650 Attack Tools, One Coordinated Campaign
The GreedyBear attack group has launched a massive crypto theft operation, utilizing 150 weaponized Firefox extensions, nearly 500 malicious executables, and numerous phishing websites. Their tactics include Extension Hollowing to bypass marketplace security, distributing various malware families, and creating scam sites masquerading as crypto products. The campaign's infrastructure is consolidated to a single IP address, suggesting a centralized backend. The group has expanded from its earlier Foxy Wallet campaign and shows signs of potential growth beyond Firefox. The attackers are leveraging AI to scale their operations, making it challenging for traditional security measures to keep up. The campaign has reportedly stolen over $1 million from victims.
AI Analysis
Technical Summary
The GreedyBear attack group has orchestrated a large-scale, multifaceted crypto theft campaign leveraging a diverse arsenal of over 650 attack tools, including 150 weaponized Firefox browser extensions, nearly 500 malicious executables, and numerous phishing websites. Their primary tactic, Extension Hollowing, allows them to bypass Firefox marketplace security by injecting malicious code into legitimate extensions, thereby evading detection and facilitating widespread distribution. The campaign infrastructure is notably centralized, with all malicious activities routed through a single IP address, indicating a streamlined backend command and control setup. GreedyBear's operations have evolved from their earlier Foxy Wallet campaign, expanding their scope and potentially targeting platforms beyond Firefox in the near future. The attackers employ artificial intelligence techniques to automate and scale their operations, complicating detection and mitigation efforts by traditional security tools. The campaign encompasses multiple malware families, including Luca Stealer and Lummastealer, and employs tactics such as phishing, scam websites impersonating crypto products, and ransomware deployment. The campaign has reportedly resulted in financial losses exceeding $1 million. The attack techniques correspond to MITRE ATT&CK tactics such as T1583 (Acquire Infrastructure), T1176 (Browser Extensions), T1102 (Web Service), T1608 (Stage Capabilities), T1204 (User Execution), T1056 (Input Capture), T1132 (Data Encoding), T1585 (Establish Accounts), T1588 (Obtain Capabilities), and T1189 (Drive-by Compromise). This coordinated campaign represents a sophisticated threat targeting cryptocurrency users through multiple vectors, leveraging social engineering, technical exploitation, and AI-driven scaling.
Potential Impact
European organizations, particularly those involved in cryptocurrency trading, wallet development, and blockchain services, face significant risks from this campaign. The use of weaponized browser extensions and phishing websites can lead to credential theft, unauthorized access to crypto wallets, and direct financial theft. The centralized infrastructure and AI-driven scaling increase the campaign's reach and speed, potentially overwhelming incident response teams. Loss of funds, reputational damage, and erosion of user trust are primary concerns. Additionally, the deployment of ransomware components could disrupt business operations, leading to downtime and additional financial losses. Given the campaign's focus on Firefox extensions, organizations with employees or customers using Firefox for crypto-related activities are at heightened risk. The campaign's ability to bypass marketplace security and use social engineering increases the likelihood of successful compromise, especially in environments with limited endpoint protection or user awareness. The financial impact extends beyond direct theft, potentially affecting regulatory compliance and increasing scrutiny from European data protection authorities if personal data is compromised during the attacks.
Mitigation Recommendations
European organizations should implement a multi-layered defense strategy tailored to this campaign's tactics. First, enforce strict controls on browser extension usage by whitelisting approved extensions and disabling installation from untrusted sources. Employ endpoint detection and response (EDR) solutions capable of detecting extension hollowing and anomalous executable behaviors. Regularly update and patch browsers and security software to mitigate exploitation of known vulnerabilities. Conduct targeted user awareness training focused on recognizing phishing attempts and scam websites, emphasizing the risks associated with crypto-related activities. Deploy network monitoring to detect unusual outbound connections, especially to the centralized IP address identified in the campaign, and block or isolate suspicious traffic. Utilize threat intelligence feeds to update detection rules with indicators related to GreedyBear's tools and infrastructure. Implement multi-factor authentication (MFA) for access to crypto wallets and related services to reduce the risk of credential theft exploitation. Consider sandboxing or isolating browser environments used for crypto transactions to limit exposure. Finally, collaborate with crypto platforms and law enforcement to share intelligence and coordinate response efforts.
Affected Countries
Germany, United Kingdom, France, Netherlands, Switzerland, Estonia
Indicators of Compromise
- hash: 003595d95c83d74a9e2c8d9cc6150fc4
- hash: 01e7226db53681dad4a79ae50072be7d
- hash: 034ec22198a3c2819c6a8fb4f3888878
- hash: 038b9ea46d457cb52cbf89e4c21afd86
- hash: 043f2556f6565110cf0149dc988bdcec
- hash: 066bf7c000e10bacc98ebfa7d90ec1cb
- hash: 0a519ced600bc1e0f665ecffcbdd173f
