Mikhail Kasimov (@500mk500) Twitter Tweets • TwiCopy

account_circle

Mikhail Kasimov

3 weeks ago

[2024-04-10, PART 2] #Magecart -related (kritec-skimmer) low detected domains (amount: 157) from IPs 195.242.111[.]XXX

Detection: github.com/stamparm/maltr…

thumb_up_off_alt2

repeat0

account_circle

Mikhail Kasimov

3 weeks ago

[2024-04-10] #Magecart -related (kritec-skimmer) low detected domains (amount: 123) from IPs 195.242.111[.]XXX

Ref: twitter.com/sdcyberresearc…

Detection: github.com/stamparm/maltr…

thumb_up_off_alt2

repeat0

account_circle

Mikhail Kasimov

3 weeks ago

Let's make this evening hot! :)

thumb_up_off_alt7

repeat0

account_circle

[2024-04-07] #Magecart -related (kritec-skimmer) low detected domains from IPs 195.242.111[.]XXX

Domains: pastebin.com/ND5r9rbs

Refs:
[1] malwarebytes.com/blog/threat-in…

[2] malwarebytes.com/blog/threat-in…

[3] twitter.com/sdcyberresearc…

Detection: github.com/stamparm/maltr…

thumb_up_off_alt14

account_circle

Mikhail Kasimov

4 weeks ago

More #Android #Joker domains, discovered by CERT_FINGERPRINT_* options

Domains: pastebin.com/6ZqcpcHA

Detection: github.com/stamparm/maltr…

thumb_up_off_alt7

account_circle

Mikhail Kasimov

4 weeks ago

Some fresh #Meduza #Stealer panels to detect:

hXXp://147.45.125.142
hXXp://5.182.86.229
purpleflowers[.]org
salaamt[.]top

D: github.com/stamparm/maltr…

thumb_up_off_alt16

account_circle

Mikhail Kasimov

1 month ago

Would be brave to extend IOCs list a little bit:

hXXp://195.123.218.28
hXXp://195.123.218.36
hXXp://195.123.218.37
hXXp://195.123.218.40
hXXp://195.123.218.46

#KoiLoader / #KoiStealer

Detection: github.com/stamparm/maltr…

thumb_up_off_alt14

account_circle

Mikhail Kasimov

1 month ago

Pretty interesting and useful article

#APT #Sidewinder

thumb_up_off_alt8

account_circle

Mikhail Kasimov

1 month ago

Taking chlmpstatiic\.com for Validin #lookalike tool, some other not pretty good detected #Magecart -related domains were found:

chimpstatiic[.]com
g-staticxs[.]com (detected by Sansec )
gstatics[.]org
sucuriwebtrack[.]org (impers Sucuri Security )

github.com/stamparm/maltr…

$Taking chlmpstatiic\.com for @ValidinLLC #lookalike tool, some other not pretty good detected #Magecart-related domains were found: chimpstatiic[.]com g-staticxs[.]com (detected by @sansecio ) gstatics[.]org sucuriwebtrack[.]org (impers @sucurisecurity ) github.com/stamparm/maltr…$

thumb_up_off_alt8

account_circle

Mikhail Kasimov

1 month ago

More of #Magecart -related domains after taking jqueurystatics[.]com as a start-point of search:

bulkmailsms\.com
chlmpstatiic\.com
fraudlabzpros\.com
googleinfodata\.com
jqueryoverlay\.com
jquerystatics\.com
jqueurystatic\.xyz
jqueurystatics\.xyz
jqueurystaticx\.com
jstags\.com

$More of #Magecart-related domains after taking jqueurystatics[.]com as a start-point of search: bulkmailsms\.com chlmpstatiic\.com fraudlabzpros\.com googleinfodata\.com jqueryoverlay\.com jquerystatics\.com jqueurystatic\.xyz jqueurystatics\.xyz jqueurystaticx\.com jstags\.com$

thumb_up_off_alt20

account_circle

Mikhail Kasimov

1 month ago

Need an assistance on identication for this panel. Thank you!

thumb_up_off_alt5

account_circle

Mikhail Kasimov

1 month ago

Pretty good review of Validin platform possibilities. Welcome to read.

thumb_up_off_alt3

account_circle

Mikhail Kasimov

1 month ago

Ref: reversinglabs.com/blog/suspiciou… (ReversingLabs )

Connection: 117.41.187[.]235:60000

Detection: github.com/stamparm/maltr…

TF: threatfox.abuse.ch/ioc/1249506/

#SqzrFramework480

thumb_up_off_alt2

account_circle

Mikhail Kasimov

1 month ago

After one month later...

thumb_up_off_alt1

account_circle

Mikhail Kasimov

1 month ago

Small update for list:

C2: eyedr[.]art

Related: us17[.]xyz

Refs:
virustotal.com/gui/ip-address…

virustotal.com/gui/file/bfe9b…

#Android #Joker

thumb_up_off_alt4