ThreatFoXX @dixit_404 - Twitter Profile

Pinned Tweet

3 days ago

Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment. Analysis: https://t.co/HQuak0aO1E @ElementalX2 @smica83 @AndreGironda @skocherhan @Cyberdost @IncomeTaxIndia @IndianCERT

Dixit_404's tweet photo. Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment.

Analysis: https://t.co/HQuak0aO1E

@ElementalX2 @smica83 @AndreGironda @skocherhan @Cyberdost @IncomeTaxIndia @IndianCERT https://t.co/a5UEWnFN1z

2

65

21

48

6K

ThreatFoXX @Dixit_404

1 day ago

@nsquar3 @ElementalX2 @smica83 @AndreGironda @skocherhan @Cyberdost @IncomeTaxIndia @IndianCERT If I'm not wrong this SilverFox APT group, Even our research also aligned with Same infra but this time they have used DcRAT, i would say Income tax department has continuously Targeted by China-nexus since long & we continuously monitoring it.

0

4

0

88

ThreatFoXX @Dixit_404

3 days ago

Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment. Analysis: https://t.co/HQuak0aO1E @ElementalX2 @smica83 @AndreGironda @skocherhan @Cyberdost @IncomeTaxIndia @IndianCERT

2

65

21

48

6K

ThreatFoXX @Dixit_404

3 days ago

@SpinkaMilan @Seqrite Updated, Once again thanks for letting us know.

0

1

0

11

Who to follow

Cyb3rM0nk

@cyb3rm0nk28

Industrial Cybersecurity 🏭🛡

Vaibhav Kumar Srivastava

@Vamp9006

Security+ certified | Penetration tester

Uma Mahesh

@umamahesh7777

ThreatFoXX @Dixit_404

3 days ago

@SpinkaMilan @Seqrite Hey Thanks for letting us know we will update it

0

10

ThreatFoXX @Dixit_404

3 days ago

@smica83 @ElementalX2 @skocherhan @AndreGironda @askardyuss @malwrhunterteam Zip: c64dc42df7c7f4dc22ac09037394121cbda7549ea1b3271b1cedf79b24c5bc3e LNK: 8691acd18cf8e5bab8698b2e1a21988fab21c8142fb9d8dc5857da3dce773aba, ceba95c3662b1a6e62a790856adef0fb3de29e8cb468521004db77e2d3ba3946 Decoy: 578c60c9c55ab901d14d4c53c114788216f2e758c72699514245b63fe0860c69

0

5

1

4

250

ThreatFoXX @Dixit_404

3 days ago

Well-constructed spear phishing campaign targeting Russian-speaking government or administrative staff, using a Russian MChS (Ministry of Emergency Situations) salary document as a lure. @smica83 @ElementalX2 @skocherhan @AndreGironda @askardyuss @malwrhunterteam

Dixit_404's tweet photo. Well-constructed spear phishing campaign targeting Russian-speaking government or administrative staff, using a Russian MChS (Ministry of Emergency Situations) salary document as a lure.

@smica83 @ElementalX2 @skocherhan @AndreGironda @askardyuss @malwrhunterteam https://t.co/VpqfyR8DSj

1

23

7

9

3K

ThreatFoXX @Dixit_404

5 days ago

@askardyuss @anyrun_app Its PlugX RAT

0

1

0

215

ThreatFoXX @Dixit_404

6 days ago

@askardyuss @anyrun_app Thanks for Sharing @askardyuss

0

1

0

355

Dixit_404 retweeted

Virus Bulletin @virusbtn

7 days ago

Seqrite Lab researchers identified an active malware campaign targeting Thailand’s healthcare sector, including Ministry of Health personnel and affiliated healthcare organizations, with weaponized RAR archives. https://t.co/qA69zScUq6

virusbtn's tweet photo. Seqrite Lab researchers identified an active malware campaign targeting Thailand’s healthcare sector, including Ministry of Health personnel and affiliated healthcare organizations, with weaponized RAR archives. https://t.co/qA69zScUq6 https://t.co/Jms8ftktR0

0

28

11

8

3K

ThreatFoXX @Dixit_404

8 days ago

@ElementalX2 Yes bro, you should ❣️

1

0

126

ThreatFoXX @Dixit_404

12 days ago

@smica83 @ElementalX2 @AndreGironda @skocherhan @500mk500 @tdatwja @malwrhunterteam

