Validin
@ValidinLLC
Followers
2K
Following
583
Statuses
530
Validin is a next generation internet intelligence platform.
Southeast USA
Joined May 2017
Today, @ajmeese7 breaks down a malicious redirection campaign, showing the tools and process used to connect to #ApateWeb, originally reported by @Unit42_Intel. You can follow his process and review his findings with thousands of indicators here:
4
11
43
Pivoting on favicon hash is one of the many great ways to hunt threats in Validin. Do you know about other uses of favicon hash pivots, including brand protection? Read additional use cases in our blog:
Found some very legitimate Chrome Installers...🤔 Favicon Hash: 68146cb787da1f97d881b7443c00895b @ValidinLLC Query: https://app[.validin.com/detail?find=68146cb787da1f97d881b7443c00895b Domain List: https://pastebin[.com/CheyPysU CC: @500mk500
0
2
17
RT @RacWatchin8872: #ClickFix More domains using the same method: Since they all use the same HOST-CERT_DOMAIN it…
0
12
0
RT @blackorbird: Lazarus APT: Techniques for Hunting Contagious Interview , Used ClickFix social engineering to trick job seekers into exec…
0
5
0
Note: we removed the full list of domains from this tweet as it contained several false positives that ended up in block lists. To be clear, the domain customers.vaultcord[.]com is NOT malicious. A domain owner can create CNAME records to domains they do not own. Be vigilant!
0
0
1
RT @500mk500: @dimitribest @ValidinLLC ./康康会议.apk and ./在线会议.apk are also interesting: Would all live here: to kee…
0
2
0
RT @dimitribest: #ValleyRAT sha1: 21188e7e0fd63d8ec377f81a0a5163d85b1598ec c2c: web.nginxui\.cc Interesting pivot with @ValidinLLC Ty @500…
0
10
0
RT @ajmeese7: An interesting OpenSea phishing email came in today. This one is using the site boowaga[.]com's "wp-content" dir as a redirec…
0
2
0
From:
The actor that hacked @LinusTech's X account is back with a wider campaign targeting U.S. elected officials, journalists, an X employee, cryptocurrency orgs, and other for takeover (h/t @TomHegel @spiderspiders_ Jim Walter, @linusgsebastian)
0
0
1
Great use of a certificate issuer pivot! 😎
#Coyote::A Stealthy Attack via LNK Files Using #Validin + JA4 to increase visibility into C2 infrastructure (where the attacker controls the target). IoC of the last stage: 18.231.248[.]162 metalgearslw[.]com ["CN: EASport Games"] JA4S::t120200_c030_5333cdffa7d9 @ValidinLLC
0
0
14
RT @RacWatchin8872: 🤠Hunting #Tycoon2FA Infra with BurpSuite, @ValidinLLC & @virustotal: 1️⃣ Intercept the POST request in BurpSuite to id…
0
19
0
@lontze7 @malware_traffic The number of infected sites is growing rapidly. First detected at 02:45:23 GMT yesterday (28 January) and no fewer than 28 (likely several times higher) as of about 45 minutes ago.
1
1
6
1
0
5
RT @DaveLikesMalwre: 🤖Danabot via ClickFix 🔧 📡Domains: - issueguest495039[.]world - issueguest495839[.]com (Found via @ValidinLLC Looka…
0
16
0
RT @DaveLikesMalwre: 🌐Fake Captcha Domains 📡 @ValidinLLC Query: https://app.validin[.]com/detail?type=raw&find=Verify+You+Are+Human 🥷Dom…
0
11
0
RT @RacWatchin8872: #Tycoon2FA Using @ValidinLLC was possible to get a list of potencial Tycoon2FA Phishing pages. 70/140 Tycoon2FA Phishin…
0
8
0