![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
141.164.56[.]44
taxdeliveryservice.kro[.]kr
userauthoritydoc.p-e[.]kr
https://t.co/vzbN0Vvdoe
https://t.co/SogLhnRnRo
https://t.co/eOt7OkgNJi https://t.co/SxTOUkpbj9](https://pbs.twimg.com/media/Grdky4zWgAA6DJk.png)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
141.164.56[.]44
taxdeliveryservice.kro[.]kr
userauthoritydoc.p-e[.]kr
https://t.co/vzbN0Vvdoe
https://t.co/SogLhnRnRo
https://t.co/eOt7OkgNJi https://t.co/SxTOUkpbj9](https://pbs.twimg.com/media/GrdkypkWgAA6uzB.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
141.164.56[.]44
taxdeliveryservice.kro[.]kr
userauthoritydoc.p-e[.]kr
https://t.co/vzbN0Vvdoe
https://t.co/SogLhnRnRo
https://t.co/eOt7OkgNJi https://t.co/SxTOUkpbj9](https://pbs.twimg.com/media/Grdkyo5WsAAviNN.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
141.164.56[.]44
taxdeliveryservice.kro[.]kr
userauthoritydoc.p-e[.]kr
https://t.co/vzbN0Vvdoe
https://t.co/SogLhnRnRo
https://t.co/eOt7OkgNJi https://t.co/SxTOUkpbj9](https://pbs.twimg.com/media/GrdksSgboAALPbU.png)
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites for command and control.
#IOC:
yukiicreatives[.]com
rayanlynch[.]com
https://t.co/AoqcY5e1vE
https://t.co/GlxKcoqCd6 https://t.co/X9Pet9VXt3](https://pbs.twimg.com/media/GrCQFd3W0AAhUgb.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites for command and control.
#IOC:
yukiicreatives[.]com
rayanlynch[.]com
https://t.co/AoqcY5e1vE
https://t.co/GlxKcoqCd6 https://t.co/X9Pet9VXt3](https://pbs.twimg.com/media/GrCQFd3WwAASWQo.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites for command and control.
#IOC:
yukiicreatives[.]com
rayanlynch[.]com
https://t.co/AoqcY5e1vE
https://t.co/GlxKcoqCd6 https://t.co/X9Pet9VXt3](https://pbs.twimg.com/media/GrCQFd1WkAA_GJ8.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites to deliver information.
#IOC:
bergaeroworks[.]co[.]za
sitisrlweb[.]com
seacura[.]com
https://t.co/e0XqSdQyso
https://t.co/MHznU2kuvD
https://t.co/cgSMKu3BQ9 https://t.co/WM9bcqTHc6](https://pbs.twimg.com/media/Gqa5rxIWMAApT9W.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites to deliver information.
#IOC:
bergaeroworks[.]co[.]za
sitisrlweb[.]com
seacura[.]com
https://t.co/e0XqSdQyso
https://t.co/MHznU2kuvD
https://t.co/cgSMKu3BQ9 https://t.co/WM9bcqTHc6](https://pbs.twimg.com/media/Gqa5rnZXQAAtusF.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites to deliver information.
#IOC:
bergaeroworks[.]co[.]za
sitisrlweb[.]com
seacura[.]com
https://t.co/e0XqSdQyso
https://t.co/MHznU2kuvD
https://t.co/cgSMKu3BQ9 https://t.co/WM9bcqTHc6](https://pbs.twimg.com/media/Gqa5pUmWEAA_ul7.png)
![SecAI_AI's tweet photo. The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate.
#sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll)
#C2: first.pokerstarus.kro[.]kr
https://t.co/We9TamsSQF
Domain resolved to IP 221.162.112.235, re-resovled to over 20 suspicious .kro.kr domains.
https://t.co/TZQCNuBPTp](https://pbs.twimg.com/media/GqVn_owbcAA-Q3B.jpg)
![SecAI_AI's tweet photo. The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate.
#sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll)
#C2: first.pokerstarus.kro[.]kr
https://t.co/We9TamsSQF
Domain resolved to IP 221.162.112.235, re-resovled to over 20 suspicious .kro.kr domains.
https://t.co/TZQCNuBPTp](https://pbs.twimg.com/media/GqVn_ovbIAAs8EH.png)
![SecAI_AI's tweet photo. The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate.
#sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll)
#C2: first.pokerstarus.kro[.]kr
https://t.co/We9TamsSQF
Domain resolved to IP 221.162.112.235, re-resovled to over 20 suspicious .kro.kr domains.
https://t.co/TZQCNuBPTp](https://pbs.twimg.com/media/GqVn_osbIAAHJ-s.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group used the #compromised site to download files.
#IOC: deliberatecollaboration[.]com
https://t.co/nbvORClebc https://t.co/EjoMbSHGrX](https://pbs.twimg.com/media/GqUD-WJbcAAek43.jpg)
![SecAI_AI's tweet photo. New #phishing assets of #Kimsuky #APT group:
158.247.247[.]157
https://t.co/oLA6NNsEuH
mexc-signin.kro[.]kr
https://t.co/cJttefbUia
yourinfo.kro[.]kr
https://t.co/Xfk19X5ipf
141.164.53[.]3
https://t.co/O851Wmx4tp
userdoc-sign.kro[.]kr
https://t.co/1nIIdVLmMj
getdocservice.r-e[.]kr
https://t.co/wyTv6i0K0i
mexc-enkr.kro[.]kr
https://t.co/y5GNV2zlLg](https://pbs.twimg.com/media/GpuxBGCbsAAOsVs.jpg)
![SecAI_AI's tweet photo. New #phishing assets of #Kimsuky #APT group:
158.247.247[.]157
https://t.co/oLA6NNsEuH
mexc-signin.kro[.]kr
https://t.co/cJttefbUia
yourinfo.kro[.]kr
https://t.co/Xfk19X5ipf
141.164.53[.]3
https://t.co/O851Wmx4tp
userdoc-sign.kro[.]kr
https://t.co/1nIIdVLmMj
getdocservice.r-e[.]kr
https://t.co/wyTv6i0K0i
mexc-enkr.kro[.]kr
https://t.co/y5GNV2zlLg](https://pbs.twimg.com/media/GpuxBF7aEAADcWr.jpg)
![SecAI_AI's tweet photo. New #phishing assets of #Kimsuky #APT group:
158.247.247[.]157
https://t.co/oLA6NNsEuH
mexc-signin.kro[.]kr
https://t.co/cJttefbUia
yourinfo.kro[.]kr
https://t.co/Xfk19X5ipf
141.164.53[.]3
https://t.co/O851Wmx4tp
userdoc-sign.kro[.]kr
https://t.co/1nIIdVLmMj
getdocservice.r-e[.]kr
https://t.co/wyTv6i0K0i
mexc-enkr.kro[.]kr
https://t.co/y5GNV2zlLg](https://pbs.twimg.com/media/GpuxBFGaYAIKFdj.jpg)
![SecAI_AI's tweet photo. The #Konni #APT group uses the #compromised site holosformations[.]fr to download files.
C2: 49.12.47[.]155:443
https://t.co/P2n7FE1Vno
https://t.co/UtGAPLmJ43
Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47
It is related to #ChatGPT, uses an #AutoIt script for callback, and supports multiple functions such as file display, exfiltration, and downloading.](https://pbs.twimg.com/media/GpSrSRibYAAVtvM.png)
![SecAI_AI's tweet photo. The #Konni #APT group uses the #compromised site holosformations[.]fr to download files.
C2: 49.12.47[.]155:443
https://t.co/P2n7FE1Vno
https://t.co/UtGAPLmJ43
Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47
It is related to #ChatGPT, uses an #AutoIt script for callback, and supports multiple functions such as file display, exfiltration, and downloading.](https://pbs.twimg.com/media/GpSrSRiaAAAeA-h.png)
![SecAI_AI's tweet photo. The #Konni #APT group uses the #compromised site holosformations[.]fr to download files.