- hash: 0a813dcdfb41703fc1c83bb2e6c280e0
- hash: 0b1d922f2a0cace7c080af1bd8ddf68b
- hash: 0c50df3e78a0bd32cf3e86cce600a9ab
- hash: 0e398961d0b8d042a6a79750bed2e11e
- hash: 0eb907d6652376ee5f1842a7efb81eaf
- hash: 1013d4421dfe7b8d5b2337f05334794d
- hash: 1126f74ae969277d53ffd9a03fb8b33a
- hash: 11c2590c86d90875cc32d1c70ab0f168
- hash: 11e9559ab4f6ca7e5d8b1e3542eed317
- hash: 11f5253a29dd6b21ab586ab18f6f7615
- hash: 129137b10809ef610ddddc34694b789c
- hash: 1291e4e8188e5ed7eff9f97a4e42367c
- hash: 131f8f2213def0f648210b18e61cd368
- hash: 150b8a919ff51049aa765c2217fe4d50
- hash: 1e67b4886bb732fb20e6cac9688e705f
- hash: 1ece49212b19748433028447ce2db097
- hash: 20871bb4943330ff84bb313301889f08
- hash: 21d27cc4fae20ba1846103b6c884f841
- hash: 26c3a51a9f7dcd35df6e0021b8fc887c
- hash: 27f2de936a920326ba94273e4e3e32a9
- hash: 29aafd6d3bcc3c6e75adfa4077d17070
- hash: 29ce401ee7035ae6fd076ff6f0db25db
- hash: 2c43b8be6821b14834495e33eb22ee25
- hash: 2f76bd9821ec8e0271326217120cdaab
- hash: 323d53d94b5041581ae874792f0c367d
- hash: 356c66cc1ce5d81903d404689f55258a
- hash: 36f0bc4649066ad616b4c2091d489778
- hash: 3ad3ae879eda244d7dc27f87567dbc9a
- hash: 3b330aef3c1965e8c77d978c0864c9ed
- hash: 3bbd007cf8f0c02972388844dbad9d67
- hash: 3e95391d982261f3cdf3ca6a3e0041e4
- hash: 417bf30b5ed2a1d679a93028f13a1ca3
- hash: 457dfca85d2ac56e1136744e69fb05f1
- hash: 45a7cc351d24ece6a81f1f8895e7a234
- hash: 4a7e1c7cc9a8d8f3e70000466e54a154
- hash: 4cec329b52c29869eba68f4e2ca4c140
- hash: 4edf7a6f8dfa894f6aaf9b6d40a23d3f
- hash: 544aab213d1acd20d9e8f9500e230771
- hash: 55f3883d205f487073378bb080fd9bd2
- hash: 5f4897f29fa361f100478dc76ab819e2
- hash: 60f2ce3ef9a561e44a0d1141c147941a
- hash: 69db9da33134a802a5bd3f4d1b9f8ef4
- hash: 6a6d7497b59b1e6daa790082d8fc8619
- hash: 6ab5b53e729d3374a8ec5a427439d18f
- hash: 6fee17aa885d5dac34cf01302ccaee6c
- hash: 725e7b095bb088385c1ffc95c76f916c
- hash: 7274109b1b398cc55db4e4b67745deaa
- hash: 75678740892be61d6cbb7a3c4893c250
- hash: 79f8d3b72befc7188da3bfd4285803b9
- hash: 7bdacb6e46ca5b688b6459e57a22b671
- hash: 7e6cc3d56c1963996a53064d59fab3b4
- hash: 84bf110b3f7d74fc7a26ee9b07336893
- hash: 8637c2fe9d65c53b58bcf20714f876ff
- hash: 8abc6a1de605df6dc2b9f4d2b637a151
- hash: 8b2199b1f83ed580e9edd13eaf3cf3d7
- hash: 9407250a8da86e27e4277981e0d88c2c
- hash: 941c511125191449557450915e4f3d6e
- hash: 9e01b4496f205b3133efdf795bbd39d8
- hash: 9f2cbfd17cf552c20e77f2774910e8a5
- hash: a411d2dfa427ade51962b8661bb812d9
- hash: a59ab0a8c8065a71d005f993022d58d2
- hash: a5fd140602996556359beda4f992fffe
- hash: a852cf3f164a1c3b98c70c8b47c061ed
- hash: ac6aae0a82e4d2d7059a99e4ef929fc0
- hash: b327cefae6707c649804ba89518e9690
- hash: b69760a7e5daed08c35cf2e4a20d9e7e
- hash: bd8ffeb7caec46990894b46c6b469900
- hash: bda928c68502d92d9d831b14060b8290
- hash: c1ce2575854b0d6916693c9ce78e5e79
- hash: c2263b8fd7420f3c1619b698ec85ad31
- hash: c25cc029955a8c7a5205181e1379f6c5
- hash: c4edef3c9457d0af5ba8eec6467612cf
- hash: c971ecb3cdb09a247e6c7260c39520f5
- hash: ca48263b34214ec0c7e61a9345d7aa5a
- hash: cbd042bf9fc5eea0e9f7a97d120b63fa
- hash: cc593326e6ff3d3d55695c817e9b51d6
- hash: cf0301648bc8da0c218ee6100df12ccf
- hash: d177262a0ecaaff9772844ff82cb641c
- hash: d1f70ff60afc05f4cc71ae5cb9a4022f
- hash: d5dd6712c7724708edfb3f20a3dc8561
- hash: dc5b309cbb39df24cfdcd7359cafa399
- hash: dda9075cf77f230becc3c7bc7d44e0ca
- hash: e2f289c70718b1f3fd20c4597a919b34
- hash: ecf93fdfc1b0d83ea66ddfa9170b160c
- hash: edd12c2c95dbca7bb49c7660119fc7ff
- hash: f1e085d779ff53e4acb7962eda6ff9a0
- hash: f2b518f7d2f013f734c4cd6679530a5d
- hash: f4860806d2199dabc363a0db0ab3a130
- hash: f9187526f09d954a53cd8e517736baad
- hash: fb96a803c5d92842600d1ffcf50ad112
- hash: fd6d319eaf6693c2f4f543d545c88bb3
- hash: ff398d000de2ff6fc5fc74355c2338a3
- hash: 0144f72f53cf2e04dccce9fc0f12db437bcdbbb9
- hash: 0254e9252198abd53e75d3b9a296a09c3104c7ea
- hash: 03da420d0a72941d9553e0cea259f25c7c441cc5
- hash: 0a2b496e2c13904590b3d049d58bcbf92143a103
- hash: 0a9f7bd8b51d61288cf253a186693f38299bbfb5
- hash: 0f3d08a4ed438a961e98ea1603c5ed8f0ea4d437
- hash: 0fea25fc4d511dc0f4a95c06507ba3f8c69ee28c
- hash: 103fdd4d1d84089ae2edf5168d7fb9bdd97e02e1
- hash: 10979382f14c74a95bba23e6b3e7954032093e54
- hash: 111c6e98eee1cc2608719b0cfcb85c9effea9cc7
- hash: 12704ecebfc377f8edff4e925918f20773648514
- hash: 134d9b28d14bef4481baa7888b00aade5dd29c33
- hash: 1611b264e158d5695add39d57a8e8a98450f827f
- hash: 16172285280159bd51acb129d4f26099b4926e0c
- hash: 1775118a93c55328bf38e87b7f2b2a94428a8281
- hash: 17f9b83af345cb636cf51a029ae47a6c3f3bf305
- hash: 1dfa837d0745a77096a75627143a687fc99c950f
- hash: 21f83b905ba4e51a3a616ffa2e217ac95ebf3162
- hash: 220cb277927364521439fe971ab1b4c7b196ff4c
- hash: 237a441792e7026c88b9f81e9739819a7432500e
- hash: 28df673a03f29c23adf1091e92bcae95bcf268ba
- hash: 29274a7d2a3b5862169adc6e7170c547be0f8965
- hash: 29961a7f8a9de30c15274db1f736b4e347f6daee
- hash: 3020a44707306c9a4b0c952ef4d612cef6a3c28f
- hash: 31af0cf93ef2a4b2a9767f329a52d8c22f97fec1
- hash: 33b80914a1688e749b81c8e0486498f3153e715a
- hash: 34fdd1965e8134822b2405aea9ffd8cdf981ee86
- hash: 37ff2dd6849641cc36486c81175e4e5f0042fb43
- hash: 3974535e50d9d2444e7aa8c624f371e710bb9109
- hash: 3e12629e1000df0301099ce648eb1c9a2d0cfe53
- hash: 3f43ffc9c525f2d83a0473d85c934431e0e8d236
- hash: 44f7a64b20d44319461aedeaee267e991c07714c
- hash: 463b0a11a2c0fec643a6532fe86c40bd85be50b4
- hash: 49b273492d71ff1a328fdf4f9b2931c7ddd6d9c6
- hash: 4aa9f8eba6472386244fb54bf832722f72d75892
- hash: 5949e8d12ebb1e2a7a3e77cc79b98e7bbfb7fb5f
- hash: 5ba0770f3120aafd447babb4b55a0ef1add6bce5
- hash: 5cc8f3bffb238df9fb88700ecb6f0c8a366ff8ee
- hash: 5ed3fa8ab7b1681138d4fee8a2f7a4285a172a52
- hash: 6134d715f7fdcb71b6aa79ba16b9b3a16faaece3
