talos · Crawled Jul 5, 2026
Catan and Mouse
15 IoCs
Read original article ↗
AI Summary
Cisco Talos has identified ARToken, a sophisticated phishing-as-a-service (PhaaS) platform, which provides a wide range of capabilities including device code phishing, Primary Refresh Token (PRT) persistence, email access, business email compromise (BEC), and SharePoint exfiltration. The platform shares infrastructure and operational patterns with the previously documented EvilTokens platform. ARToken features a React-based dashboard and exposes over 80 API endpoints, indicating it is a mature BEC operations environment rather than a simple phishing kit.
AI-extracted · verify before operational use
Indicators of Compromise 15 extracted
| Type | Value | Detail |
|---|---|---|
| SHA-256 | 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 | Details → |
| MD5 | 2915b3f8b703eb744fc54c81f4a9c67f | Details → |
| Filename | VID001.exe | Details → |
| SHA-256 | 9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f | Details → |
| MD5 | 38de5b216c33833af710e88f7f64fc98 | Details → |
| Filename | sample.exe | Details → |
| SHA-256 | afc8a00883a4ea07df2dc1d4ed02f8a23b35c9456413b438a2d9ce3ae5076638 | Details → |
| MD5 | cc4d231df34e57f59eb970353c7d9de2 | Details → |
| Filename | AutoPico.exe | Details → |
| SHA-256 | c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe | Details → |
| MD5 | bf9672ec85283fdf002d83662f0b08b7 | Details → |
| Filename | f_000cd7.html | Details → |
| SHA-256 | 853baab97b1f3b03c1ffa55797e87867f5fb7ce33457411f56afd270cb395453 | Details → |
| MD5 | 41acb30b9d662d48b7b4fc0ac3d4b79f | Details → |
| Filename | SignInfoConsole.exe | Details → |