C2: 49.12.47[.]155:443
https://t.co/P2n7FE1Vno
https://t.co/UtGAPLmJ43
Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47
It is related to #ChatGPT, uses an #AutoIt script for callback, and supports multiple functions such as file display, exfiltration, and downloading.](https://pbs.twimg.com/media/GpSrSRhbYAgpNLk.png)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
210.114.14.234
https://t.co/Ch52GQ94TU
secinput.n-e[.]kr
https://t.co/vb0rB6ixT4
secuinput.r-e[.]kr
https://t.co/GZiboYthpE
secinput.o-r[.]kr
https://t.co/JB27UsXWwR
158.247.243.223
https://t.co/5lylVAU8BA
updateinfo.r-e[.]kr
https://t.co/VvvRow9jKq
completeinfo.r-e[.]kr
https://t.co/U7EsKdbk8v
preinfo.r-e[.]kr
https://t.co/qCXkezBSgh](https://pbs.twimg.com/media/GpI0ZMjWsAAKHS4.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
210.114.14.234
https://t.co/Ch52GQ94TU
secinput.n-e[.]kr
https://t.co/vb0rB6ixT4
secuinput.r-e[.]kr
https://t.co/GZiboYthpE
secinput.o-r[.]kr
https://t.co/JB27UsXWwR
158.247.243.223
https://t.co/5lylVAU8BA
updateinfo.r-e[.]kr
https://t.co/VvvRow9jKq
completeinfo.r-e[.]kr
https://t.co/U7EsKdbk8v
preinfo.r-e[.]kr
https://t.co/qCXkezBSgh](https://pbs.twimg.com/media/GpI0YbFWkAAWhX_.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
210.114.14.234
https://t.co/Ch52GQ94TU
secinput.n-e[.]kr
https://t.co/vb0rB6ixT4
secuinput.r-e[.]kr
https://t.co/GZiboYthpE
secinput.o-r[.]kr
https://t.co/JB27UsXWwR
158.247.243.223
https://t.co/5lylVAU8BA
updateinfo.r-e[.]kr
https://t.co/VvvRow9jKq
completeinfo.r-e[.]kr
https://t.co/U7EsKdbk8v
preinfo.r-e[.]kr
https://t.co/qCXkezBSgh](https://pbs.twimg.com/media/GpI0YbEWcAAcQce.png)
![SecAI_AI's tweet photo. Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts.
ausbildungsbuddy[.]de https://t.co/LaWBh55sqY…absongkhla[.]com https://t.co/ro6LcoOPtb
beldy[.]ma
https://t.co/savcQGJl9g
go2kgstan[.]com
https://t.co/96C7jfMSxo
holosformations[.]fr
https://t.co/P2n7FE1Vno
michaelagee[.]com
https://t.co/o9voFZ3x9V](https://pbs.twimg.com/media/GoujnyKbkAAsQiD.jpg)
![SecAI_AI's tweet photo. Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts.
ausbildungsbuddy[.]de https://t.co/LaWBh55sqY…absongkhla[.]com https://t.co/ro6LcoOPtb
beldy[.]ma
https://t.co/savcQGJl9g
go2kgstan[.]com
https://t.co/96C7jfMSxo
holosformations[.]fr
https://t.co/P2n7FE1Vno
michaelagee[.]com
https://t.co/o9voFZ3x9V](https://pbs.twimg.com/media/GoujnyDa8AAb0NF.jpg)
![SecAI_AI's tweet photo. Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts.
ausbildungsbuddy[.]de https://t.co/LaWBh55sqY…absongkhla[.]com https://t.co/ro6LcoOPtb
beldy[.]ma
https://t.co/savcQGJl9g
go2kgstan[.]com
https://t.co/96C7jfMSxo
holosformations[.]fr
https://t.co/P2n7FE1Vno
michaelagee[.]com
https://t.co/o9voFZ3x9V](https://pbs.twimg.com/media/GoujmwuaYAASNgF.png)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group: #IOC:
158.247.202[.]109
portiondoc.o-r[.]kr
https://t.co/IekUxZKjQe
https://t.co/eLsvyrs7MO https://t.co/5rWm5cgWkT](https://pbs.twimg.com/media/Gok58WYWAAAmcNB.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group: #IOC:
158.247.202[.]109
portiondoc.o-r[.]kr
https://t.co/IekUxZKjQe
https://t.co/eLsvyrs7MO https://t.co/5rWm5cgWkT](https://pbs.twimg.com/media/Gok55LGWwAAStQn.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group: #IOC:
158.247.202[.]109
portiondoc.o-r[.]kr
https://t.co/IekUxZKjQe
https://t.co/eLsvyrs7MO https://t.co/5rWm5cgWkT](https://pbs.twimg.com/media/Gok55KfXAAAxEPz.jpg)
![SecAI_AI's tweet photo. The #Kimsuky #APT group used phishing sites to collect account credentials, but the sites has not been resolved to any IP addresses.