- hash: 632d217307f4279c0ffff3956f9e6649b641dd80
- hash: 654238807868e35d393a75434aab6a9abc3d764e
- hash: 663b1405c34f7e41b3658561b341f15ff2f2c8fb
- hash: 6823cf11b31caf2c884886697c256e304821d20e
- hash: 7463579287d6052bcc5d148f8be32ffd63b68918
- hash: 75708a1642fc071c6f7aaddac0c08e317f242801
- hash: 767f6127fbc3529a0b9554618ce1dd268cec2023
- hash: 805bb0ae0ffb87436f71bf4685f0e0731957a22c
- hash: 8506173afae597bfbd0f4665664362476450ae9d
- hash: 8a3e21449822c0697f1c0736d6dd703c32cae39a
- hash: 8b2d8505843d0106cc00fe724e9f3944dbdaec33
- hash: 8e6c7a1ed48ef7b6396695d8df0dad35399eadf0
- hash: 8fe0c0f462c9fafdbbbd2deceea71efd9192ab7e
- hash: 91498f3b84f1fdeb474dea5708f52859e5374b4d
- hash: 92ca0994e7a0682852912670e9b8cc8c1fffd7a3
- hash: 96d1f74001d8cfce766e0e97f0eaac233e5bd78a
- hash: 97419a45185ce72da9b6d06fdb427f06f70e99ed
- hash: 9bd2fa85f9ef8fe2a4d91b0497828a6154c4556c
- hash: 9cd8872af1a7bc652221bee0e166c0e240fae13c
- hash: 9f713a296bce13373759a20ec8a1c83e97481399
- hash: 9fdd677d73cdf07932de757e551d83987003af72
- hash: a1627463c614598f1b2e428870d8dc38c0add179
- hash: a2d20a085e56803b29f55e8060e3d676673f8f38
- hash: a6a70e6fe9f08f1b5950517f803720ec0347ca6a
- hash: a7cc95461846db7587269f48e293852b38175275
- hash: af77d1f4bd127355d885579ea30514147fd0e530
- hash: b03eb7efecf9ed8ea10e5d2cbd38f2d0b270f5e0
- hash: b32c562a063c5e95a02a54b9845c4d19678e8351
- hash: b3ef0c570514a6f858d6a8bb61a5a1d8b9c88430
- hash: b5812f22f661121a20d1859b584dbfc0de8b27a1
- hash: b692365070644fbbb8eab756e2fd27a08403a742
- hash: b6f5df503e21fc03132823865366ac7025b95ea8
- hash: bbdeb5d468d36353623838f34452e82cdc1a47f7
- hash: be3713733b4f3084cd736b3f6f18d4498b65aa95
- hash: be697d6fd8e486e8490bb05aa36c3a5c5054f66c
- hash: beb9f6adfdb1fd09b9f2f18ad31f4eeaafbd15d9
- hash: c2dea990cf6dc4f3299e94ea3042f22224997296
- hash: c45dbe1599371b0fee1062eeff53343f0dfa1f9f
- hash: c87a403cc8d88d3313c401cc738a4807c9e7101a
- hash: cb73b9ec5acd8ed399f2e5cf9196c4697e91d476
- hash: cc3b44a44eead1164432ed18e76e2bb935e97805
- hash: ce3ffd1c6f5b33acf8ac5f20d94f37f1f942bf04
- hash: d9de88a3696e434e700923b9eeb0e4fdfab9f5a4
- hash: da1d01ef8a98abb70a0b543ed0c93ee1a9fe35f9
- hash: dabe2aaeeab3727fa0659b5349e4ac53e6656fa1
- hash: dd1da2739012c21140f6d805ac263252bc916212
- hash: e11c9cd5c6de30faac3afe40be1244ba892bb1ba
- hash: e12334cc1e8779ab478de36e788368295d012b68
- hash: e37de964ba4daa5ec67809d4d69db1a7aee153dc
- hash: e77325bb164b40b4d1b65e974b6da481c1d401f2
- hash: e96bbf319dbcfef249ee0feb28abc224166335a7
- hash: ea8069975251fb76f15ad1ae298284ec8ae700a4
- hash: eb85a74a0c448e19df27a55d796fc7cbb52be862
- hash: eca878738a56ecfe5b8e91ae74920987b7c46f24
- hash: ed3c0a0517a5c575e036fe2863c0a59c23202e80
- hash: ee1e04b22a7023f4c18c14d22fe1185267e29c8f
- hash: efae7702eeb4c88abc17d9abfde02d4eb3614e09
- hash: f25029cd00b0d2dce6d4c332dc5170c1b09390ce
- hash: f4f572cf1d24d9185c5674177ad8f539abc05be2
- hash: 0017f36cffd6eced35dc746f772c21cbce639b2ffa0bb696c442c4cca6eb46cc
- hash: 00fdfe128a44f97e06505c7741c4e6da66c01f1df22fedba088d977d2a39cb65
- hash: 0147cc1256676dfdda9098fb6a0044c1dbe29aa0eb1d215e17a7059a857e376c
- hash: 0169a67fe5ad88aaff9cb435b70504ed551ff8146710a2494d0914fdbc024fea
- hash: 016d366e1a88796673452efabb85618d8e9dc97b40cfec3f706d214229cf3b1a
- hash: 01c3c89f78c236fa279b204eb1fd3e2e6263bba0b21f731f5176aa7a79f8335e
- hash: 01e6c312e143aebbc7b1ffcfeb9497c6c804116f022cc6d6f70c1d320a79e903
- hash: 031ceffec91ce346ed26bed6f7e7c847032f5e0b3993c7fac3ec70725e7debbc
- hash: 03fa48c12ba3bd4e63f1513579427fa5bd437bd1fe430a6ae1cb71f8b405b817
- hash: 05d39978ecbe382152cda1e726737e7b57e8f010029a2a18736d82866a7294db
- hash: 05fde6dd6e1b3d112d3adcd3da8fef0215a810539a26a3d455d968174ba730ac
- hash: 06218f0d986337b0c6671c85e20479c1b8216526f0ede675a58371b78a3d8c2a
- hash: 06d493bc1e1d32ced1f66696f6acacca4a4cbd98de49c4cf7dea2c7eb1f88e5a
- hash: 0723b576de2746fed2f00dc0d2ef8cbcb4ad882adc55db8f16fb172d11b82f99
- hash: 078796194d58ee43e5dc46cb1d8f53db81533bbbac6f3788aa46656de6e149eb
- hash: 0841986d04b3ecc3f945c6660dfdb7755222a4b280e138b04ac2a35ef722ebac
- hash: 0923cda258e31bb9d3bedf7d9596e0d541aa5ecb2e98df92098d843d0fd67a52
- hash: 0a1e11a47e935947c5545d17dbdca5b0fc29294c9c7a2af4bc8a598ca5fb1bd3
- hash: 0abe2d4b39c5bf30237b78da3385a385601fc4d5a987c3c6c8d099320d1ec876
- hash: 0b0a18c7a55df2a74f45b23680333c68fdbaeccd1472eae722d932f36acd24a8
- hash: 0b84cbd8fac80d08afb928aaf6ca9706cf027f2134f62c0f61651bdf11b836c9
- hash: 0c6056b84af71acfd727636ee51475147e9a8653e08716eac26a13a82f4e145f
- hash: 0da385991bb55bc43a1b57adfcf0b44ed8e98f397bce6277ca3dbe25a59e16f8
- hash: 0e9537b29e36565fdd3a1836fffbb778aac61fa251990547e6c5649ef2761669
- hash: 0ebc30a1a2860fbdeaa5ffa0d462b6dc3776660be874859f0236d5a9869c39df
- hash: 0ef1125e9434b0249348ab43a72f711cb43f4386fb8c5587a83a166e43de93cf
- hash: 0f1ca60ab5bd4fcba7a5e24ae76332ddf012e724319fadf7267cc730a11725b3
- hash: 0fc2b72292266b99e9610e359dd6f6ea2a4665c425a838fee493f1682800daaa
- hash: 10573ed5007dfaa0a48c367c69fedaf2bdf9186ea969544a0b9fedf1fb6f432a
- hash: 1072dd8b31e8b4cd75614c00796729cd600d08da4f020b89b01b346b56927577
- hash: 109377b4349c194b1c673f05ec8613d57b13311cea95a1cfe571b9a0604e4db1
- hash: 116d350564505ea69fa4977b76a0f0ffab6d9cc5eed018d074f8866905cbdf93
- hash: 12f69d269d44c82dfffaf7f489194952f8628860bd824eca4c30a22fe57959b0
- hash: 1300f10d4146339e697bb8827d8f1594feca87f647769b12a666afaf1be079c0
- hash: 143b9796c3206babcef82920d7b2c43e6541647c2f0df63bc1c65027f6606efe
- hash: 14b682910218b6b0933717b844bbccc75fcdc6a867d7044e40b108594c187358
- hash: 15411822b2b30062e54b67c4b6c0d5e4bcffcc31c61d531e873c632ebec67f9c
- hash: 1580b2521d17a9b91dbca8612a16d595e3a94441d7a608f1593745d3a53d6d7c
- hash: 1705048111fcc1f909ab1a5d2918a2e2354eb155478e23b666e8c456a5caae6a
