Rectifyq📃Title: Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns
📅Date: 2026-04-29
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer= Group-IB
- financial-fraud=“Phishing”
- financial-fraud=“Smishing”
- target-information=“Argentina”
- target-information=“Australia”
- target-information=“Belgium”
- target-information=“Chile”
- target-information=“Costa Rica”
- target-information=“Hong Kong”
- target-information=“India”
- target-information=“Indonesia”
- target-information=“Japan”
- target-information=“Malaysia”
- target-information=“Mexico”
- target-information=“Philippines”
- target-information=“Singapore”
- target-information=“Spain”
- target-information=“Taiwan”
- target-information=“United Kingdom”
- target-information=“United States”
- target-information=“Vietnam”
- sector=“Finance”
- sector=“Logistic”
- sector=“Telecoms”
- mitre-attack-pattern=[‘T1204.001’, ‘T1566.002’, ‘T1539’]
MISP event uuid: 5109a940-ef8e-4cf9-a5c8-fdfc684aa6ae
Indicator of Compromise (IoCs)
type,value,comment
ip-dst, 23.95.166.127, ''
ip-dst, 38.162.114.0, ''
ip-dst, 43.133.0.0, ''
ip-dst, 43.134.0.0, ''
ip-dst, 43.134.12.32, ''
ip-dst, 43.134.239.46, ''
ip-dst, 43.153.0.0, ''
ip-dst, 43.154.31.214, ''
ip-dst, 43.156.61.150, ''
ip-dst, 43.160.192.0, ''
ip-dst, 43.162.0.0, ''
ip-dst, 43.163.100.238, ''
ip-dst, 45.203.220.0, ''
ip-dst, 47.80.0.0, ''
ip-dst, 47.80.64.106, ''
ip-dst, 47.80.70.114, ''
ip-dst, 47.80.79.203, ''
ip-dst, 8.212.128.102, ''
ip-dst, 8.220.130.133, ''
ip-dst, 8.220.190.2, ''
ip-dst, 101.32.186.29, ''
ip-dst, 154.91.90.0, ''
ip-dst, 156.245.145.174, ''
ip-dst, 156.245.146.210, ''
Full IOCs available in Rectifyq’s MISP