New #SocGholish C2:

hXXps://prototype3.thefinancialdatabase[.]com/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
prototype3.thefinancialdatabase[.]com
104[.]156.254.154
AS20473 The Constant Company, LLC

Detected #KongTuke infection chain

Compromised site
-->
mermiston[.]com/file.js (ClickFucker)
-->
mermiston[.]com/t (token)
-->
mermiston[.]com/g (gateway)
-->
mermiston[.]com/c (clipboard)
-->
e4wxbrg5277[.]com/dl/agent.ps1 (cmd)
-->
e4wxbrg5277[.]com/dl/update.zip (cmd)

Detected #KongTuke infection chain

Compromised site
-->
mermiston[.]com/file.js (ClickFucker)
-->
mermiston[.]com/t (token)
-->
mermiston[.]com/g (gateway)
-->
e4wxbrg5277[.]com/dl/agent.ps1 (cmd)
-->
e4wxbrg5277[.]com/dl/update.zip (cmd)

New #SocGholish C2:

hXXps://aws.uae-wealth[.]com/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
aws.uae-wealth[.]com
155[.]138.210.90
AS20473 The Constant Company, LLC

New #SocGholish C2:

hXXps://store.adriennerichardson[.]com/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
store.adriennerichardson[.]com
84[.]46.239.75
AS46475 Limestone Networks, Inc.

Detected #SmartApeSG infection chain

Compromised site
-->
crypta-wave[.]top/secure/admin-dom.php
-->
crypta-wave[.]top/secure/rate-build.js (clickfix)

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
z3nbyte[.]top/metrics/public-effect.js
-->
z3nbyte[.]top/metrics/reset-transpiler.php
-->
z3nbyte[.]top/metrics/trace-hook.js (clickfix)

Detected #SmartApeSG infection chain

Compromised site
-->
byte-shard[.]top/metrics/reset-transpiler.php
-->
byte-shard[.]top/metrics/trace-hook.js (clickfix)

New #SocGholish C2:

hXXps://cpanel.theresiliencefactorpodcast[.]com/XgdK7BK3HcT3E0YjioTL73s31S7pY0l=
cpanel.theresiliencefactorpodcast[.]com
194[.]213.18.163
AS62240 Clouvider

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
nexvoid[.]top/auth/legacy-controller.js
-->
nexvoid[.]top/auth/legacy-sessionstore.php
-->
nexvoid[.]top/auth/alias-script.js (clickfix)