🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Patchwork ISPR Advisory March 2025.pdf.lnk 3e8aff5697a513a749869744ad0ce135 Rozuu[.]zip 3e8aff5697a513a749869744ad0ce135 C2 playst0re[.]com apps-house[.]com #Patchwork #Spyder #APT #IOC

Sarcoma Group #Ransomware Sample Found(MD5): B7E0AF5DBB170D91C63B700D8B324203 Extension: .xp9Mq1ZD05 Note: FAIL_STATE_NOTIFICATION.pdf sarcomabwgzv7ogiulwqfmlul6mjcxy6o3owuld4lqguvevf4kgp3lqd .onion sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad .onion

554ef637a612d18e427fdfa73ef7a3c56c7941980d98b9645ad3c1bba1ccd33d *https://dl.dropboxusercontent[.]com/scl/fi/c6ba7iwuke57d75j3mmte/eula.rtf?rlkey=t0jnirhxk48xdu8p74rqgv9dw&st=oofgjsq8&dl=0 #Kimsuky #DPRK

Sidewinder Sri Lanka Customs National Imports Tariff Guide 2025.docx ca46bdc4d7e537f0270cf7e2ac43cfa5 C2 www-customs-gov-lk[.]net-co[.]info Decoy https://www[.]fisheriesdept[.]gov[.]lk/web/images/division/IT/2023-51_S.pdf #Sidewinder #APT #IOC

Just found another clearnet IP hosting a ransomware victim list. 🦠 Ransomware: Devman 🌐 Clearnet IP: 83.217.209.210 📎 ETag: "67f3177d-1321" 🔍 83.217.209[.210:137 → SAMCASHRUTOR1

#FlaxTyphoon #APT Targeting Asian countries with #ShadowPad File: Packagec.ps1 (Payload Downloader) 68efe445523263e233925f8d3f9953f7 GET C2: http://149.28.137.179/a/Dvx.zip File: Dvx[.]zip 43c02ac3fc7a71bb7a841ec19f53ece7 C2: TCP 45.77.33[.]174:443 / update.updatemic[.]com

[2/2] File: msimg32.dll (Malicious DLL) 47ff4376e5b93de9ad7819c05d5dad70 File: h.exe (Legitimate Executable) 39624b7dd47f63720654a64cd9f9a988 File: AK.bat (Purpose Not Known as of now) 3320400d5359af97916b6dda9d13d344 Mikhail Kasimov #FlaxTyphoon #APT #ShadowPad #Malware #ioc

Cracked forum has returned under a new domain after being seized by law enforcement just a few months ago. New domain: Cracked[.]sh

Krypt #Ransomware A410448D110E6CFAA07CC22FF9942D2C decryptjhpol6zezc72xb2mofmi6o7xlvacnrpbuiczz2sz5ljurg4id .onion decryptrrx2fojgfcof3aesrklj5obq7nmizyokq7ohzqxtwfcvtmwad .onion

Must read papers submitted for all #threatIntel folks, you will always get to see diffrent prespectives, ideas and great learnings. I am reading some to expand Threatview.io's visibility and collection sources so we can do more FIRST.org - first.org/resources/pape…

I can’t stop ranting today. Now it’s Fortinet’s turn. Their latest advisory details how a threat actor used known vulns to plant a symbolic link on FortiGate devices, maintaining read-only access even after patching. Classic post-exploitation persistence. They mention this

Pushed a #KQL that returns the top 10 SecurityEvents with the largest ingestion size. This can help determine which events you may want to aggregate or filter, depending on your detection/forensic needs. github.com/Bert-JanP/Hunt…

db30e572912d0042ee59641edcd22294 First Seen In The Wild 2025-04-07 09:14:12 UTC contabilita@nipar[.]it #SnakeKeylogger Cert AgID

JCrypt #Ransomware Extension: .ecrypted CD97BD6CF56CB91F3A59D232BF4A16E6 C:\Users\jteai\OneDrive\Bureau\Files\Hacking\So Funny\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Debug\WindowsFormsApp1.pdb

19cac7f665330a905dc26b6d59425e36 Creation Time 2025-04-15 12:04:47 UTC 185[.]39[.]17[.]228:2222 AS213355 Host Global Networks Ltd 🇦🇪 #QuasarRAT #c2 Mikhail Kasimov ANY.RUN abuse.ch

#APT36 #TransparentTribe #APT XLAM e18c4172329c32d8394ba0658d5212c2 2fde001f4c17c8613480091fa48b55a0 c1f4c9f969f955dec2465317b526b600 #CrimsonRAT vdivmrs nivd 3efec6ffcbfe79f71f5410eb46f1c19e b03211f6feccd3a62273368b52f6079d 104.129.27.14 8108,16197,19867,28784,30123 Mikhail Kasimov

IMSI catcher found in a car in Paris (2022). It was provided by a Chinese (with fake identity) to conduct SMSishing in Paris. In 2024 the he was arrested in Geneva while boarding on a flight to Toronto.He was also supplying those to Wagner in Africa Source:commsrisk.com/chinese-arms-d…

#APT36 #TransparentTribe #APT [1/2] Report & Update Regarding Pahalgam Terror Attack.ppam d946e3e94fec670f9e47aca186ecaabe #CrimsonRAT jnm_xrvt hcsm.exe WEISTE/WEISTS/WEISTT.jpg 026e8e7acb2f2a156f8afff64fd54066 fb64c22d37c502bde55b19688d40c803 70b8040730c62e4a52a904251fa74029

This is a serious problem I processed this report with IOCs today: reliaquest.com/blog/threat-sp…

🚨 Launch Alert: The Censys Threat Hunting Module is here. Proactively track adversaries, pivot across malicious infrastructure, scan in real time, and hunt faster — with the most complete view of Internet threats available today. See more: censys.com/solutions/thre… #threathunting