- hash: 171b9dd55d6ca607fe3c224eee6fb365cd26adca9ad34669a9d27998bafb8ed4
- hash: 18022845d48174d5eccd84e871c1d4f2734fbfbdcec0a24d2b033016594ef014
- hash: 188969f7bf2f7f5f66cdd587d919ebc60cca2e331d3696c03d15c4846edd4502
- hash: 19a2c1012c7d27459de7fbb01648bb85fcfab96606d8d9212cfdf60549b85339
- hash: 1a7c72849e8a0251d3e9abfd87330d9e9c3b3ea70fea73cbfbf0e4387cb67551
- hash: 1b00f0c95fd19de6afeff6c62dd6dfc851ce69253b4b2401731b1dd726d8c991
- hash: 1b5a9d662f62a301d29a0c3e6f3fe51bb27e5bd0866c0144676915a170c86fc9
- hash: 1b5f23a0003b8029dc8988dd5880ab55c77e7a910295dd73db60d3df9e4a4ab5
- hash: 1c8c41b4d9d5a9fe5975443c3264582bf2e1e73dca4c9f1b1be946063fc6b3f0
- hash: 1cca4a97b94990727ef2359a66dbb6b7923441e8ee5ab445f99e2326ed51cdf5
- hash: 1d193a38530b0c0b7f82dc02b744070788abc69d23701b7e0d09c99c2f65701e
- hash: 1de99d4a9d2e6503daa940d498e59eb548efda8ce532913562c46b9a11c4ec53
- hash: 1e0654d3479ffd1dda86770e00d547f87df644b129f4592dbb289989d311c391
- hash: 1e0b2ead3dc2d2a7ca3d1538dab023e0322d4121e6f3f2c25d092a3e1add8c20
- hash: 1eb0e441cc238e27338d9a58dc78f086a4aac09433c6d6e5fbaf71035e9e9c3b
- hash: 1ebc20162f0ece65231d8130552d6b13f4d3e05fa85195f0bda008fb26ec73f2
- hash: 1f833531890f9c4446ed45c3ad8657e8fc994eca51843608071af140bf08ca04
- hash: 20e5eba7891a77b9accfcb1fd8745bd2e18851f9139211884487505593e89f82
- hash: 210bbe0586e6e0b4facf5ad38255790fa03931ecddd6fdccbb6a013c2c742af2
- hash: 213f8ae34ff3f230c34ffe91ab9a864801f7d11c89fb20eab871ecc1ffd09b18
- hash: 2143aa28435989e0e1f22cf107b362d7d15fce4d664b109d330a5e800ccaf347
- hash: 22e7f01fba67457ecec5aab777c54c9c2005c4d73be0732b4358e99b9866fa68
- hash: 232d211455c6229eb690501c87e804b606ff05070e67ef6c089046c9b61385fa
- hash: 23642ae8c4aa7e011e42aa2316e5e0a2d7a3e6c98fc64e7dd3a19494e0ed78ad
- hash: 23d5b6af0ea89058de2f2388feec38675dc7baae71ce4e01d449a06705bcb12b
- hash: 240775c21f771fde2aff569ea50f2763816cf1be4e57a45f3966f565283c5d0f
- hash: 245281e0ed18319becee5bed32a320e0d7edb21d75144ac95bcba2ab4b0278d5
- hash: 2508e9e8c15c2870acaaffbb4f1ad0a6ed98e83dc7e416d35c780a8bbf6dd506
- hash: 251041325ebd0f3dd52cb22a8e41ae384d7ed53984e4292130a3a39eb3598bd1
- hash: 259a3b6e006dcec5fa887b3ad3e42cd7cf03730ddf94669089ca98b489f42245
- hash: 25fd94e5f0685db3c1166895b2ec03c75e77ca9ef684dd5f53703e50256de69f
- hash: 262b266f1437b42c7b46fefdc4e36d78139d23fe3e77565709b7028a50858ca9
- hash: 26777f9cf3e30327ca917393ce5581f9a6e003a6fba661d90837c9200920ce3e
- hash: 26e8600875627cba7e7902be2029a18d16a6e9dab53ab23bed68824a9d6c3b49
- hash: 27043364bd050639e2346a626a36fd58ca78f032f1de068133b9557de5c3d232
- hash: 2711ff49411c3969141277987b3bd62a85334ac3a4bc6ac65dec5348acaf3bdc
- hash: 27c5e91d1efe93040aaae7e2dcbcd5c58e93cb9330f686c0091dbd9a2ceef933
- hash: 2869de311ab5f4b3ea5d988b5b0dfbf4364cd2f197e901ad65b25de92ff6aa3f
- hash: 28b367cb1962093b0e12b5dc4b57100226f4be7c4d23b661bcda8929884c8b63
- hash: 2a014b2059d6b4a0bc0b5b1040f4427b815cda973a4721bcc9ee00461a09ddbc
- hash: 2a13ede45e958eb952864b5a666fe73bc87cddaab2720892fa8e471b5b4917b8
- hash: 2a196a394b6f73d6e9dafe6205c6507802d50d21de2d715ff512c2c2e4b6531c
- hash: 2ae4e34723c77c3e7558bc65719b520946673328a2ae4eb72ba37e3cbb8838ab
- hash: 2b203a5f8456719d2b3b3fc39453b72be519de684cb67de2ac74d6f6c0688d7c
- hash: 2c0c4dc9c2d5a25f16971beb01602ede36e423c7394829529f91442bc32427cf
- hash: 2c5ff17a5fe069fc007ff81824d675360186587ef834156fc2696630c370a4c9
- hash: 2ca900f0da273f818c2ab15bc4d6d70483288dc38e404120c318ae2c10c71dbf
- hash: 2d0694003ecbe2339870cc79a6daf795a1ab0eae95e2e588ee961f3fad6d0a77
- hash: 2d5f4fcec82076ff3011de0396684fa54d48bdfd4536ac2807a930c0fe2c3bec
- hash: 2d70d5b730949634006ec369f21249ed505805aff756b0002021e08339e0e900
- hash: 2da6f4cc4d965f170a9bc9eb932dc5f2a51fb157236f554b8ecd48678ea509c3
- hash: 2e89819681cae094a0232214a9a689d5b319877a2731483de95763b44d9ac597
- hash: 30136f4269019c9f0fe820178dc00ad5b2d400448af5efc17e6d13967ca2248f
- hash: 304dda922a247131b2f52951a95ee40c6cb4e79ec2b5183795a517065c831201
- hash: 3099cef7b65c7f4495cdbfe62d01b5403991d609e7b2e5d8799c9fda2e839b88
- hash: 3195dcccb462861bee147acc506dd2bac7d5f38539a8accb0029128221539d14
- hash: 32427cceca782563bc8bcb74ff45896c4729a65121878694c10104f8591371b1
- hash: 32476a86ce0c69423f38425b8c9a7785230d613ba9016f71df18b20682b4b451
- hash: 324b306edcc49b3f8dbab9354b5f41c49cb7148009b41d404691b575daacb956
- hash: 33034d4449a2e10559915f6ed6705f52f6b914279677376b9a23b5299b130528
- ip: 185.208.156.66
- ip: 185.39.206.135
- domain: alladdsite.digital
- domain: allextdev.world
- domain: avalancheproject.digital
- domain: exodlinkbase.digital
- domain: extprojectdev.top
- domain: filecoinwallet.net
- domain: metahoper.digital
- domain: snipersol.com
- domain: suinetwork.world
- domain: suirokboys.digital
- domain: tweser.io
- domain: upholdassets.com
- domain: ventroxibnk.com
- domain: jup.co.com.trezor-wallet.io
- domain: jupiterwallet.co.com.trezor-wallet.io
650 Attack Tools, One Coordinated Campaign
Description
The GreedyBear attack group has launched a massive crypto theft operation, utilizing 150 weaponized Firefox extensions, nearly 500 malicious executables, and numerous phishing websites. Their tactics include Extension Hollowing to bypass marketplace security, distributing various malware families, and creating scam sites masquerading as crypto products. The campaign's infrastructure is consolidated to a single IP address, suggesting a centralized backend. The group has expanded from its earlier Foxy Wallet campaign and shows signs of potential growth beyond Firefox. The attackers are leveraging AI to scale their operations, making it challenging for traditional security measures to keep up. The campaign has reportedly stolen over $1 million from victims.
