Today > 1 Critical | 2 High | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)

Dec. 3, 2024, 4:55 p.m.

Tags
aitm
microsoft 365
2024-12-03
phishing-as-a-service
dadsec
rockstar 2fa
External References
Description

Trustwave SpiderLabs has been monitoring the rise of Phishing-as-a-Service (PaaS) platforms, focusing on a kit named 'Rockstar 2FA' linked to widespread adversary-in-the-middle (AiTM) phishing attacks. The campaign, targeting Microsoft user accounts, employs car-themed web pages and has seen a significant increase since August 2024. Rockstar 2FA, an updated version of the DadSec/Phoenix kit, operates under a PaaS model and offers features like 2FA bypass, cookie harvesting, and antibot protection. The attacks use various email delivery mechanisms and themes to bypass traditional filters, affecting users across multiple sectors and regions.

Date

Published: Dec. 3, 2024, 4:39 p.m.

Created: Dec. 3, 2024, 4:39 p.m.

Modified: Dec. 3, 2024, 4:55 p.m.

Indicators

www.curiosolucky.com

http://www.curiosolucky.com/dos/

http://track.senderbulk.com/9164124/c?p=pDvu1IoaZGOuiG9hOsGCPPBXFmtx2_vWwJfaiQBzucIA8v9mjc3ztSyOneYxrKLjPngUzpA11TuGi1aI2aLIylOF1nHcpBoP4YzUvVEMYHtwY1nRlztPcQOoC6S6KSWuNNAgIAVnfapCVCgF1cOjSXtedVH_tWc1vLDH7FDQA0VZbtHORodc9jBuNuHh0DMH7zq9Mo6OMyLjnApzvQ3Kvw==

http://synthchromal.ru/Vc51/

http://system23cfb9.link.bmesend.com/api/LinkHandler/getaction2?redirectParam2=K09weU5vMDBKWXFUK0ZPdkw4azdKWHk5QlJsZkNXWXlLMUxiMHdXQU1YK3FFZGFsZG9ZQ2ZqNUdHd3ErZEpLeGpyeVE1U1hmU2xoSy9WemJySVEzQytGajZBVWE4em5jaEpuRHhEa05xOTZOcWxQRVdUN1g2S2ViR3YvZjN1K2dJZk9rQTRVajZmMD0%3d

http://pub-fe581134d7ae4857a97443270a27e0fa.r2.dev/0nedrive.html

http://payment-confirmation-to-your-bank-account-s-dabringhaus-licatec.packinqsystems.de/

http://pfremiumshirts.store/D91p/

http://novatechies.cbg.ru/BUeEj/

http://lifestylesyncteche.pro/Ykiy/

http://googlevoicesecrets.com/EHkslw5/auth/?_kx=lKiN48B6FuEu_OYp2PJPXw.Sdgjsn

http://enterbuzztechscener.pl/pbtmx/

http://docsecureatt-docdrive-filedoc.pages.dev/

http://cyberdynalumeo.ru/1RB3Y/

http://ctrk.klclick3.com/l/01J5V2NHDC0KB0P8B51Z9PCPZS_0

http://bytequestixo.pro/wWge/

system23cfb9.link.bmesend.com

payment-confirmation-to-your-bank-account-s-dabringhaus-licatec.packinqsystems.de

novatechies.cbg.ru

docsecureatt-docdrive-filedoc.pages.dev

aynures-newsletter.beehiiv.com

2fwww.curiosolucky.com

synthchromal.ru

recambioselecue.ru

pfremiumshirts.store

lifestylesyncteche.pro

googlevoicesecrets.com

fruechtebox-expresszsnu.ru

entertainmentcircuitss.ru

entertaingadgetop.ru

enterbuzztechscener.pl

cyberdynalumeo.ru

bytequestixo.pro

Download all indicators here!

Attack Patterns

Phoenix

DadSec

Rockstar 2FA

Storm-1575

T1528

T1556

T1539

T1102

T1036

T1499

T1204

T1566

T1078

T1059

CVE-2024-11477