Sekoia.io (@sekoia_io) Twitter Tweets • TwiCopy

(1/7) 💡 Illumination of a large resilient infrastructure distributing #NetSupport RAT using:
- Google Ads (malvertising)
- Traffic Distribution System (TDS)
- Fake websites
- MSIX

40+ IP addresses
70+ domain names

IoCs:
gist.github.com/qbourgue/62cee…

twitter.com/Threat_Down/st…

⬇️

thumb_up_off_alt50

chat_bubble_outline0

repeat16

shareShare

account_circle

crep1x

@crep1x

5 days ago

Latest ACR Stealer C2 domains:
trxh.]xyz
trxh.]xyz
trxq.]xyz
trxu.]xyz

Stealer configuration on the URL '/ujs/9adbbdfd-2661-43e4-8280-7f9a9698f912'

Deobfuscation:
- base64
- XOR {38 35 32 31 34 39 37 32 33 00}

Configuration: gist.github.com/qbourgue/d0f06…

twitter.com/sekoia_io/stat…

$Latest ACR Stealer C2 domains: trxh.]xyz trxh.]xyz trxq.]xyz trxu.]xyz Stealer configuration on the URL '/ujs/9adbbdfd-2661-43e4-8280-7f9a9698f912' Deobfuscation: - base64 - XOR {38 35 32 31 34 39 37 32 33 00} Configuration: gist.github.com/qbourgue/d0f06… twitter.com/sekoia_io/stat…$

account_circle

Censys

@censysio

3 weeks ago

🔍Discover how to proactively detect malicious activities with Censys data in our next webinar with Sekoia.io. Explore challenges in monitoring decentralized infrastructures and see MalleableC2 in action📈Book your spot now: go.censys.com/April-Lunch-an…

thumb_up_off_alt5

chat_bubble_outline0

repeat7

shareShare

account_circle