AI-Powered Analysis
Technical Analysis
The GreedyBear attack group has orchestrated a large-scale, multifaceted crypto theft campaign leveraging a diverse arsenal of over 650 attack tools, including 150 weaponized Firefox browser extensions, nearly 500 malicious executables, and numerous phishing websites. Their primary tactic, Extension Hollowing, allows them to bypass Firefox marketplace security by injecting malicious code into legitimate extensions, thereby evading detection and facilitating widespread distribution. The campaign infrastructure is notably centralized, with all malicious activities routed through a single IP address, indicating a streamlined backend command and control setup. GreedyBear's operations have evolved from their earlier Foxy Wallet campaign, expanding their scope and potentially targeting platforms beyond Firefox in the near future. The attackers employ artificial intelligence techniques to automate and scale their operations, complicating detection and mitigation efforts by traditional security tools. The campaign encompasses multiple malware families, including Luca Stealer and Lummastealer, and employs tactics such as phishing, scam websites impersonating crypto products, and ransomware deployment. The campaign has reportedly resulted in financial losses exceeding $1 million. The attack techniques correspond to MITRE ATT&CK tactics such as T1583 (Acquire Infrastructure), T1176 (Browser Extensions), T1102 (Web Service), T1608 (Stage Capabilities), T1204 (User Execution), T1056 (Input Capture), T1132 (Data Encoding), T1585 (Establish Accounts), T1588 (Obtain Capabilities), and T1189 (Drive-by Compromise). This coordinated campaign represents a sophisticated threat targeting cryptocurrency users through multiple vectors, leveraging social engineering, technical exploitation, and AI-driven scaling.
Potential Impact
European organizations, particularly those involved in cryptocurrency trading, wallet development, and blockchain services, face significant risks from this campaign. The use of weaponized browser extensions and phishing websites can lead to credential theft, unauthorized access to crypto wallets, and direct financial theft. The centralized infrastructure and AI-driven scaling increase the campaign's reach and speed, potentially overwhelming incident response teams. Loss of funds, reputational damage, and erosion of user trust are primary concerns. Additionally, the deployment of ransomware components could disrupt business operations, leading to downtime and additional financial losses. Given the campaign's focus on Firefox extensions, organizations with employees or customers using Firefox for crypto-related activities are at heightened risk. The campaign's ability to bypass marketplace security and use social engineering increases the likelihood of successful compromise, especially in environments with limited endpoint protection or user awareness. The financial impact extends beyond direct theft, potentially affecting regulatory compliance and increasing scrutiny from European data protection authorities if personal data is compromised during the attacks.
Mitigation Recommendations
European organizations should implement a multi-layered defense strategy tailored to this campaign's tactics. First, enforce strict controls on browser extension usage by whitelisting approved extensions and disabling installation from untrusted sources. Employ endpoint detection and response (EDR) solutions capable of detecting extension hollowing and anomalous executable behaviors. Regularly update and patch browsers and security software to mitigate exploitation of known vulnerabilities. Conduct targeted user awareness training focused on recognizing phishing attempts and scam websites, emphasizing the risks associated with crypto-related activities. Deploy network monitoring to detect unusual outbound connections, especially to the centralized IP address identified in the campaign, and block or isolate suspicious traffic. Utilize threat intelligence feeds to update detection rules with indicators related to GreedyBear's tools and infrastructure. Implement multi-factor authentication (MFA) for access to crypto wallets and related services to reduce the risk of credential theft exploitation. Consider sandboxing or isolating browser environments used for crypto transactions to limit exposure. Finally, collaborate with crypto platforms and law enforcement to share intelligence and coordinate response efforts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://blog.koi.security/greedy-bear-massive-crypto-wallet-attack-spans-across-multiple-vectors-3e8628831a05"]
- Adversary
- GreedyBear
- Pulse Id
- 68962f0b3e7844baa4f7565b
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash003595d95c83d74a9e2c8d9cc6150fc4 | — | |
hash01e7226db53681dad4a79ae50072be7d | — | |
hash034ec22198a3c2819c6a8fb4f3888878 | — | |
hash038b9ea46d457cb52cbf89e4c21afd86 | — | |
hash043f2556f6565110cf0149dc988bdcec | — | |
hash066bf7c000e10bacc98ebfa7d90ec1cb | — | |
hash0a519ced600bc1e0f665ecffcbdd173f | — | |
hash0a813dcdfb41703fc1c83bb2e6c280e0 | — | |
hash0b1d922f2a0cace7c080af1bd8ddf68b | — | |
hash0c50df3e78a0bd32cf3e86cce600a9ab | — | |
hash0e398961d0b8d042a6a79750bed2e11e | — | |
hash0eb907d6652376ee5f1842a7efb81eaf | — | |
hash1013d4421dfe7b8d5b2337f05334794d | — | |
hash1126f74ae969277d53ffd9a03fb8b33a | — | |
hash11c2590c86d90875cc32d1c70ab0f168 | — | |
hash11e9559ab4f6ca7e5d8b1e3542eed317 | — | |
hash11f5253a29dd6b21ab586ab18f6f7615 | — | |
hash129137b10809ef610ddddc34694b789c | — | |
hash1291e4e8188e5ed7eff9f97a4e42367c | — | |
hash131f8f2213def0f648210b18e61cd368 | — | |
hash150b8a919ff51049aa765c2217fe4d50 | — | |
hash1e67b4886bb732fb20e6cac9688e705f | — | |
hash1ece49212b19748433028447ce2db097 | — | |
