Shadow Chaser Group

3.1K posts

Shadow Chaser Group

@ShadowChasing1

Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group focused on APT hunt and analysis

Earth Sumali Nisan 2020

569 Sinusundan10.9K Mga Tagasunod

Naka-pin na Tweet

Shadow Chaser Group@ShadowChasing1·10 Nis

Hi,bro Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group is focus on #APT hunte and analysis I hope you will follow us :-)

English

Shadow Chaser Group nag-retweet

JangPro@JangPr0·6 Mar

#APT 3ba252288bde5cd59db0903b26edecd2 d45696ee33baef59ae97d7a54af221d7 > Create bot id: BCryptGenRandom{8} > Authorization: Bearer [A/U-botID] > response data RC4 Key: #RsfsetraW#@EsfesgsgAJOPj4eml; > response data export func name "hello" > load.erasecloud.n-e[.]kr/fwrite.php

English

2.6K

Shadow Chaser Group nag-retweet

Sathwik Ram Prakki@PrakkiSathwik·6 Mar

#APT36 Letter to BEL by Def Secy.xlam Letter to Indian Coast Guards by Def Secy.xlam db1b11b63d631e2d0cebdefb322c2e7a cisf[.]ink /mod.pptx /mysite .zip (Password@2025) #HiBit.exe #Golang 53.85MB 2ad4d0a366a51f3c0b70c7967994909f #C2 85.137.249[.]243:8080 CN=shareef @500mk500

Sathwik Ram Prakki@PrakkiSathwik

#APT36 #TransparentTribe #Phishing #APT 1/ ppt regarding DRDO-Larsen & Toubro (L&T) Projects Details.ppam f1b6c9239fc1eb4f777d9cd13d01fc12 defenceindia[.]site BRO_India_Projects_Details.7z ebda2b7bb07893b2315e38cacad352bd VRDE-LandT-Strategic-Collaboration.pptx (gamma decoy)

English

5.1K

Shadow Chaser Group nag-retweet

Sathwik Ram Prakki@PrakkiSathwik·6 Mar

#APT36 #TransparentTribe د دفاع وزارت وړاندیز.docm (Ministry of Defense Proposal) #Afghanistan 73f52b47a91aa4a7967e6ad010ee489f Upload from 🇮🇱 and 🇶🇦 #CrimsonRAT zucrohz isavids.exe #C2 dwdada[.]xyz sharemaxme28[.]net 93.127.133[.]106 6898, 9626, 19821, 28168, 35821 @500mk500

Sathwik Ram Prakki@PrakkiSathwik

#APT36 #TransparentTribe #APT Office of Public Affairs #Afghanistan opa[.zip 6f0be35d0a9a79f7b827c91d83333a2b XLAM 164f7996b586499ba1ebdb8e10f5581e #CrimsonRAT jivarthr edis.exe fed22809d70062733cd1c34e16b75c05 3a231bcc60569143aa899295e4a5ce8a 61bc43314cbcba044f3d0b7ffcf082d6

Català

4.9K

Shadow Chaser Group nag-retweet

RedDrip Team@RedDrip7·5 Mar

#APT #Lazarus #IoC d6296ad786e76b2dd1d7e6de897491d4 45[.]83.140.55:1244

Italiano

9.8K

Shadow Chaser Group nag-retweet

RedDrip Team@RedDrip7·3 Mar

Suspected #APT #Donot samples VBA uses plenty of comment statements to seperate malicious code which creates scheduled tasks and drops BAT files. cab89ee28820b38d1626806f9c1acb9f e5f0a8b4ab983a1457ec2b0a4bff89eb 04cce783b42af18f9208fe5527fa04a8 shop.gladiolus[.]live

English

4.8K

Shadow Chaser Group nag-retweet

xia0o0o0o@Nyaaaaa_ovo·1 Mar

Let's say you are boring today and want a macOS kernel panic. github.com/KpwnZ/my-bugs-…

English

114

7.8K

Shadow Chaser Group nag-retweet

RedDrip Team@RedDrip7·27 Şub

#APT #Bitter trojan 8523f2ff3ff13e510a9bf75665562b3b ashersoftlib[.]com:44908

English

3.9K

Shadow Chaser Group nag-retweet

Tonmoy@r3dactt·25 Şub

Possible DPRK malware downloader, downloads a zip file from kit-haus[.]net/mac-driver Similar persistence mechanism as other 'CDriver' campaign. 0a716920017fba0b70b7295c6d7a06710df38c0d6158a12d3723343919da7fd2 @malwrhunterteam @L0Psec

English

Shadow Chaser Group nag-retweet

R3BELF0X@goldenjackel12·25 Şub

#Found #Suspicious #LNKs 3f25c60d96f9cbbca7fd19278545207b Invitation to participate.lnk Хятад улстай хамтын ажиллагаагаа өргөжүүлж байна.lnk (Expanding cooperation with China.lnk) 376884baaa4b9505792afc81cdedda42 @ElementalX2 @PrakkiSathwik @500mk500 @polygonben @IdaNotPro

1.8K

Shadow Chaser Group nag-retweet

JangPro@JangPr0·25 Şub

#APT #Kimsuky #Happydoor d9be5226e4df9b95a09ccce5ee675f73 Filename: app.package Mutex: ooooppppoooopppp hxxp://cms.spaceyou.o-r[.]kr/index.php hxxp://erp.spaceme.p-e[.]kr/index.php Screen capture, Keylogging, Mic record, File monitor, etc... x.com/JangPr0/status…

