"Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics
2026-04-14 • Validin •
Validin links UNC1069, overlapping with Bluenoroff, to fake meeting operations against cryptocurrency and Web3 professionals for financially motivated theft. Operators use fraudulent venture-capital personas, LinkedIn and Telegram outreach, Calendly-style scheduling, and fake Zoom, Google Meet, or Microsoft Teams pages to pressure victims into running ClickFix commands or installing supposed meeting SDKs. The payloads are tailored for Windows, macOS, and Linux, with updated Cabbage RAT/CageyChameleon variants downloading additional components, collecting host data, enumerating processes, inspecting Chrome extensions, and in some Windows cases establishing persistence. The fake meeting infrastructure also captures or streams victim audio and video through browser media APIs, giving the actors reusable material for later social engineering.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 144.172.114.220 | 2026-04-14 | 2026-04-21 |
| HASH | d60d079774cd05f11640ee7789256ed… | 2026-04-14 | 2026-04-14 |
| HASH | ac38fb51937c123a7a52da7243ec2d2… | 2026-04-14 | 2026-04-14 |
| HASH | 48db089cf31488bcf0493e9deda3d21… | 2026-04-14 | 2026-04-14 |
| HASH | f3478504e9a0ce76eec51b656db835b… | 2026-04-14 | 2026-04-14 |
| HASH | eaa63d074eb82c5d798b944e7e2b6ea… | 2026-04-14 | 2026-04-14 |
| HASH | 8445652beedba94a586e23bfc6af49d… | 2026-04-14 | 2026-04-14 |
| HASH | c19133aaae9f1b3fc184e7b56c6e6ad… | 2026-04-14 | 2026-04-14 |
| HASH | 0ed9a9b7923df0bad0be9ac7fe8ecb6… | 2026-04-14 | 2026-04-14 |
| HASH | 1c715cd40331ba2ca6559d2fdb958e7… | 2026-04-14 | 2026-04-14 |
| HASH | 8976e76450bfb8af45f3c9ebc24a8f6… | 2026-04-14 | 2026-04-14 |
| HASH | 5cdec83048aba45a5a635f470c602c0… | 2026-04-14 | 2026-04-14 |
| DOMAIN | chaincapx.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | zoom.web02meet.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | web-lives.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | megabitcapital.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | us07.web-zoom.uk | 2026-04-14 | 2026-04-14 |
| DOMAIN | coindeepseax.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | walleyecapital.org | 2026-04-14 | 2026-04-14 |
| DOMAIN | uk03.web-zoom.uk | 2026-04-14 | 2026-04-14 |
| DOMAIN | zoom.05ukweb.uk | 2026-04-14 | 2026-04-14 |
| DOMAIN | meet.googleapps.eu.org | 2026-04-14 | 2026-04-14 |
| DOMAIN | solidbitcapital.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | w3bitcapital.com | 2026-04-14 | 2026-04-14 |
| DOMAIN | walleyeventure.xyz | 2026-04-14 | 2026-04-14 |
| IPv4 | 108.174.198.11 | 2026-04-14 | 2026-04-14 |
| IPv4 | 45.61.157.248 | 2026-04-14 | 2026-04-14 |
| IPv4 | 45.61.129.29 | 2026-04-14 | 2026-04-14 |
| IPv4 | 144.172.116.9 | 2026-04-14 | 2026-04-14 |
| IPv4 | 23.254.167.21 | 2026-04-08 | 2026-04-14 |
| HASH | 755cc133ae0519accbcfdd5f8f0d9fe… | 2026-03-02 | 2026-04-14 |
| IPv4 | 104.168.143.111 | 2025-06-20 | 2026-04-14 |