hash20871bb4943330ff84bb313301889f08 | — | |
hash21d27cc4fae20ba1846103b6c884f841 | — | |
hash26c3a51a9f7dcd35df6e0021b8fc887c | — | |
hash27f2de936a920326ba94273e4e3e32a9 | — | |
hash29aafd6d3bcc3c6e75adfa4077d17070 | — | |
hash29ce401ee7035ae6fd076ff6f0db25db | — | |
hash2c43b8be6821b14834495e33eb22ee25 | — | |
hash2f76bd9821ec8e0271326217120cdaab | — | |
hash323d53d94b5041581ae874792f0c367d | — | |
hash356c66cc1ce5d81903d404689f55258a | — | |
hash36f0bc4649066ad616b4c2091d489778 | — | |
hash3ad3ae879eda244d7dc27f87567dbc9a | — | |
hash3b330aef3c1965e8c77d978c0864c9ed | — | |
hash3bbd007cf8f0c02972388844dbad9d67 | — | |
hash3e95391d982261f3cdf3ca6a3e0041e4 | — | |
hash417bf30b5ed2a1d679a93028f13a1ca3 | — | |
hash457dfca85d2ac56e1136744e69fb05f1 | — | |
hash45a7cc351d24ece6a81f1f8895e7a234 | — | |
hash4a7e1c7cc9a8d8f3e70000466e54a154 | — | |
hash4cec329b52c29869eba68f4e2ca4c140 | — | |
hash4edf7a6f8dfa894f6aaf9b6d40a23d3f | — | |
hash544aab213d1acd20d9e8f9500e230771 | — | |
hash55f3883d205f487073378bb080fd9bd2 | — | |
hash5f4897f29fa361f100478dc76ab819e2 | — | |
hash60f2ce3ef9a561e44a0d1141c147941a | — | |
hash69db9da33134a802a5bd3f4d1b9f8ef4 | — | |
hash6a6d7497b59b1e6daa790082d8fc8619 | — | |
hash6ab5b53e729d3374a8ec5a427439d18f | — | |
hash6fee17aa885d5dac34cf01302ccaee6c | — | |
hash725e7b095bb088385c1ffc95c76f916c | — | |
hash7274109b1b398cc55db4e4b67745deaa | — | |
hash75678740892be61d6cbb7a3c4893c250 | — | |
hash79f8d3b72befc7188da3bfd4285803b9 | — | |
hash7bdacb6e46ca5b688b6459e57a22b671 | — | |
hash7e6cc3d56c1963996a53064d59fab3b4 | — | |
hash84bf110b3f7d74fc7a26ee9b07336893 | — | |
hash8637c2fe9d65c53b58bcf20714f876ff | — | |
hash8abc6a1de605df6dc2b9f4d2b637a151 | — | |
hash8b2199b1f83ed580e9edd13eaf3cf3d7 | — | |
hash9407250a8da86e27e4277981e0d88c2c | — | |
hash941c511125191449557450915e4f3d6e | — | |
hash9e01b4496f205b3133efdf795bbd39d8 | — | |
hash9f2cbfd17cf552c20e77f2774910e8a5 | — | |
hasha411d2dfa427ade51962b8661bb812d9 | — | |
hasha59ab0a8c8065a71d005f993022d58d2 | — | |
hasha5fd140602996556359beda4f992fffe | — | |
hasha852cf3f164a1c3b98c70c8b47c061ed | — | |
hashac6aae0a82e4d2d7059a99e4ef929fc0 | — | |
hashb327cefae6707c649804ba89518e9690 | — | |
hashb69760a7e5daed08c35cf2e4a20d9e7e | — | |
hashbd8ffeb7caec46990894b46c6b469900 | — | |
hashbda928c68502d92d9d831b14060b8290 | — | |
hashc1ce2575854b0d6916693c9ce78e5e79 | — | |
hashc2263b8fd7420f3c1619b698ec85ad31 | — | |
hashc25cc029955a8c7a5205181e1379f6c5 | — | |
hashc4edef3c9457d0af5ba8eec6467612cf | — | |
hashc971ecb3cdb09a247e6c7260c39520f5 | — | |
hashca48263b34214ec0c7e61a9345d7aa5a | — | |
hashcbd042bf9fc5eea0e9f7a97d120b63fa | — | |
hashcc593326e6ff3d3d55695c817e9b51d6 | — | |
hashcf0301648bc8da0c218ee6100df12ccf | — | |
hashd177262a0ecaaff9772844ff82cb641c | — | |
hashd1f70ff60afc05f4cc71ae5cb9a4022f | — | |
hashd5dd6712c7724708edfb3f20a3dc8561 | — | |
hashdc5b309cbb39df24cfdcd7359cafa399 | — | |
hashdda9075cf77f230becc3c7bc7d44e0ca | — | |
hashe2f289c70718b1f3fd20c4597a919b34 | — | |
hashecf93fdfc1b0d83ea66ddfa9170b160c | — | |
hashedd12c2c95dbca7bb49c7660119fc7ff | — | |
hashf1e085d779ff53e4acb7962eda6ff9a0 | — | |
hashf2b518f7d2f013f734c4cd6679530a5d | — | |
hashf4860806d2199dabc363a0db0ab3a130 | — | |
hashf9187526f09d954a53cd8e517736baad | — | |
hashfb96a803c5d92842600d1ffcf50ad112 | — | |
hashfd6d319eaf6693c2f4f543d545c88bb3 | — | |
hashff398d000de2ff6fc5fc74355c2338a3 | — | |
hash0144f72f53cf2e04dccce9fc0f12db437bcdbbb9 | — | |
hash0254e9252198abd53e75d3b9a296a09c3104c7ea | — | |
hash03da420d0a72941d9553e0cea259f25c7c441cc5 | — | |
hash0a2b496e2c13904590b3d049d58bcbf92143a103 | — | |
hash0a9f7bd8b51d61288cf253a186693f38299bbfb5 | — | |
hash0f3d08a4ed438a961e98ea1603c5ed8f0ea4d437 | — | |
hash0fea25fc4d511dc0f4a95c06507ba3f8c69ee28c | — | |
hash103fdd4d1d84089ae2edf5168d7fb9bdd97e02e1 | — | |
hash10979382f14c74a95bba23e6b3e7954032093e54 | — | |
hash111c6e98eee1cc2608719b0cfcb85c9effea9cc7 | — | |
hash12704ecebfc377f8edff4e925918f20773648514 | — | |
hash134d9b28d14bef4481baa7888b00aade5dd29c33 | — | |
hash1611b264e158d5695add39d57a8e8a98450f827f | — | |
hash16172285280159bd51acb129d4f26099b4926e0c | — | |
hash1775118a93c55328bf38e87b7f2b2a94428a8281 | — | |
hash17f9b83af345cb636cf51a029ae47a6c3f3bf305 | — | |
hash1dfa837d0745a77096a75627143a687fc99c950f | — | |
hash21f83b905ba4e51a3a616ffa2e217ac95ebf3162 | — | |
hash220cb277927364521439fe971ab1b4c7b196ff4c | — | |
hash237a441792e7026c88b9f81e9739819a7432500e | — | |
hash28df673a03f29c23adf1091e92bcae95bcf268ba | — | |
hash29274a7d2a3b5862169adc6e7170c547be0f8965 | — | |
hash29961a7f8a9de30c15274db1f736b4e347f6daee | — | |
hash3020a44707306c9a4b0c952ef4d612cef6a3c28f | — | |
hash31af0cf93ef2a4b2a9767f329a52d8c22f97fec1 | — | |
hash33b80914a1688e749b81c8e0486498f3153e715a | — | |
hash34fdd1965e8134822b2405aea9ffd8cdf981ee86 | — | |
hash37ff2dd6849641cc36486c81175e4e5f0042fb43 | — | |
hash3974535e50d9d2444e7aa8c624f371e710bb9109 | — | |
hash3e12629e1000df0301099ce648eb1c9a2d0cfe53 | — | |
hash3f43ffc9c525f2d83a0473d85c934431e0e8d236 | — | |
hash44f7a64b20d44319461aedeaee267e991c07714c | — | |
hash463b0a11a2c0fec643a6532fe86c40bd85be50b4 | — | |
hash49b273492d71ff1a328fdf4f9b2931c7ddd6d9c6 | — | |
hash4aa9f8eba6472386244fb54bf832722f72d75892 | — | |
hash5949e8d12ebb1e2a7a3e77cc79b98e7bbfb7fb5f | — | |
hash5ba0770f3120aafd447babb4b55a0ef1add6bce5 | — | |
hash5cc8f3bffb238df9fb88700ecb6f0c8a366ff8ee | — | |
hash5ed3fa8ab7b1681138d4fee8a2f7a4285a172a52 | — | |
hash6134d715f7fdcb71b6aa79ba16b9b3a16faaece3 | — | |
hash632d217307f4279c0ffff3956f9e6649b641dd80 | — | |
hash654238807868e35d393a75434aab6a9abc3d764e | — | |
hash663b1405c34f7e41b3658561b341f15ff2f2c8fb | — | |
hash6823cf11b31caf2c884886697c256e304821d20e | — | |
hash7463579287d6052bcc5d148f8be32ffd63b68918 | — | |
hash75708a1642fc071c6f7aaddac0c08e317f242801 | — | |
