Monitor SG

@[email protected]
451 Followers
0 Following
1.8K Posts

Experimental automated monitoring of #SocGholish, #FakeSG, #ClearFake, #ClickFix, #KongTuke, #ParrotTDS and #SmartApeSG.

Samples and IOCs sent to MalwareBazaar and ThreatFox.

MalwareBazaarhttps://bazaar.abuse.ch/user/10197/
ThreatFoxhttps://threatfox.abuse.ch/user/5719/
Monitor SG21h ago

Detected #SmartApeSG infection chain

Compromised site
-->
divinenarratives[.]org/d.js (injected)
-->
linenvoyage[.]top/signin/profile-parser.js
-->
linenvoyage[.]top/signin/auth-json
-->
linenvoyage[.]top/signin/route-script.js (clickfix)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
thesnackbee[.]com/d.js (injected)
-->
linenvoyage[.]top/signin/profile-parser.js
-->
linenvoyage[.]top/signin/auth-json
-->
linenvoyage[.]top/signin/route-script.js (clickfix)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
bronzepavilion[.]top/signin/auth-json
-->
bronzepavilion[.]top/signin/route-script.js (clickfix)

Monitor SG1d ago

Detected #KongTuke infection chain

Compromised site
-->
oliveiaa[.]icu/file.js (ClickFucker)
-->
oliveiaa[.]icu/api/v1/session (token)
-->
oliveiaa[.]icu/api/v1/verify (gateway)
-->
oliveiaa[.]icu/api/v1/status (clipboard)
-->
secure-code[.]lol/o (powershell)

45d8b6b295a5caabf8df33be9be19b29dd6e284abb43ccc3d8104e7fbc18d693 o

Monitor SG1d ago

Detected #KongTuke infection chain

Compromised site
-->
oliveiaa[.]icu/file.js (ClickFucker)
-->
oliveiaa[.]icu/api/v1/session (token)
-->
oliveiaa[.]icu/api/v1/verify (gateway)
-->
oliveiaa[.]icu/api/v1/status (clipboard)

Monitor SG1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
mezcalpro[.]com/scq (injected)
-->
linenvoyage[.]top/signin/profile-parser.js
-->
linenvoyage[.]top/signin/auth-json
-->
linenvoyage[.]top/signin/route-script.js (clickfix)

Monitor SG2d ago

Detected #KongTuke infection chain

Compromised site
-->
jiminej[.]lol/file.js (ClickFucker)
-->
jiminej[.]lol/api/v1/session (token)
-->
jiminej[.]lol/api/v1/verify (gateway)
-->
jiminej[.]lol/api/v1/status (clipboard)
-->
verif-code[.]lol/o (powershell)

eaf4ebac1a894c72e388994d0f8cda6849daa1750f66ae9f1e432018d7164348 o

Monitor SG2d ago

Detected #SmartApeSG infection chain

Compromised site
-->
thesnackbee[.]com/d.js (injected)
-->
saffronarchivehub[.]top/role/policy-sessionstore.js
-->
saffronarchivehub[.]top/role/health-json
-->
saffronarchivehub[.]top/role/redirect-html.js (clickfix)

Monitor SG2d ago

Detected #SmartApeSG infection chain

Compromised site
-->
mezcalpro[.]com/scq (injected)
-->
saffronarchivehub[.]top/role/policy-sessionstore.js
-->
saffronarchivehub[.]top/role/health-json
-->
saffronarchivehub[.]top/role/redirect-html.js (clickfix)

Monitor SG2d ago

New #SocGholish C2:

hXXps://dl.erickillorinphotostore[.]com/Xgd37BKqtSdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
dl.erickillorinphotostore[.]com
45[.]41.187.5
AS22653 Cyber Wurx LLC