Olivia
Online
Maverits
@Maverits
Latest IOCs, threat alerts and reports from Maverits Team.
Cryptoverse
Joined January 2023
41 Following
195 Followers
53 Posts
Pinned Tweet
🌐 Maverits researchers are releasing a comprehensive special report on APT28. This report delves into #APT28’s activities since the start of the Russian war in Ukraine in 2022, analyzing their major campaigns, evolving tactics and objectives.
🔗
https://t.co/L6TW9oQAI0
📌 IoCs
Network:
176.65.144[.]30:443/fakeurl.htm
posostamioalkfjka[.]com
ostamioalkfjka[.]com
MD5:
297ae2b5688a93d0c957c672a30debf6
2dd828efdfc7296fd52d3e69dec83166
5a24676210bd317520fe30d048c9a106
@500mk500,
@Cyber0verload,
@ET_Labs,
@Now_on_VT
🚨 UAC-0050 conducts a new attack delivering NetSupport Manager + DeskHelper.
NetSupport Manager = legitimate remote admin tool abused as RAT.
DeskHelper = legitimate app abused for persistence via scheduled tasks.
1/2
🚨 UAC-0050 is spreading NetSupport Manager in a new campaign.
C2 servers:
hxxp://178.16.54[.]130/fakeurl.htm
hxxp://178.16.54[.]131/fakeurl.htm
hxxp://178.16.54[.]132/fakeurl.htm
Hashes:
ef34eecc107014d41d7102fb5811b47c
4b431e68057b8c8d9db7326f3fc952d8
95d4ae969377617496edae7815b6812e
7e5064f55c0566b8cfc93dc901e46002
f5b8f32d3c937ab7f847718ae254ff69
@vxunderground APT28 is already weaponizing Qwen AI in their attacks
https://t.co/pFR55aCrkg
Delivered as a 32-bit DLL and executed using the regsvr32 service, #SAFEPAY utilizes detection evasion techniques:
regsvr32 /n /i:"-pass=XXXXXXXXXXXXXXXXXXXXX -enc=1 -uac" locker.dll
#Ransomware #CyberSecurity
Last week we have observed 185 events across 35 countries and attributed them to 29 ransomwares.
The top targeted country was #UnitedStates and the most targeted sector was #Construction.
The ransomware #SAFEPAY has been busy with 31 new events (17%)!
🌐 Network:
45.91.201[.]247
77.37.49[.]40
80.78.28[.]63
#ThreatIntel
🌐 Our latest report dives into how cybercriminals are exploiting trending topics—like the recent surge around Trump and Melania meme coins—to launch crypto drainer schemes.
🔗
https://t.co/uZp9jTWsaS
https://voters-george-trailers-harbor[.]trycloudflare[.]com/ssu/based/regards[.]epub
https://voters-user-trailers-harbor[.]trycloudflare[.]com/ssu/based/regards[.]epub
https://voters-george-trailers-harbor[.]trycloudflare[.]com/ssu/relax/deceive[.]epub
194[.]58[.]45[.]81/ssu
#Gamaredon targeting Ukrainian entities, using TryCloudflare to mask their activities.
📄 Indicators of Compromise:
Name:
По справі 498-803-24 (провадження 2-498-277-24) надійшов документ Судова повістка про виклик в суд.hta
MD5:
B70E6AC1055C5B7B0B089AB14E850778
1/3
Name:
498-803-24_11.10.2024.xhtml (24).html
MD5:
95b1949364d0ec795bfbc08ab0152260
Name:
498-803-24_11.10.2024.rar (copy)
MD5:
72b200e3ce51870c2b10f5b39ddb2b27
2/3
🌐 Maverits researchers are releasing a comprehensive special report on APT28. This report delves into #APT28’s activities since the start of the Russian war in Ukraine in 2022, analyzing their major campaigns, evolving tactics and objectives.
🔗
https://t.co/L6TW9oQAI0
Top countries affected by exposed IPs related to CVE-2022-40684:
🇲🇽 Mexico: 1241
🇳🇱 Netherlands: 428
🇦🇹 Austria: 265
🇹🇭 Thailand: 261
🇮🇳 India: 252
🇸🇬 Singapore: 240
🇬🇧 UK: 226
🇭🇰 Hong Kong: 148
🇨🇭 Switzerland: 117
🇨🇴 Colombia: 115
@StrikeReadyLabs Taking care about those who will analyze it
@Mandiant A better resume than most of LinkedIn
#APT28
2f8e8b2783c8c47da0f265199671f3cae4e31b2a03999fff12aa3090c74c7a51
linkcuts[.]com/5xu034g2->
doads[.]org/5xu034g2->
run.mocky[.]io/v3/eb8cef1d-89a7-4b3e-81a7-25aae7cd3698->
1b65300d04b3c7d06bdbb666e13ff0678098900e1925f720c988ad3ce7e3abaa->
jkbfgkjdffghh.linkpc[.]net:8564
Back from vacation it appears; campaigns starting back up after a brief respite
2f8e8b2783c8c47da0f265199671f3cae4e31b2a03999fff12aa3090c74c7a51
linkcuts[.]com/5xu034g2 -> doads[.]org -> mocky ->
jkbfgkjdffghh.linkpc[.]net
![StrikeReadyLabs's tweet photo. Back from vacation it appears; campaigns starting back up after a brief respite
2f8e8b2783c8c47da0f265199671f3cae4e31b2a03999fff12aa3090c74c7a51
linkcuts[.]com/5xu034g2 -> doads[.]org -> mocky ->
jkbfgkjdffghh.linkpc[.]net https://t.co/92o2rqbFCW](https://pbs.twimg.com/media/GhQN9IrWMAAQpig.jpg)
Last Seen Users on Sotwe
zoro 99
Seen from United States
คลิปทางบ้าน. 🔞
Seen from Thailand
青
Seen from Thailand
gay lokal
Seen from Indonesia
ʟᴇғ
Seen from Vietnam
(cuck son)🤤
Seen from India
school ome TV
Seen from Singapore
Whitney Webb 
Seen from United States
Goddess Yess
Seen from United States
Maria Platine
Seen from Egypt
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers