Cyber Team

287 posts

Cyber Team

@Cyberteam008

Threat Hunting | APT Tracking | Malware Analysis | Darkweb Monitoring "Unity is Strength"

Katılım Aralık 2022

61 Takip Edilen3K Takipçiler

Sabitlenmiş Tweet

Cyber Team@Cyberteam008·7 Mar

#Censys Queries for North Korea's #Kimsuky #APT Infra 1)services.http.response.body_hashes="sha256:e5bd74ceee37fce5805dfdd7dd38df39411f4997fdcc7ab223b0589840111669" 2)services.http.response.body="Million OK !!!!" IOCs: pastebin.com/tKCizMtz Note: Domains are enriched from VT.

English

30.3K

Cyber Team@Cyberteam008·11h

@500mk500 @fofabot Hi, Nice catch mate👏. Good to observe new infra in latest post. Regards

English

Mikhail Kasimov@500mk500·11h

@Cyberteam008 @fofabot Month ago: x.com/500mk500/statu…

Mikhail Kasimov@500mk500

@skocherhan @PKCERT_official visa-nadra-gov-pk\.desynt.com visa-nadra-gov-pk\.pages.dev visa-nadra-gov-pk\.shafaftech.com visa-nadra-gov-pk\.xo.je visa.nadra-gov\.online visa.nadra-gov\.pt visa.nadra\.gov-pak.com visa.nadra\.gove.pw visa.nadra\.gvo-pk.cc cc @volrant136 FYI

English

Cyber Team@Cyberteam008·11h

#Fofa Query for #SideWinderAPT / #RazorTiger / #Rattlesnake targeting 🇵🇰 Govt. Query: title=="PAK VISA" Link: t.ly/o4SJu Infra: 173.208.180[.]161 {visa / nadra}.gov.pk-o[.]xyz {visa / nadra}.gov.pk.onev[.]online visa.nadra-gov[.]pt @500mk500 #APT #Malware #ioc

779

Cyber Team@Cyberteam008·1d

@AzakaSekai_ Hi, The C2 IP address is matched with one of our known #PlugX signatures and the file path "hiar4uqi[.]csz" (gibberish pattern) is most common in #PlugX related samples. This led us to attribute to the #PlugX which is used by #MustangPanda (also uses #TOnePipeShell). Regards.

English

安坂星海 Azaka || VTuber@AzakaSekai_·1d

@Cyberteam008 not sure why you marked this as plugx 🫠 - this is #TOnePipeShell adjacent

English

131

Cyber Team@Cyberteam008·1d

[1/2] Recent #PlugX #RAT activity File: microsoftedgeupdate (1).zip MD5: 150406e02046742ee2d6c7eacf0f53c6 C2: 103.114.203[.]75:443 / fdcvgbb[.]com File: PartitionManager.dll / SkinH.dll MD5: da03f896e2f44dfd51e9a0a17ed4e8e8 #MustangPanda #APT #Malware #ioc

English

2.9K

Cyber Team@Cyberteam008·1d

[2/2] Path: %AppData%\Local\Temp\hiar4uqi.csz\ File: Micros0ftEdgeUpdates.exe (Signed. Observe the zero[0] in file name) MD5: b0e977cc3a307140a37a956973943cad Note: The file is Signed by "Wondershare Technology Group Co. Ltd" which is based in China. #PlugX #RAT #Malware #ioc

English

836

Cyber Team@Cyberteam008·3d

[2/2] #Infra: formainserverlin[.]space formainserverwin[.]store formainserverwin[.]online 176[.]125[.]240[.]33 46[.]253[.]4[.]33 46[.]253[.]4[.]143 46[.]253[.]4[.]169 @500mk500 #APT36 #TransparentTribe #Malware #ioc

English

915

Cyber Team@Cyberteam008·3d

[1/2] #Fofa Query for #APT36 / #TransparentTribe #Query: cert.sn="138784688124233379481647497025635157148" #Link: t.ly/48WhN Note: All infra hosted on it's favourite ASN="Alexhost SRL".

English

3.7K

Cyber Team@Cyberteam008·16 Eki

Pakistan's #APT36 / #TransparentTribe Targeting Indian Govt. with theme "NIC eEmail Services" Infra: accounts.mgovcloud[.]in.departmentofdefence[.]live departmentofdefence[.]live 81.180.93[.]5 --- [Stealth Server C2 on port 8080] 45.141.59[.]168 @500mk500 #APT #Malware #ioc

English

10.2K

Cyber Team@Cyberteam008·17 Eyl

@th3l4z4rus Dear @th3l4z4rus We have gone through the article but did not find any of the IoC from our post. In case if you are assuming both "d11d6t6zp1jvtm.cloudfront[.]net" & "d2i8rh3pkr4ltc.cloudfront[.]net" are same, they are different. Regards Cyber Team

English

_th3l4z4rus_@th3l4z4rus·17 Eyl

@Cyberteam008 @Cyberteam008 This IoCs is been associated with Patchwork according to ctfiot.com/269659.html this blog