#IOC:
post.blogalarm.kro[.]kr
nid-info.checkmyblog.kro[.]kr
https://t.co/G24Om8KnJg
https://t.co/Oj89uUvlgo https://t.co/NiMVkh0EKN](https://pbs.twimg.com/media/GndX7eqbwAA1gGN.jpg)
![SecAI_AI's tweet photo. The #Kimsuky #APT group used phishing sites to collect account credentials, but the sites has not been resolved to any IP addresses.
#IOC:
post.blogalarm.kro[.]kr
nid-info.checkmyblog.kro[.]kr
https://t.co/G24Om8KnJg
https://t.co/Oj89uUvlgo https://t.co/NiMVkh0EKN](https://pbs.twimg.com/media/GndX7epbUAAWx6V.jpg)
![SecAI_AI's tweet photo. The #Kimsuky #APT group used phishing sites to collect account credentials, but the sites has not been resolved to any IP addresses.
#IOC:
post.blogalarm.kro[.]kr
nid-info.checkmyblog.kro[.]kr
https://t.co/G24Om8KnJg
https://t.co/Oj89uUvlgo https://t.co/NiMVkh0EKN](https://pbs.twimg.com/media/GndX6eIbAAAPFlM.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
158.247.192[.]105
ips-check.o-r[.]kr
https://t.co/sbjANZjwOj
https://t.co/gcn6rWvbHN https://t.co/7VvMQrbj4j](https://pbs.twimg.com/media/GoGBfCibwAAIcip.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
158.247.192[.]105
ips-check.o-r[.]kr
https://t.co/sbjANZjwOj
https://t.co/gcn6rWvbHN https://t.co/7VvMQrbj4j](https://pbs.twimg.com/media/GoGBfCdacAANqiB.jpg)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
158.247.192[.]105
ips-check.o-r[.]kr
https://t.co/sbjANZjwOj
https://t.co/gcn6rWvbHN https://t.co/7VvMQrbj4j](https://pbs.twimg.com/media/GoGBSGfbwAArqbr.png)
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
#IOC:
158.247.192[.]105
ips-check.o-r[.]kr
https://t.co/sbjANZjwOj
https://t.co/gcn6rWvbHN https://t.co/7VvMQrbj4j](https://pbs.twimg.com/media/GoGBSGfbcAAWCmv.png)
Olivia
Online
SecAI
@SecAI_AI
Innovative threat intelligence-driven and AI-powered company aiming at cyber threat detection and response.
🏢
Singapore
Joined April 2024
108 Following
601 Followers
329 Posts
The #Konni #APT group used #compromised websites for command and control.
#IOC:
yukiicreatives[.]com
rayanlynch[.]com
https://t.co/AoqcY5e1vE
https://t.co/GlxKcoqCd6
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites for command and control.
#IOC:
yukiicreatives[.]com
rayanlynch[.]com
https://t.co/AoqcY5e1vE
https://t.co/GlxKcoqCd6 https://t.co/X9Pet9VXt3](https://pbs.twimg.com/media/GrCQFd3XsAA9wXj.jpg)
The #Konni #APT group used #compromised websites to deliver information.
#IOC:
bergaeroworks[.]co[.]za
sitisrlweb[.]com
seacura[.]com
https://t.co/e0XqSdQyso
https://t.co/MHznU2kuvD
https://t.co/cgSMKu3BQ9
![SecAI_AI's tweet photo. The #Konni #APT group used #compromised websites to deliver information.
#IOC:
bergaeroworks[.]co[.]za
sitisrlweb[.]com
seacura[.]com
https://t.co/e0XqSdQyso
https://t.co/MHznU2kuvD
https://t.co/cgSMKu3BQ9 https://t.co/WM9bcqTHc6](https://pbs.twimg.com/media/Gqa5rxPXkAAR_0w.jpg)
Last chance to meet us at @GISECGlobal! The @SecAI_AI Booth at P48 is open for one more day.