0

145

ThreatFoXX @Dixit_404

12 days ago

Interesting sample from "Thailand", Health_Ministry_Approved_Equipment_2026.rar : e5f6d9d405819e6b05b5d8268a2e973294859ad65237ede36ab612b536d0ac2b Health_Ministry_Approved_Equipment_2026.bat: 4eebc38297a307d18784d6f9ebc8aa6e6f69860be970cc70d9e544deb1ff6ce0

1

2

0

1

208

ThreatFoXX @Dixit_404

13 days ago

@ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500 DRAFT CSLEP Mission Agenda_June 17-20.7z : 011ce9de73539302a0650a08db26ec5a833b8031033646f1b4969bd02c0de21c

1

4

1

0

258

ThreatFoXX @Dixit_404

13 days ago

Campaign targeting Cambodia (Angkor Wat International Half Marathon) 🇰🇭 C2: wewrurui[.]com → 38.181.22.75 (AS140227, HK) Malware: gh0st RAT SilverFox / China-nexus (High Confidence) @ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500

Dixit_404's tweet photo. Campaign targeting Cambodia (Angkor Wat International Half Marathon) 🇰🇭

C2: wewrurui[.]com → 38.181.22.75 (AS140227, HK)
Malware: gh0st RAT

SilverFox / China-nexus (High Confidence)

@ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500 https://t.co/iuh0sOoWLU

6

41

9

14

4K

ThreatFoXX @Dixit_404

13 days ago

@ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500 Similar found recent one, DRAFT CSLEP Mission Agenda June 17-20" — CSLEP likely refers to Cambodia-specific law enforcement or security cooperation program. @smica83 @skocherhan @ElementalX2 @malwrhunterteam @AndreGironda @500mk500

Dixit_404's tweet photo. @ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500 Similar found recent one,

DRAFT CSLEP Mission Agenda June 17-20" — CSLEP likely refers to Cambodia-specific law enforcement or security cooperation program.

@smica83 @skocherhan @ElementalX2 @malwrhunterteam @AndreGironda @500mk500 https://t.co/VsESeVIxGO

1

4

2

1

496

ThreatFoXX @Dixit_404

13 days ago

@ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500 @cambodia_events

0

2

0

277

ThreatFoXX @Dixit_404

13 days ago

@ElementalX2 @smica83 @skocherhan @AndreGironda @malwrhunterteam @500mk500 Major events in Phnom Penh, December 6, 2026.7z: 9fa63fe50719553845eaf3a803cfe2bfa59fe7e9de9e4f97d688776d4b45a049 Major events in Phnom Penh, December 6, 2026.exe: 13d5ebdd16e5775c5d2074356bb66ee300077bd3b52efbf06483a040e60b5c6b wewrurui[.]com 38.181.22.75 - AS 140227

0

3

0

1

196

ThreatFoXX @Dixit_404

14 days ago

@malwrhunterteam @smica83 @skocherhan @AndreGironda @500mk500 @ElementalX2 @IranIntl @iraninarabic_ir @DailyIranNews @IranObserver0 @IRMilitaryMedia

0

99

ThreatFoXX @Dixit_404

14 days ago

Iranopasmigirim" (ایران را پس می‌گیریم), The decoy is a politically-themed invitation document (PDF) targeting Iranian diaspora and political activists. @malwrhunterteam @smica83 @skocherhan @AndreGironda @500mk500 @ElementalX2

Dixit_404's tweet photo. Iranopasmigirim" (ایران را پس می‌گیریم),

The decoy is a politically-themed invitation document (PDF) targeting Iranian diaspora and political activists.

@malwrhunterteam @smica83 @skocherhan @AndreGironda @500mk500 @ElementalX2 https://t.co/FPMvxdb3N2

2

1

0

179

ThreatFoXX @Dixit_404

14 days ago

@malwrhunterteam @smica83 @skocherhan @AndreGironda @500mk500 @ElementalX2 Similar LNKs, -190f7cfc072ad6a8c568951094bba8eca0e7eb1f97a94da2af87685ea0c198b5 -764b337b2eb86e0318c9802922f81cc2eeb04ada274c11a9eef6217e74b405cd

0

3

2

419

ThreatFoXX @Dixit_404

14 days ago

@malwrhunterteam @smica83 @skocherhan @AndreGironda @500mk500 @ElementalX2 Iranopasmigirim.lnk:377357ee1340b2bbd546af2bb81bb25b umpdc.dll: afd949746b510609714185dab7b2c1db The threat actor exploited the emotionally charged Iranian political movement "ایران را پس می‌گیریم" (We Take Iran Back) by crafting a convincing official-looking invitation

2

5

1

2

816

ThreatFoXX

@Dixit_404

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users