talos · Crawled Jul 5, 2026
Close Encounters of the Human Kind
12 IoCs 1 Actors 1 Malware
Read original article ↗
AI Summary
Cisco Talos observed a large-scale credential-harvesting campaign targeting over 30,000 Fortinet devices across nearly 200 countries. The campaign leverages known vulnerabilities in Fortinet firewalls and VPN gateways to steal credentials and maintain persistent access. Additionally, fileless variants of Phantom Stealer malware are being used to target browser credentials, employing anti-analysis techniques to evade detection. These threats highlight ongoing exploitation of internet-facing infrastructure and the need for robust patching and multi-factor authentication.
AI-extracted · verify before operational use
Extracted Entities 2 found
Indicators of Compromise 12 extracted
| Type | Value | Detail |
|---|---|---|
| SHA-256 | 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 | Details → |
| MD5 | 2915b3f8b703eb744fc54c81f4a9c67f | Details → |
| Filename | VID001.exe | Details → |
| SHA-256 | c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe | Details → |
| MD5 | bf9672ec85283fdf002d83662f0b08b7 | Details → |
| Filename | f_000cd7.html | Details → |
| SHA-256 | 9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f | Details → |
| MD5 | 38de5b216c33833af710e88f7f64fc98 | Details → |
| Filename | SECOH-QAD.exe | Details → |
| SHA-256 | e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba | Details → |
| MD5 | dbd8dbecaa80795c135137d69921fdba | Details → |
| Filename | u992574.dll | Details → |