This repository contains collections of Indicators of Compromise (IOCs). The IOCs are regularly updated and can be used for threat hunting, detection, blocking, and security research.
/sneaky2fa.csv- Collection of domains identified as hosting Sneaky2FA (also known as WikiKit or Kratos) phishing pages
- Data sourced from reports and URLScan
- Format: CSV (Domain name, Date of first detection)
- Updated: Every 30 minutes
/clickfix_web3.csv- Collection of domains identified as hosting ClickFix phishing pages using EtherHide Web3 inject
- Data sourced from URLScan
- Format: CSV (Domain name, Date of first detection)
- Updated: Daily