Find out how AI-powered threat intelligence can give your security team a critical edge.
See you there!
The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate.
#sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll)
#C2: first.pokerstarus.kro[.]kr
https://t.co/We9TamsSQF
Domain resolved to IP 221.162.112.235, re-resovled to over 20 suspicious .kro.kr domains.
https://t.co/TZQCNuBPTp
![SecAI_AI's tweet photo. The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate.
#sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll)
#C2: first.pokerstarus.kro[.]kr
https://t.co/We9TamsSQF
Domain resolved to IP 221.162.112.235, re-resovled to over 20 suspicious .kro.kr domains.
https://t.co/TZQCNuBPTp](https://pbs.twimg.com/media/GqVn_pOaAAAR8Rz.jpg)
Day 2 at @GISECGlobal!
Stop by Booth P48 to see why @SecAI_AI Investigator is making waves in Threat Intel.
We're giving away 15-day Pro access codes—grab yours and see the power for yourself.
The #Konni #APT group used the #compromised site to download files.
#IOC: deliberatecollaboration[.]com
https://t.co/nbvORClebc
![SecAI_AI's tweet photo. The #Konni #APT group used the #compromised site to download files.
#IOC: deliberatecollaboration[.]com
https://t.co/nbvORClebc https://t.co/EjoMbSHGrX](https://pbs.twimg.com/media/GqUD-WKbAAIaY3y.png)
It’s going to be a packed day at @GISECGlobal with world-class sessions, but don’t miss a visit to @SecAI_AI at Booth P48.
Stop by to see how our proprietary threat intelligence gives you actionable intelligence with near-zero false positives. See you there!
Just 1 more day to @GISECGlobal! Come find @SecAI_AI at Booth P48 to have an hands-on experience of faster, smarter threat investigations powered by AI.
Plus, try your luck at our onsite Lucky Draw! 🎁
See you then!
New #phishing assets of #Kimsuky #APT group:
158.247.247[.]157
https://t.co/oLA6NNsEuH
mexc-signin.kro[.]kr
https://t.co/cJttefbUia
yourinfo.kro[.]kr
https://t.co/Xfk19X5ipf
141.164.53[.]3
https://t.co/O851Wmx4tp
userdoc-sign.kro[.]kr
https://t.co/1nIIdVLmMj
getdocservice.r-e[.]kr
https://t.co/wyTv6i0K0i
mexc-enkr.kro[.]kr
https://t.co/y5GNV2zlLg
![SecAI_AI's tweet photo. New #phishing assets of #Kimsuky #APT group:
158.247.247[.]157
https://t.co/oLA6NNsEuH
mexc-signin.kro[.]kr
https://t.co/cJttefbUia
yourinfo.kro[.]kr
https://t.co/Xfk19X5ipf
141.164.53[.]3
https://t.co/O851Wmx4tp
userdoc-sign.kro[.]kr
https://t.co/1nIIdVLmMj
getdocservice.r-e[.]kr
https://t.co/wyTv6i0K0i
mexc-enkr.kro[.]kr
https://t.co/y5GNV2zlLg](https://pbs.twimg.com/media/GpuxCPgaEAAF54i.png)
The #Konni #APT group uses the #compromised site holosformations[.]fr to download files.
C2: 49.12.47[.]155:443
https://t.co/P2n7FE1Vno
https://t.co/UtGAPLmJ43
Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47
It is related to #ChatGPT, uses an #AutoIt script for callback, and supports multiple functions such as file display, exfiltration, and downloading.
![SecAI_AI's tweet photo. The #Konni #APT group uses the #compromised site holosformations[.]fr to download files.
