search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
11 stars 0 forks source link

Block `Tycoon 2FA` AiTM phishing kit used to bypass 2FA #478

Closed summercms closed 5 months ago

summercms commented 5 months ago

Enhancement idea

Description

In mid-February 2024, we identified a new emerging version of the Tycoon 2FA that was widely distributed in the wild. This new version enhances its obfuscation and anti-detection capabilities and changes network traffic patterns.

Links

https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

17nor.com
3qjpc.com
3tdx2r.com
7e2r.com
aricente.com
atlester.ru
bloggcenter.com
canweal.com
chenebystie.com
coqqwx.ru
demur3.com
diremsto.com
dthiterp.ru
ferver8.com
fiernmar.com
gnornamb.com
ilert.ru
it2ua.com
jgu0.com
lw8opi.com
m1p8z.com
methw.ru
moporins.com
nechsha.com
nemen9.com
ningeona.com
nitertym.ru
orankfix.com
oreversa.com
ouchar.ru
rchan0.com
refec7.com
restrice.ru
rexj.ru
rhknt.ru
rimesh3.com
ructin.com
sem01.com
shantowd.com
sologerg.com
theq0.com
tjlpkcia.com
tk9u.com
tlger-surveillance.com
tnjxb.com
trodeckh.com
uatimin.com
uqin.ru
venti71.com
ymarir.ru

IP's

n/a

ASN's

n/a

Emails

n/a

Wallet addresses

19NReVFKJsYYCCFLq1uNKYrUqQE2bB4Jwx

Above: Bitcoin Wallet.

Mining pool addresses

n/a