Rectifyq📃Title: The Smishing Deluge: China-Based Campaign Flooding Global Text Messages
📅Date: 2025-10-23
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Palo-Alto
- target-information=“Argentina”
- target-information=“Australia”
- target-information=“Canada”
- target-information=“Germany”
- target-information=“Ireland”
- target-information=“Israel”
- target-information=“Lithuania”
- target-information=“Malaysia”
- target-information=“Poland”
- target-information=“Russia”
- target-information=“United Arab Emirates”
- target-information=“United Kingdom”
- target-information=“United States”
- sector=“Bank”
- sector=“IT”
- sector=“Police - Law enforcement”
- sector=“eCommerce”
- financial-fraud=“Smishing”
- financial-fraud=“Fake Website”
- financial-fraud=“Compromised Account Credentials”
- mitre-attack-pattern=[‘T1660’]
MISP event uuid: 2cb19adb-c8d9-4146-bc3e-fcf2490199fb
Indicator of Compromise (IoCs)
type,value,comment
hostname, icloud.com-remove-device.top, ''
hostname, flde-lity.com-lg.icu, ''
hostname, michigan.gov-etczhh.cc, ''
hostname, utah.gov-etcfr.win, ''
hostname, irs.gov-tax.cfd, ''
hostname, irs.org.gov-tax.icu, ''
hostname, anpost.com-pay.online, ''
hostname, kveesh6.il-363.com, ''
hostname, dhl.de-yiore.store, ''
hostname, usps.com-posewxts.top, ''
hostname, e-zpass.com-etcha.win, ''
hostname, usps.com-isjjz.top, ''
hostname, flde-lity.com-jw.icu, ''
hostname, e-zpass.com-tollbiler.icu, ''
hostname, e-zpassny.com-pvbfd.win, ''
hostname, e-zpass.com-statementzz.world, ''
hostname, e-zpass.com-emea.top, ''
hostname, pikepass.com-chargedae.world, ''
hostname, e-zpass.com-etcoz.win, ''
hostname, e-zpassny.com-kien.top, ''
hostname, e-zpassny.com-xxai.vip, ''
hostname, sunpass.com-hbg.vip, ''
hostname, usps.com-hzasr.bid, ''
hostname, e-zpassny.gov-tosz.live, ''
hostname, michigan.gov-imky.win, ''
hostname, e-zpass.org-yga.xin, ''
hostname, e-zpass.org-qac.xin, ''
hostname, ezpass.org-pvwh.xin, ''
hostname, ezpassnj.gov-mhmt.xin, ''
hostname, e-zpassny.gov-hzwy.live, ''
hostname, irs.gov-addpayment.info, ''
hostname, irs.gov-mo.net, ''
hostname, israeipost.co-ykk.vip, ''
hostname, canpost.id-89b98.com, ''
hostname, anpost.id-39732.info, ''
Full IOCs available in Rectifyq's MISP```