home.social
Sign in Create account

#ta569 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ta569, aggregated by home.social.

  1. The Threat Codex @[email protected] ·

    Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine
    #RomComGroup #SocGholish #TA569
    arcticwolf.com/resources/blog/

    #romcomgroup #socgholish #ta569
  2. Pyrzout :vm: @[email protected] ·

    SocGholish Malware Using Compromised Sites to Deliver Ransomware hackread.com/socgholish-malwar #Cybersecurity #CyberAttack #FakeUpdates #SocGholish #Security #Malware #TA569 #MaaS #RAT

    #cybersecurity #cyberattack #fakeupdates #socgholish #security #malware
  3. ThreatCat.ch @[email protected] ·

    #TA569 #KeitaroTDS TDS domain are now on 91.203.193[.]124, including new domain dailytickyclock[.]org (inject seen in the wild: hXXps://dailytickyclock[.]org/Rz7kFbxJ ) redirecting to #SocGholish TDS commercial.tedgorka[.]com hosted on 88.119.169[.]146 as already noticed by @rmceoin

    infosec.exchange/@rmceoin/1104

    #ta569 #keitarotds #socgholish
  4. ThreatCat.ch @[email protected] ·

    Today's new #TA569 #KeitaroTDS TDS domain, still hosted on the same IP as the others, is deeptrickday[.]org - e.g. hXXps://deeptrickday[.]org/fMYD7fFx seen in wild.

    2nd stage SocGholish TDS remains trackrecord[.]wheresbecky[.]com but finally we also witness new SocGholish C2 *[.]score[.]symposiumhaiti[.]com on 5.255.119[.]147 :

    infosec.exchange/@rmceoin/1102

    #ta569 #keitarotds
  5. ThreatCat.ch @[email protected] ·

    New #TA569 #KeitaroTDS TDS neworderspath[.]org - hXXps://neworderspath[.]org/k4WP6NP9 spotted in the wild.

    Will share all these IOCs via Threatfox of @abuse_ch as soon as its login is working again!

    #ta569 #keitarotds
  6. ThreatCat.ch @[email protected] ·

    Summer is coming - or at least the new #TA569 #KeitaroTDS TDS domains hosted on 47.90.178[.]252 keep on giving!

    Today's new entry is
    - hXXps://lemonicecold[.]org/cd5fkZwv

    How many of these injections can be found in the wild? Check yourself on urlscan.io : urlscan.io/search/#ip%3A47.90.

    :blobcatheart:​

    #ta569 #keitarotds
  7. ThreatCat.ch @[email protected] ·

    New #TA569 #KeitaroTDS TDS domains observed in the wild, still hosted 47.90.178[.]252:
    hXXps://greenpapers[.]org/6gjyRhhQ
    hXXps://waterlinesheet[.]org/bDrVdw9c

    Victims accepted by these TDS are redirected toward SocGholish TDS trackrecord.wheresbecky[.]com .

    SocGolish C2 observed for the payload remains on *.reseller.wonderfulworldblog[.]com / 35.176.231[.]198 (Amazon)

    #ta569 #keitarotds