hash767f6127fbc3529a0b9554618ce1dd268cec2023 | — | |
hash805bb0ae0ffb87436f71bf4685f0e0731957a22c | — | |
hash8506173afae597bfbd0f4665664362476450ae9d | — | |
hash8a3e21449822c0697f1c0736d6dd703c32cae39a | — | |
hash8b2d8505843d0106cc00fe724e9f3944dbdaec33 | — | |
hash8e6c7a1ed48ef7b6396695d8df0dad35399eadf0 | — | |
hash8fe0c0f462c9fafdbbbd2deceea71efd9192ab7e | — | |
hash91498f3b84f1fdeb474dea5708f52859e5374b4d | — | |
hash92ca0994e7a0682852912670e9b8cc8c1fffd7a3 | — | |
hash96d1f74001d8cfce766e0e97f0eaac233e5bd78a | — | |
hash97419a45185ce72da9b6d06fdb427f06f70e99ed | — | |
hash9bd2fa85f9ef8fe2a4d91b0497828a6154c4556c | — | |
hash9cd8872af1a7bc652221bee0e166c0e240fae13c | — | |
hash9f713a296bce13373759a20ec8a1c83e97481399 | — | |
hash9fdd677d73cdf07932de757e551d83987003af72 | — | |
hasha1627463c614598f1b2e428870d8dc38c0add179 | — | |
hasha2d20a085e56803b29f55e8060e3d676673f8f38 | — | |
hasha6a70e6fe9f08f1b5950517f803720ec0347ca6a | — | |
hasha7cc95461846db7587269f48e293852b38175275 | — | |
hashaf77d1f4bd127355d885579ea30514147fd0e530 | — | |
hashb03eb7efecf9ed8ea10e5d2cbd38f2d0b270f5e0 | — | |
hashb32c562a063c5e95a02a54b9845c4d19678e8351 | — | |
hashb3ef0c570514a6f858d6a8bb61a5a1d8b9c88430 | — | |
hashb5812f22f661121a20d1859b584dbfc0de8b27a1 | — | |
hashb692365070644fbbb8eab756e2fd27a08403a742 | — | |
hashb6f5df503e21fc03132823865366ac7025b95ea8 | — | |
hashbbdeb5d468d36353623838f34452e82cdc1a47f7 | — | |
hashbe3713733b4f3084cd736b3f6f18d4498b65aa95 | — | |
hashbe697d6fd8e486e8490bb05aa36c3a5c5054f66c | — | |
hashbeb9f6adfdb1fd09b9f2f18ad31f4eeaafbd15d9 | — | |
hashc2dea990cf6dc4f3299e94ea3042f22224997296 | — | |
hashc45dbe1599371b0fee1062eeff53343f0dfa1f9f | — | |
hashc87a403cc8d88d3313c401cc738a4807c9e7101a | — | |
hashcb73b9ec5acd8ed399f2e5cf9196c4697e91d476 | — | |
hashcc3b44a44eead1164432ed18e76e2bb935e97805 | — | |
hashce3ffd1c6f5b33acf8ac5f20d94f37f1f942bf04 | — | |
hashd9de88a3696e434e700923b9eeb0e4fdfab9f5a4 | — | |
hashda1d01ef8a98abb70a0b543ed0c93ee1a9fe35f9 | — | |
hashdabe2aaeeab3727fa0659b5349e4ac53e6656fa1 | — | |
hashdd1da2739012c21140f6d805ac263252bc916212 | — | |
hashe11c9cd5c6de30faac3afe40be1244ba892bb1ba | — | |
hashe12334cc1e8779ab478de36e788368295d012b68 | — | |
hashe37de964ba4daa5ec67809d4d69db1a7aee153dc | — | |
hashe77325bb164b40b4d1b65e974b6da481c1d401f2 | — | |
hashe96bbf319dbcfef249ee0feb28abc224166335a7 | — | |
hashea8069975251fb76f15ad1ae298284ec8ae700a4 | — | |
hasheb85a74a0c448e19df27a55d796fc7cbb52be862 | — | |
hasheca878738a56ecfe5b8e91ae74920987b7c46f24 | — | |
hashed3c0a0517a5c575e036fe2863c0a59c23202e80 | — | |
hashee1e04b22a7023f4c18c14d22fe1185267e29c8f | — | |
hashefae7702eeb4c88abc17d9abfde02d4eb3614e09 | — | |
hashf25029cd00b0d2dce6d4c332dc5170c1b09390ce | — | |
hashf4f572cf1d24d9185c5674177ad8f539abc05be2 | — | |
hash0017f36cffd6eced35dc746f772c21cbce639b2ffa0bb696c442c4cca6eb46cc | — | |
hash00fdfe128a44f97e06505c7741c4e6da66c01f1df22fedba088d977d2a39cb65 | — | |
hash0147cc1256676dfdda9098fb6a0044c1dbe29aa0eb1d215e17a7059a857e376c | — | |
hash0169a67fe5ad88aaff9cb435b70504ed551ff8146710a2494d0914fdbc024fea | — | |
hash016d366e1a88796673452efabb85618d8e9dc97b40cfec3f706d214229cf3b1a | — | |
hash01c3c89f78c236fa279b204eb1fd3e2e6263bba0b21f731f5176aa7a79f8335e | — | |
hash01e6c312e143aebbc7b1ffcfeb9497c6c804116f022cc6d6f70c1d320a79e903 | — | |
hash031ceffec91ce346ed26bed6f7e7c847032f5e0b3993c7fac3ec70725e7debbc | — | |
hash03fa48c12ba3bd4e63f1513579427fa5bd437bd1fe430a6ae1cb71f8b405b817 | — | |
hash05d39978ecbe382152cda1e726737e7b57e8f010029a2a18736d82866a7294db | — | |
hash05fde6dd6e1b3d112d3adcd3da8fef0215a810539a26a3d455d968174ba730ac | — | |
hash06218f0d986337b0c6671c85e20479c1b8216526f0ede675a58371b78a3d8c2a | — | |
hash06d493bc1e1d32ced1f66696f6acacca4a4cbd98de49c4cf7dea2c7eb1f88e5a | — | |
hash0723b576de2746fed2f00dc0d2ef8cbcb4ad882adc55db8f16fb172d11b82f99 | — | |
hash078796194d58ee43e5dc46cb1d8f53db81533bbbac6f3788aa46656de6e149eb | — | |
hash0841986d04b3ecc3f945c6660dfdb7755222a4b280e138b04ac2a35ef722ebac | — | |
hash0923cda258e31bb9d3bedf7d9596e0d541aa5ecb2e98df92098d843d0fd67a52 | — | |
hash0a1e11a47e935947c5545d17dbdca5b0fc29294c9c7a2af4bc8a598ca5fb1bd3 | — | |
hash0abe2d4b39c5bf30237b78da3385a385601fc4d5a987c3c6c8d099320d1ec876 | — | |
hash0b0a18c7a55df2a74f45b23680333c68fdbaeccd1472eae722d932f36acd24a8 | — | |
hash0b84cbd8fac80d08afb928aaf6ca9706cf027f2134f62c0f61651bdf11b836c9 | — | |
hash0c6056b84af71acfd727636ee51475147e9a8653e08716eac26a13a82f4e145f | — | |
hash0da385991bb55bc43a1b57adfcf0b44ed8e98f397bce6277ca3dbe25a59e16f8 | — | |
hash0e9537b29e36565fdd3a1836fffbb778aac61fa251990547e6c5649ef2761669 | — | |
hash0ebc30a1a2860fbdeaa5ffa0d462b6dc3776660be874859f0236d5a9869c39df | — | |
hash0ef1125e9434b0249348ab43a72f711cb43f4386fb8c5587a83a166e43de93cf | — | |
hash0f1ca60ab5bd4fcba7a5e24ae76332ddf012e724319fadf7267cc730a11725b3 | — | |
hash0fc2b72292266b99e9610e359dd6f6ea2a4665c425a838fee493f1682800daaa | — | |
hash10573ed5007dfaa0a48c367c69fedaf2bdf9186ea969544a0b9fedf1fb6f432a | — | |
hash1072dd8b31e8b4cd75614c00796729cd600d08da4f020b89b01b346b56927577 | — | |
hash109377b4349c194b1c673f05ec8613d57b13311cea95a1cfe571b9a0604e4db1 | — | |
hash116d350564505ea69fa4977b76a0f0ffab6d9cc5eed018d074f8866905cbdf93 | — | |
hash12f69d269d44c82dfffaf7f489194952f8628860bd824eca4c30a22fe57959b0 | — | |
hash1300f10d4146339e697bb8827d8f1594feca87f647769b12a666afaf1be079c0 | — | |
hash143b9796c3206babcef82920d7b2c43e6541647c2f0df63bc1c65027f6606efe | — | |
hash14b682910218b6b0933717b844bbccc75fcdc6a867d7044e40b108594c187358 | — | |
hash15411822b2b30062e54b67c4b6c0d5e4bcffcc31c61d531e873c632ebec67f9c | — | |
hash1580b2521d17a9b91dbca8612a16d595e3a94441d7a608f1593745d3a53d6d7c | — | |
hash1705048111fcc1f909ab1a5d2918a2e2354eb155478e23b666e8c456a5caae6a | — | |
