Trusted Design

FlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscation

概要

FlowerStorm is a widely known Phishing-As-A-Service (PhaaS) attack kit that has been active since at least mid-2024, increasingly in large scale campaigns. FlowerStorm performs targeted, complex collection of a victim’s credentials, including the management of multi-factor authentication (MFA).

Created: 2026-05-18

Indicators

• hostname - office.bureaucloudservices.com -
• domain - 5348785839.cfd -
• FileHash-MD5 - b0ed4da928344ac2972a05ded086e4da -
• domain - mkreply2024.my.id -
• hostname - irigc.precisionontheweb.de -
• domain - 1518076290.cyou -
• domain - amaxelectronics.co.za -
• hostname - vvbea.builtinlayers.de -
• hostname - bombom.courtdocumentshub.com -
• hostname - msg.uscourtfiles.com -
• hostname - zrqdi.dynamicgrowthsystems.de -
• hostname - towbb.digitalproficiency.de -
• hostname - dfjxt.patienceintherain.de -
• hostname - pkxza.ruminatingbrook.de -
• hostname - muchino.database-server.com -
• hostname - 04qq.digitalcompetitiveedge.de -
• domain - 8103841751.cyou -
• domain - 6018258857.cfd -
• hostname - bill.cloudbusinessfiles.com -
• hostname - uvehh.digitalsuccessframeworks.de -
• domain - 1969421924.cyou -
• hostname - bafybeid6ec6mwvrywozlhpblgzl76qtrcqqx26ryk2cptwtykroufqn4y4.ipfs.w3s.link -
• hostname - bafybeiclfnumyd3aztwl2xjz5o6cfw4fqepqz6a6uow3dig57pf5najq2u.ipfs.w3s.link -
• domain - 7840190445.cyou -
• hostname - empire.appdocstorage.com -
• hostname - pozao.clearconceptsdesign.de -
• domain - 1419993777.cyou -
• hostname - lifeofa.k5l1m.cfd -
• hostname - m.chantstraditionnels.de -
• hostname - vunbp.scalableplatforms.de -
• domain - 6182120286.my.id -
• hostname - 2059746795x.diflucan50.store -
• hostname - ottm.secureuserguard.de -
• domain - 2008377162.cfd -
• hostname - dpqcm.solidreputation.de -
• domain - 6438259665.cfd -
• hostname - rdaol.dreamsintheframe.de -
• domain - 7983520156.cyou -
• domain - 6185945827.sbs -
• hostname - don.feiracultural.de -
• hostname - tlmsh.germanidentityhub.de -
• domain - 6837577840.cfd -
• domain - 5531648314.cfd -
• domain - outrageousorganisation.com.au -
• hostname - albert.uscourtfilestorage.com -
• hostname - evszs.efficiencyworks.de -
• domain - 5334635671.cfd -
• hostname - alexperu.courtfilecloud.com -
• hostname - jeny.ggsuitauth.site -
• hostname - noanme.courtfilecloud.com -
• hostname - y.k5l1m.cfd -
• domain - 6326889358ghf.cyou -
• hostname - woovw.maximizevisibility.de -
• hostname - valid.seashellshoetreasures.de -
• hostname - unix.wearableartbags.de -
• hostname - cfur.invoclegal.com -
• hostname - ableg.docufiled.com -
• domain - 7766360391.cfd -
• domain - asphalt9nitroo.my.id -
• domain - 1391604445.cfd -
• hostname - bafybeias2uivmggzl2gqjipqgcarbgyvakvk6yljxbcv4a3qroxcujzqaq.ipfs.w3s.link -
• domain - 1569742347.cfd -
• domain - 7250102277.cfd -
• domain - 7588085895.cyou -
• domain - 7622350912.cfd -
• hostname - chris.ggsuitauth.site -
• hostname - chr.v0k3.space -
• domain - 5237741854.cfd -
• hostname - hbfnq.strongsystems.de -
• hostname - oztff.valueguardians.de -
• hostname - china.bureauofcourts.com -
• domain - 5624221719.cfd -
• hostname - brenda.5hawb1t.site -
• hostname - dr.k5l1m.cfd -
• hostname - chris1.k5l1m.cfd -
• domain - 2143835084.cfd -
• hostname - sjask.reliablevisibility.de -
• hostname - chr.authgsyuuite.com -
• domain - 2067612207.cfd -
• domain - 8191769809.cfd -
• hostname - zpma.uscourtdocuments.com -
• domain - 6264277690.cfd -
• hostname - qmduj.smoothhost.de -
• hostname - rexjf.digitaltrustbase.de -
• domain - 6970793981ad.cyou -
• domain - 5832068083.cyou -
• hostname - nnqsy.secureenvirotrust.de -

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る