English

Cyber Team@Cyberteam008·17 Eyl

#APT36 / #TransparentTribe #APT Targeting India with theme "Fake Adobe Update". File: TA_DA_Revised_Procedures_MEA.zip d20bcad25e95052efaff8c22c4715801 File: TA_DA_Revised_Procedures_MEA.pdf 9b9c574cdb17c238df80414476228a78 C2: d2i8rh3pkr4ltc.cloudfront[.]net #Malware #ioc

English

7.7K

Cyber Team@Cyberteam008·16 Eyl

[2/2] #Fofa Query: banner="HTTP/1.1 400 Bad Request" && banner="Server: nginx/1.23.2" && banner="Content-Type: text/html" && banner="Content-Length: 255" && banner="Connection: close" && asn="59711" #SidewinderAPT #Rattlesnake #APT #Malware #ioc

English

1.3K

Cyber Team@Cyberteam008·16 Eyl

[1/2] 🇮🇳 's #SidewinderAPT / #Rattlesnake #APT Targeting 🇱🇰🇵🇰🇳🇵 Govts. #Fofa Link: t.ly/V9HUm Infra (including enrich from VT) : pastebin.com/BiUxSjrp @500mk500 #Malware #ioc

English

6.4K

Cyber Team@Cyberteam008·11 Eyl

[2/2] File (ELF Payload): Proposal_Posting_of_Offrs_to_RMC_Mumbai.pdf MD5: ae0194034d39051ae1e93acb7ca39df2 C2 domains: cloudstore[.]cam & 2ndline[.]cfd C2 IP: 5.178.0[.]29 @SinghSoodeep @500mk500 #APT36 #TransparentTribe #APT #Malware

English

1.1K

Cyber Team@Cyberteam008·11 Eyl

[1/2] Latest #APT36 #TransparentTribe #APT activity File: Proposal_Posting_of_Offrs_to_RMC_Mumbai.zip MD5: e5f5b37c7bc791532d4139fec40a1687 File: Proposal_Posting_of_Offrs_to_RMC_Mumbai.pdf.desktop MD5: 0a671f5849a24aceb605d41dcb607230 @500mk500 #Malware #ioc

English

2.2K

Cyber Team@Cyberteam008·3 Eyl

#APT36 #TransparentTribe Targeting #Indian Govt File: Invite Capt (IN) Sandip Kapoor Presedent AFWHO.pdf MD5: f2a71b2719744765ac8a6a49b2acbce6 Zip file downloaded from hxxps://amazon-i-mod.s3.eu-north-1.amazonaws.com/Invite+Capt+(IN)+Sandip+Kapoor+Presedent+AFWHO.zip #Malware

English

3.6K

Cyber Team@Cyberteam008·28 Ağu

#Crimson #RAT #Payloads vatkvam yamrias.exe 591e736cd14433b9a2fa7af7337c523b POST C2: 209.145.61.131: {6616, 8645, 25861 & 28126} Signature: { infrqmdzo=command } raystsur irmtras.exe 04f481b61fe6eceeadd60bb78b0898e1 POST C2: 77.93.154.222: {7641, 18816 & 22826} #Malware #ioc

English

2.1K

Cyber Team@Cyberteam008·20 Ağu

#MustangPanda #APT / #StatelyTaurus Targeting #Myanmar entity #TNLA TNLA နှင့် အခြားတော်လှန်ရေးအင်အားစုများ (TNLA & other revolutionary forces.rar) 25989c20a2348c749b1c581f853a8208 SkinH.dll 9c47edb66fb49647af31d8d18178320e Party.exe 73a413578667a059840b7536440d2cc8 #Malware

English

Cyber Team@Cyberteam008·29 Tem

[3/3] Medical_Report_2025.pptx[.]zip 6ce6ff9a9664c8e9d3dd49be07a03a9c Medical_Report_2025.pptx.ppam 929b636b5b8bdf9f1108f500974e894e Same C2: filestore[.]space #APT36 #TransparentTribe #Malware

Español

Cyber Team@Cyberteam008·29 Tem

[2/3] PM & Est Sanction Final 2025 (1).rar 9428d384055328b95d7190ac60d20c4d PM & Est Sanction Final 2025.ppam f4376e3d6e0d350fa0abf86f9cb389d4 Same C2: filestore[.]space #APT36 #TransparentTribe #Malware

Français

1.1K

Cyber Team@Cyberteam008·29 Tem

[1/3] 03 latest campaigns of #APT36 #TransparentTribe #Malware DDP PPT for action points and issues raised by DGNAI (1).rar 546cf5e93f11b51c96f52c7d9daf62f9 DDP PPT for action points and issues raised by DGNAI.ppam 5eddcbbfc15659d8d6ad3f351819ae1e C2: filestore[.]space

English

2.8K

Keşfet

@500mk500 @fofabot @AzakaSekai_ @th3l4z4rus @SinghSoodeep @elonmusk @BarackObama @taylorswift13