ᴘᴀʀᴛʜɪ @cyber__sloth - Twitter Profile

9 months ago

Recruitment #Phishing for well-known orgs like Google, Meta, YouTube Full list of IOCs is here https://t.co/LE1byQ4rGx ytjobsunit[.]com ytjobspartner[.]com ytjobsmember[.]com metaworkrooms-hiring[.]com metaworkrooms-careers[.]com

cyber__sloth's tweet photo. Recruitment #Phishing for well-known orgs like Google, Meta, YouTube

Full list of IOCs is here https://t.co/LE1byQ4rGx
ytjobsunit[.]com
ytjobspartner[.]com
ytjobsmember[.]com
metaworkrooms-hiring[.]com
metaworkrooms-careers[.]com https://t.co/KMnd0VVxjH

0

895

ᴘᴀʀᴛʜɪ @cyber__sloth

12 months ago

@Antonlovesdnb @HuntressLabs Love to have your thoughts on the macOS IR cases or Linux. How do they compare against Windows environments, how easy is it for TA's to laterally move, and what TTPs do you see in the wild?

0

74

ᴘᴀʀᴛʜɪ @cyber__sloth

over 1 year ago

#contagious_interview #DPRK #famous_chollima are spreading a malicious binary named "Uniswap Sniper Bot With GUI.exe" to steal #crypto wallets and browser information using #beavertail & #invisibileferret cc @Uniswap C2: 185.153.182[.]241:1224

0

5

0

1K

ᴘᴀʀᴛʜɪ @cyber__sloth

over 1 year ago

@n3tl0kr @AccidentalCISO I second this. It’s been years since I set it up. Hassle free

0

48

Who to follow

Arkbird

@Arkbird_SOLG

Malware slayer Member of @CuratedIntel

blackorbird

@blackorbird

Peace and Love. Just Analysis/Hunter/Youtuber/AiCoder/Entrepreneur/. #APT #threatIntelligence #Exploit #CTI #meme #cyber #hacker #OSINT #Ai Need Remote Job

Shadow Chaser Group

@ShadowChasing1

Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group focused on APT hunt and analysis

ᴘᴀʀᴛʜɪ @cyber__sloth

almost 2 years ago

@cyb3rops Please try chrome to detect password reuse. This has been super helpful for us. You can also enforce password reset if there’s password reuse.

0

1

0

214

ᴘᴀʀᴛʜɪ @cyber__sloth

almost 2 years ago

Thanks @OrangeCon_nl for having me and @shivarahul_p. Had a good time and lots of learnings from the talks.

0

3

0

962

ᴘᴀʀᴛʜɪ @cyber__sloth

almost 2 years ago

Awesome blog by @shivarahul_p on #microsoft graph API logs.

0

1

0

492

cyber__sloth retweeted

Will Harris @parityzero

almost 2 years ago

With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more about this protection: https://t.co/cYbftNevzW

parityzero's tweet photo. With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more about this protection: https://t.co/cYbftNevzW https://t.co/i7aCkP73oO

12

338

125

109

99K

ᴘᴀʀᴛʜɪ @cyber__sloth

almost 2 years ago

There's one more domain impersonating voov. voov-meeting[.]site #Lazarus #DPRK

Michael Koczwara

@MichalKoczwara

almost 2 years ago

Looks like APT38/Lazarus🇰🇵 is impersonating/targeting another crypto-related company SevenX Ventures. /7xvc.roomconnect.online

MichalKoczwara's tweet photo. Looks like APT38/Lazarus🇰🇵 is impersonating/targeting another crypto-related company SevenX Ventures.

/7xvc.roomconnect.online https://t.co/c28idN5g73

1

64

9

26

9K

0

2

0

497

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

@embee_research This is amazing @embee_research. I wish @ValidinLLC would allow us to perform a filter by the domain name for an ASN. That'd be amazing and time-saving. Maybe a feature request to the team :)

cyber__sloth's tweet photo. @embee_research This is amazing @embee_research. I wish @ValidinLLC would allow us to perform a filter by the domain name for an ASN. That'd be amazing and time-saving.
Maybe a feature request to the team :) https://t.co/ZkZlf7ZylO

1

0

1

97

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

Threat actor's continuous campaign against #indian #airforce. The #malware uses Slack as its C2 as mentioned by the existing blog. MD5: 9f8eee2c2096fd9c78488d71af45e59a https://t.co/g3q9Ep0T2D @IndianCERT

cyber__sloth's tweet photo. Threat actor's continuous campaign against #indian #airforce. The #malware uses Slack as its C2 as mentioned by the existing blog.
MD5: 9f8eee2c2096fd9c78488d71af45e59a
https://t.co/g3q9Ep0T2D
@IndianCERT https://t.co/olxwucOr7u

0

19

6

7

3K

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

Related malicious URLs to this campaign. IOCs --> https://t.co/1gLc1SaOy9 https://t.co/ETabXBJLEy

0

1

0

380

cyber__sloth retweeted

Arkbird @Arkbird_SOLG

over 2 years ago

And from this dropbox link in July 2023 : https://t.co/tAUsjsdsAz

0

6

3

0

5K

cyber__sloth retweeted

Ginkgo @ginkgo_g

over 2 years ago

#APT #Sidewinder e2a3edc708016316477228de885f0c39 The decoy document is information about the itinerary of #Nepali Prime Minister Pushpa Kamal Dahal. After the macro code is run, multiple VBScript files, batch files, and ZIP files containing the #Nim backdoor will be released.

ginkgo_g's tweet photo. #APT #Sidewinder

e2a3edc708016316477228de885f0c39

The decoy document is information about the itinerary of #Nepali Prime Minister Pushpa Kamal Dahal.

After the macro code is run, multiple VBScript files, batch files, and ZIP files containing the #Nim backdoor will be released. https://t.co/5IUdbAhxf5

4

31

13

5

7K

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

Related infrastructure 13.176.179.|41 193.43.72.|11 193.187.172.|73

The DFIR Report

@TheDFIRReport

over 2 years ago

🚨Confluence exploit (CVE-2023-22518) Leads to C3RB3R Ransomware🚨 ➡️Exploit source: 193.187.172.73 ➡️Download & Exec: http://193[.]187[.]172[.]73/tmp[.]1u ➡️Lateral Movement: Attempts to spread over SMB/445 ➡️Extension: LOCK3D h/t @GreyNoiseIO

TheDFIRReport's tweet photo. 🚨Confluence exploit (CVE-2023-22518) Leads to C3RB3R Ransomware🚨

➡️Exploit source: 193.187.172.73
➡️Download & Exec: http://193[.]187[.]172[.]73/tmp[.]1u
➡️Lateral Movement: Attempts to spread over SMB/445
➡️Extension: LOCK3D

h/t @GreyNoiseIO https://t.co/VdO5EUjPOj

1

234

90

55

43K

0

3

0

1

632

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

#confluence #vulnerability #CVE-2023-22518. If you haven't patched it, please do it ASAP. If you are monitoring confluence logs, please monitor the below endpoints for incoming exploit attempts. https://t.co/r1d3TNgo1Z

cyber__sloth's tweet photo. #confluence #vulnerability #CVE-2023-22518. If you haven't patched it, please do it ASAP. If you are monitoring confluence logs, please monitor the below endpoints for incoming exploit attempts. https://t.co/r1d3TNgo1Z https://t.co/qOi9LrIOXS

0

4

0

633

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

Based on VT intelligence it looks like attackers are targeting HDFC bank users as well. C2: owncloud-150509-0[.]https://t.co/wHRZxGhBiz owncloud-150476-0[.]https://t.co/wHRZxGhBiz owncloud-148461-0[.]https://t.co/wHRZxGhBiz roundcube-149741-0[.]https://t.co/wHRZxGhBiz

0

2

1

0

502

ᴘᴀʀᴛʜɪ @cyber__sloth

over 2 years ago

#phishing via #SMS, targeting 🇮🇳 #axisbank users. Uses the URL shortener https://t.co/nR3Vrg13yB and the kits are hosted on https://t.co/wHRZxGhBiz CC @cloudclusters @AxisBank 1/n