hash171b9dd55d6ca607fe3c224eee6fb365cd26adca9ad34669a9d27998bafb8ed4 | — | |
hash18022845d48174d5eccd84e871c1d4f2734fbfbdcec0a24d2b033016594ef014 | — | |
hash188969f7bf2f7f5f66cdd587d919ebc60cca2e331d3696c03d15c4846edd4502 | — | |
hash19a2c1012c7d27459de7fbb01648bb85fcfab96606d8d9212cfdf60549b85339 | — | |
hash1a7c72849e8a0251d3e9abfd87330d9e9c3b3ea70fea73cbfbf0e4387cb67551 | — | |
hash1b00f0c95fd19de6afeff6c62dd6dfc851ce69253b4b2401731b1dd726d8c991 | — | |
hash1b5a9d662f62a301d29a0c3e6f3fe51bb27e5bd0866c0144676915a170c86fc9 | — | |
hash1b5f23a0003b8029dc8988dd5880ab55c77e7a910295dd73db60d3df9e4a4ab5 | — | |
hash1c8c41b4d9d5a9fe5975443c3264582bf2e1e73dca4c9f1b1be946063fc6b3f0 | — | |
hash1cca4a97b94990727ef2359a66dbb6b7923441e8ee5ab445f99e2326ed51cdf5 | — | |
hash1d193a38530b0c0b7f82dc02b744070788abc69d23701b7e0d09c99c2f65701e | — | |
hash1de99d4a9d2e6503daa940d498e59eb548efda8ce532913562c46b9a11c4ec53 | — | |
hash1e0654d3479ffd1dda86770e00d547f87df644b129f4592dbb289989d311c391 | — | |
hash1e0b2ead3dc2d2a7ca3d1538dab023e0322d4121e6f3f2c25d092a3e1add8c20 | — | |
hash1eb0e441cc238e27338d9a58dc78f086a4aac09433c6d6e5fbaf71035e9e9c3b | — | |
hash1ebc20162f0ece65231d8130552d6b13f4d3e05fa85195f0bda008fb26ec73f2 | — | |
hash1f833531890f9c4446ed45c3ad8657e8fc994eca51843608071af140bf08ca04 | — | |
hash20e5eba7891a77b9accfcb1fd8745bd2e18851f9139211884487505593e89f82 | — | |
hash210bbe0586e6e0b4facf5ad38255790fa03931ecddd6fdccbb6a013c2c742af2 | — | |
hash213f8ae34ff3f230c34ffe91ab9a864801f7d11c89fb20eab871ecc1ffd09b18 | — | |
hash2143aa28435989e0e1f22cf107b362d7d15fce4d664b109d330a5e800ccaf347 | — | |
hash22e7f01fba67457ecec5aab777c54c9c2005c4d73be0732b4358e99b9866fa68 | — | |
hash232d211455c6229eb690501c87e804b606ff05070e67ef6c089046c9b61385fa | — | |
hash23642ae8c4aa7e011e42aa2316e5e0a2d7a3e6c98fc64e7dd3a19494e0ed78ad | — | |
hash23d5b6af0ea89058de2f2388feec38675dc7baae71ce4e01d449a06705bcb12b | — | |
hash240775c21f771fde2aff569ea50f2763816cf1be4e57a45f3966f565283c5d0f | — | |
hash245281e0ed18319becee5bed32a320e0d7edb21d75144ac95bcba2ab4b0278d5 | — | |
hash2508e9e8c15c2870acaaffbb4f1ad0a6ed98e83dc7e416d35c780a8bbf6dd506 | — | |
hash251041325ebd0f3dd52cb22a8e41ae384d7ed53984e4292130a3a39eb3598bd1 | — | |
hash259a3b6e006dcec5fa887b3ad3e42cd7cf03730ddf94669089ca98b489f42245 | — | |
hash25fd94e5f0685db3c1166895b2ec03c75e77ca9ef684dd5f53703e50256de69f | — | |
hash262b266f1437b42c7b46fefdc4e36d78139d23fe3e77565709b7028a50858ca9 | — | |
hash26777f9cf3e30327ca917393ce5581f9a6e003a6fba661d90837c9200920ce3e | — | |
hash26e8600875627cba7e7902be2029a18d16a6e9dab53ab23bed68824a9d6c3b49 | — | |
hash27043364bd050639e2346a626a36fd58ca78f032f1de068133b9557de5c3d232 | — | |
hash2711ff49411c3969141277987b3bd62a85334ac3a4bc6ac65dec5348acaf3bdc | — | |
hash27c5e91d1efe93040aaae7e2dcbcd5c58e93cb9330f686c0091dbd9a2ceef933 | — | |
hash2869de311ab5f4b3ea5d988b5b0dfbf4364cd2f197e901ad65b25de92ff6aa3f | — | |
hash28b367cb1962093b0e12b5dc4b57100226f4be7c4d23b661bcda8929884c8b63 | — | |
hash2a014b2059d6b4a0bc0b5b1040f4427b815cda973a4721bcc9ee00461a09ddbc | — | |
hash2a13ede45e958eb952864b5a666fe73bc87cddaab2720892fa8e471b5b4917b8 | — | |
hash2a196a394b6f73d6e9dafe6205c6507802d50d21de2d715ff512c2c2e4b6531c | — | |
hash2ae4e34723c77c3e7558bc65719b520946673328a2ae4eb72ba37e3cbb8838ab | — | |
hash2b203a5f8456719d2b3b3fc39453b72be519de684cb67de2ac74d6f6c0688d7c | — | |
hash2c0c4dc9c2d5a25f16971beb01602ede36e423c7394829529f91442bc32427cf | — | |
hash2c5ff17a5fe069fc007ff81824d675360186587ef834156fc2696630c370a4c9 | — | |
hash2ca900f0da273f818c2ab15bc4d6d70483288dc38e404120c318ae2c10c71dbf | — | |
hash2d0694003ecbe2339870cc79a6daf795a1ab0eae95e2e588ee961f3fad6d0a77 | — | |
hash2d5f4fcec82076ff3011de0396684fa54d48bdfd4536ac2807a930c0fe2c3bec | — | |
hash2d70d5b730949634006ec369f21249ed505805aff756b0002021e08339e0e900 | — | |
hash2da6f4cc4d965f170a9bc9eb932dc5f2a51fb157236f554b8ecd48678ea509c3 | — | |
hash2e89819681cae094a0232214a9a689d5b319877a2731483de95763b44d9ac597 | — | |
hash30136f4269019c9f0fe820178dc00ad5b2d400448af5efc17e6d13967ca2248f | — | |
hash304dda922a247131b2f52951a95ee40c6cb4e79ec2b5183795a517065c831201 | — | |
hash3099cef7b65c7f4495cdbfe62d01b5403991d609e7b2e5d8799c9fda2e839b88 | — | |
hash3195dcccb462861bee147acc506dd2bac7d5f38539a8accb0029128221539d14 | — | |
hash32427cceca782563bc8bcb74ff45896c4729a65121878694c10104f8591371b1 | — | |
hash32476a86ce0c69423f38425b8c9a7785230d613ba9016f71df18b20682b4b451 | — | |
hash324b306edcc49b3f8dbab9354b5f41c49cb7148009b41d404691b575daacb956 | — | |
hash33034d4449a2e10559915f6ed6705f52f6b914279677376b9a23b5299b130528 | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip185.208.156.66 | — | |
ip185.39.206.135 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainalladdsite.digital | — | |
domainallextdev.world | — | |
domainavalancheproject.digital | — | |
domainexodlinkbase.digital | — | |
domainextprojectdev.top | — | |
domainfilecoinwallet.net | — | |
domainmetahoper.digital | — | |
domainsnipersol.com | — | |
domainsuinetwork.world | — | |
domainsuirokboys.digital | — | |
domaintweser.io | — | |
domainupholdassets.com | — | |
domainventroxibnk.com | — | |
domainjup.co.com.trezor-wallet.io | — | |
domainjupiterwallet.co.com.trezor-wallet.io | — |
Threat ID: 689665faad5a09ad0006b475
Added to database: 8/8/2025, 9:02:50 PM
Last enriched: 8/8/2025, 9:17:52 PM
Last updated: 8/10/2025, 8:12:15 PM
Views: 11
Related Threats
Embargo Ransomware nets $34.2M in crypto since April 2024
MediumWinRAR zero-day exploited to plant malware on archive extraction
CriticalPhishing Attack: Deploying Malware on Indian Defense BOSS Linux
MediumExposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
MediumStatistics Report on Malware Targeting Windows Web Servers in Q2 2025
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.