Look Before You Leap: Imposter DeepSeek Software Seek Gullible Users

    Friday, March 28, 2025 In: Threat Research Print

    Date: 03/28/2025

    Severity: Medium

    Summary

    The blog highlights how malware creators exploit popular trends, such as "AI" and "DeepSeek," to deceive unsuspecting users into downloading malicious software. By manipulating search engine optimization (SEO) and using trending keywords, cybercriminals boost the visibility of malicious sites. The blog serves as a reminder to stay cautious and skeptical during hype cycles to avoid falling for such scams.

    Indicators of Compromise (IOC) List

    URL/Domain

    book.Irollingvideogames.Jcom/temp/1.exe

    yaytek.jcom[.ftr/temp/1.Jexe

    deepseekcaptchal.jtop

    IP Address

    45.144.212.77

    Hash

    366b0de74775dbc4d0eb5651ae6e3415

eada26550ff82506a2f945e47c6fba23

40b3409251f2c8eb86528695fccb8f44

83427cba18deb512fc0dd85815360cfe

4b505f9c0da945d7505ed40f2d0eb8ae

2aa897d73d0b26a2295f0a8ef8c1fa90

b5358493980a583fd1e6a96fc42f6b0e

fe93a52fe64767a5ea5d347ade107dee

103bc7ea4d75548ff31cce973728907e

5f9de0263ea3b625c226368ef4552f56

d4d3a02c3636bf22552213499fc7170c

9614390115f5934561a557fb1ddfe6f

efc2de49c53a388807ef989c2f6efa46

9f680720826812af34cbc66e27e0281f

    Wallet Address

    494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    domainname like "book.Irollingvideogames.Jcom/temp/1.exe" or siteurl like "book.Irollingvideogames.Jcom/temp/1.exe" or domainname like "yaytek.jcom[.ftr/temp/1.Jexe" or siteurl like "yaytek.jcom[.ftr/temp/1.Jexe" or domainname like "deepseekcaptchal.jtop" or siteurl like "deepseekcaptchal.jtop"

    Detection Query 2

    dstipaddress IN ("45.144.212.77") or ipaddress IN ("45.144.212.77") or publicipaddress IN ("45.144.212.77") or srcipaddress IN ("45.144.212.77")

    Detection Query 3

    md5hash IN ("366b0de74775dbc4d0eb5651ae6e3415","eada26550ff82506a2f945e47c6fba23","40b3409251f2c8eb86528695fccb8f44","83427cba18deb512fc0dd85815360cfe","4b505f9c0da945d7505ed40f2d0eb8ae","2aa897d73d0b26a2295f0a8ef8c1fa90","b5358493980a583fd1e6a96fc42f6b0e","fe93a52fe64767a5ea5d347ade107dee","103bc7ea4d75548ff31cce973728907e","5f9de0263ea3b625c226368ef4552f56","d4d3a02c3636bf22552213499fc7170c","9614390115f5934561a557fb1ddfe6f","efc2de49c53a388807ef989c2f6efa46","9f680720826812af34cbc66e27e0281f")

    Reference:  

    https://www.mcafee.com/blogs/internet-security/deepseek-or-deep-threat-how-hackers-are-using-ai-hype-to-deliver-malware/  


    Tags

    MalwareDeepSeek

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.