JangPro@JangPr0

#APT 대국민서비스관리운영체계_현장점검_증적(초안).pif 8983ffa6da23e0b99ccc58c17b9788c7 C:\Users\user\AppData\Roaming\AppRoot\app.package upx compressed

English

Shadow Chaser Group nag-retweet

Sathwik Ram Prakki@PrakkiSathwik·25 Şub

Similar #LNK from 🇵🇰 _Finance.lnk a617b203a440783a987f454738327e00 #EXE .NET w/ same #C2 185.82.202[.]150 b67530ef2420d45ff61b27e609d1e6cf 947edbaadf96b1bd38df447fda0a99b1 81a83f28a91d92dc3620b71509185585 5d60956bea461e5dcfd4f9e81226433e phost.pdb p4.7.2.pdb WINTEN power4.7.2

Savant@WabiSabi777_

Susp Indian #APT Targetting Pak Navy jalaiyt.rar from Pakistan b25bc18bda9be41df2b9ecd2fa6b060196a842bb90ac17bdb03faf1ba6292dad drops _Outreach 2026-27 NHQ.pdf .lnk d53c1a27f692f4320428d849abb21824 interesting chain @malwrhunterteam @smica83 @volrant136 @ElementalX2

English

5.2K

Shadow Chaser Group nag-retweet

Sathwik Ram Prakki@PrakkiSathwik·21 Şub

#APT36 (ISO-LNK-BAT) triggers HTA-based #ReverseRAT & #GetaRAT, instead of CrimsonRAT [seen early Dec-2025] commskl.iso 7edf05d02d84b160b39e4e778a226959 commskl.docx.lnk 7f735f1605a54a18072f299a14507a5d #C2 AS14956 172.86.122[.]203:5863 dns.sysdllfile[.]site @500mk500

Sathwik Ram Prakki@PrakkiSathwik

#APT36 Latest Deployment Updates.iso cb5fc8584023ec7be2721e45845f5434 LATEST DEPLOYMENT UPDATE.PPTX.LNK 8d6dea4fbc1618a0ab90509e0b70bfaf #CrimsonRAT rgwnshnr wsfcias.exe 191e9e0f6dd48379d084868506a34025 #C2 AS32097 204.12.218[.]202 9916, 14955, 18961, 25226, 37822 @500mk500

English

6.9K

Shadow Chaser Group nag-retweet

Demon@volrant136·19 Şub

#APT #Sidewinder targeting #Srilanka #Navy 🇱🇰 Tracked by @Huntio +1 🔗https://mail-navy-lk-43897fyi78945tr78945uio89045iuort89045prt054k[.]pages[.]dev/?username=dglogstaff ref: x.com/volrant136/sta… cc: @500mk500 @MichalKoczwara @malwrhunterteam

Demon@volrant136

Ongoing #APT #Sidewinder Campaign targeting #Srilanka #Army and #Defence #sector 1/ Using @Huntio, I have found new exfiltration server found last 4 attacks: slservices-lk[.]com cc: @500mk500 @MichalKoczwara @malwrhunterteam

English

1.8K

Shadow Chaser Group nag-retweet

Yogesh Londhe@suyog41·17 Şub

Cyber_Advisory_Review_Checlist_Banking.xlsx.msc ff3a4a0b681644e3c59194e67adbbc9e C2 cdn-pkcert-gov-pk.pages[.dev #IOC

English

1.5K

Shadow Chaser Group nag-retweet

Demon@volrant136·15 Şub

#Phishing Air Marshall, Inc. | Purchace Order Doc Tracked by @Huntio 🔗https://office36s-azure365-nzloutook[.]squarespace[.]com/ 🔗https://office-oneshare-file8-osiwin[.]squarespace[.]com/ Exfil to: ⚠️https://submit-form[.]com/u65jenlMI

English

1.4K

Shadow Chaser Group nag-retweet

Demon@volrant136·14 Şub

🧵 Ongoing #APT #Sidewinder Campaign (#Pakistan) 🕸️ Cluster: mail-pk[.]org, mails-pk[.]com, mails-pk[.]net New host observed 8 Feb 2026: ⚠️ mail-pk[.]com 🏢 Provider: Namecheap (AS22612) @500mk500 @__0XYC__ @malwrhunterteam @ShadowChasing1

English

Shadow Chaser Group nag-retweet

Demon@volrant136·15 Şub

#APT #Sidewinder Targets #Pakistan #Navy Interesting! Using icewarp[.]com ? Tracked by @Huntio 🔗https://navy-pk-dils-maint213-ifwcnxl4[.]leapcell[.]dev/home/?dgkjshfskdjhghgrehjhvjshdfoerowiuifg=ZG5vMU8wYWtuYXZ5Lmdvdi5waw== cc: @500mk500 @MichalKoczwara @malwrhunterteam

English

2.3K

Shadow Chaser Group nag-retweet

Demon@volrant136·11 Şub

#APT #Sidewinder Targets #Bangladesh #Navy 🇧🇩 +1 Tracked by @Huntio 🔗https://mail-ntc-net-pk-zimbra-dils-maint213-2q1ntcqz[.]leapcell[.]dev/login.html?gfjdliotrgojnghgherbegrehureert0e0ee=cGdjb29yZC1sYWhhYkBoaXQuZ292LnBr cc: @500mk500 @MichalKoczwara @malwrhunterteam

English

4.5K

Tuklasin

@500mk500 @malwrhunterteam @L0Psec @ElementalX2 @PrakkiSathwik @polygonben @IdaNotPro @Huntio