C2: 49.12.47[.]155:443
https://t.co/P2n7FE1Vno
https://t.co/UtGAPLmJ43
Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47
It is related to #ChatGPT, uses an #AutoIt script for callback, and supports multiple functions such as file display, exfiltration, and downloading.](https://pbs.twimg.com/media/GpSrSRobYAE2165.png)
New #phishing assets of the #Kimsuky #APT group:
210.114.14.234
https://t.co/Ch52GQ94TU
secinput.n-e[.]kr
https://t.co/vb0rB6ixT4
secuinput.r-e[.]kr
https://t.co/GZiboYthpE
secinput.o-r[.]kr
https://t.co/JB27UsXWwR
158.247.243.223
https://t.co/5lylVAU8BA
updateinfo.r-e[.]kr
https://t.co/VvvRow9jKq
completeinfo.r-e[.]kr
https://t.co/U7EsKdbk8v
preinfo.r-e[.]kr
https://t.co/qCXkezBSgh
![SecAI_AI's tweet photo. New #phishing assets of the #Kimsuky #APT group:
210.114.14.234
https://t.co/Ch52GQ94TU
secinput.n-e[.]kr
https://t.co/vb0rB6ixT4
secuinput.r-e[.]kr
https://t.co/GZiboYthpE
secinput.o-r[.]kr
https://t.co/JB27UsXWwR
158.247.243.223
https://t.co/5lylVAU8BA
updateinfo.r-e[.]kr
https://t.co/VvvRow9jKq
completeinfo.r-e[.]kr
https://t.co/U7EsKdbk8v
preinfo.r-e[.]kr
https://t.co/qCXkezBSgh](https://pbs.twimg.com/media/GpI0ZM3XgAE-c5E.jpg)
Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts.
ausbildungsbuddy[.]de https://t.co/LaWBh55sqY…absongkhla[.]com https://t.co/ro6LcoOPtb
beldy[.]ma
https://t.co/savcQGJl9g
go2kgstan[.]com
https://t.co/96C7jfMSxo
holosformations[.]fr
https://t.co/P2n7FE1Vno
michaelagee[.]com
https://t.co/o9voFZ3x9V
![SecAI_AI's tweet photo. Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts.
ausbildungsbuddy[.]de https://t.co/LaWBh55sqY…absongkhla[.]com https://t.co/ro6LcoOPtb
beldy[.]ma
https://t.co/savcQGJl9g
go2kgstan[.]com
https://t.co/96C7jfMSxo
holosformations[.]fr
https://t.co/P2n7FE1Vno
michaelagee[.]com
https://t.co/o9voFZ3x9V](https://pbs.twimg.com/media/GoujnyQbMAExpwn.jpg)
🚀 The new version of SecAI is live!
We’ve made major upgrades to help you analyze IPs and domains more effectively:
✅ Clear Verdicts – Malicious, Suspicious, Unknown, or Benign — based on multi-source intelligence
🏷️ Multi-layered Labels – Threat types, malware linkage, attribution, and campaign tags
📊 Historical Attacks – Visualize historical attack activity patterns of IPs
📚 Rich Intelligence contexts – Includes cybermapping data, WHOIS, DNS, certificates, related files, and more
🛠️ Feeds & API (coming soon) – Structured output for platform integration and automation
🔗 Try it now: https://t.co/UUC3aw4YPS
#ThreatIntelligence #CyberSecurity #SecAI
Looking forward to @RSAConference 2025? Stop by booth #Booth N-6570 to meet our team and check out our TI-enriched and AI-driven cybersecurity solutions. You're just one step away from levelling up your security operation.
If you don't have a pass. Don't worry! Here is the Invitation Code: 52ESECAIXP
Registration link: https://t.co/1bS6fc58x7
See you at the RSA Conference 2025! #RSAC
@El3phant_TW You can refer to this report for more information on Kimsuky: https://t.co/Z9u7pJmT7J
@Thisism23567356 Our analysts have determined that these domains belong to Kimsuky based on cybermapping and URL characteristics.
Last Seen Users on Sotwe
Nur 🐣
Seen from Turkey
Milla ferrazzo 
Seen from Canada
not jo
Seen from Germany
R51
Seen from Canada
lobaharta
Seen from Indonesia
Vanna Bardot
Seen from France
TÜRK ONAYLI REEL SAHİBELER
Seen from Turkey
Papi's House ®️
Seen from Turkey
Woke White Girls ♠️🇪🇺 (245k)
Seen from Pakistan
antep fantezi
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers