Going DNS Deep Diving Into GhostCall and GhostHire
Contents
|
BlueNorroff struck again last October, this time setting its sights on tech company execs, venture capitalists, and Web3 developers.
The actors zoomed in on tech company execs’ and venture capitalists’ macOS devices via GhostCall. They approached victims on Telegram and similar platforms, luring them with potential investments. Targets were invited to Zoom meetings, and once the call ensued, they were tricked into updating Zoom with a malicious script that downloaded a malicious ZIP file. As a result, the victims lost secret files, including crypto wallet information, keychain data, package managers, and infrastructure setups. They also lost details related to cloud and DevOps platforms, along with their notes, API keys for OpenAI, collaboration application data, and credentials stored in browsers, messengers, and Telegram.
In GhostHire, the attackers went after Web3 developers, tricking them into downloading and executing a GitHub repository containing malware disguised as a skill assessment test for recruitment. It did not …
BlueNorroff struck again last October, this time setting its sights on tech company execs, venture capitalists, and Web3 developers.
The actors zoomed in on tech company execs’ and venture capitalists’ macOS devices via GhostCall. They approached victims on Telegram and similar platforms, luring them with potential investments. Targets were invited to Zoom meetings, and once the call ensued, they were tricked into updating Zoom with a malicious script that downloaded a malicious ZIP file. As a result, the victims lost secret files, including crypto wallet information, keychain data, package managers, and infrastructure setups. They also lost details related to cloud and DevOps platforms, along with their notes, API keys for OpenAI, collaboration application data, and credentials stored in browsers, messengers, and Telegram.
In GhostHire, the attackers went after Web3 developers, tricking them into downloading and executing a GitHub repository containing malware disguised as a skill assessment test for recruitment. It did not …
IoC
http://instant-update.online
http://secondshop.online
http://security-update.xyz
http://flashstore.sbs
http://172.236.126.145
http://system-update.xyz
http://systemupdate.cloud
http://autoupdate.xyz
http://writeup.live
http://urgent-update.cloud
http://ms-live.us
http://sidezoom.us
http://web071zoom.us
http://13.248.169.48
http://autoupdate.online
http://172.236.126.225
http://76.223.54.146
http://real-update.xyz
http://filedrive.online
http://172.236.126.142
172.236.126.225
172.236.126.145
76.223.54.146
13.248.169.48
172.236.126.142
104.168.136.231
http://secondshop.online
http://security-update.xyz
http://flashstore.sbs
http://172.236.126.145
http://system-update.xyz
http://systemupdate.cloud
http://autoupdate.xyz
http://writeup.live
http://urgent-update.cloud
http://ms-live.us
http://sidezoom.us
http://web071zoom.us
http://13.248.169.48
http://autoupdate.online
http://172.236.126.225
http://76.223.54.146
http://real-update.xyz
http://filedrive.online
http://172.236.126.142
172.236.126.225
172.236.126.145
76.223.54.146
13.248.169.48
172.236.126.142
104.168.136.231