server.js
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG14h ago

Detected #SmartApeSG infection chain

Compromised site
-->
vorqeni[.]top/settings/tenant-core.php
-->
vorqeni[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
vcdggsfw[.]top/session/route-header.php
-->
vcdggsfw[.]top/session/scope-schema.js (clickfix)
-->
urotypos[.]com/cd/temp (HTA)
-->
urotypos[.]com/ls/production (ZIP)

a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a production

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
fresicrto[.]top/session/route-header.php
-->
fresicrto[.]top/session/scope-schema.js (clickfix)
-->
urotypos[.]com/cd/temp (HTA)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
mezcalpro[.]com/scq (injected)
-->
vcdggsfw[.]top/session/router-build.js
-->
vcdggsfw[.]top/session/route-header.php
-->
vcdggsfw[.]top/session/scope-schema.js (clickfix)
-->
urotypos[.]com/cd/temp (HTA)