Mastodawn

Gi7w0rm Jan 9, 2025

Here's a list of 698 ACTIVE #KeitaroTDS domains identified via @ValidinLLC. While these domains aren't inherently harmful, they are frequently utilized for advertising campaigns, misinformation (DoppelGaenger), and harmful activities. Therefore, it might be prudent to block them as a precautionary measure.

https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Suspicious/KeitaroTDS.txt

MalwareConfigLists/Suspicious/KeitaroTDS.txt at main · Gi7w0rm/MalwareConfigLists

Just some lists of Malware Configs. Contribute to Gi7w0rm/MalwareConfigLists development by creating an account on GitHub.

GitHub

MalasadaTech Nov 6, 2024

Observed a few possible upcoming #KeitaroTDS domains via Silent Push. Found in research, not observed in any compromised sites yet. #SocGholish #TA569.

designinteractiveplatform[.]club
ajaxapiendpoint[.]cloud
codingmastermindhub[.]club
apivuecomponent[.]com

Show thread

Rob Wright Apr 10, 2024

Here's a deep dive into the history of the #KeitaroTDS, the malicious activity that's been documented over the course of about a decade, and the company's explanations for the extensive abuse of its product. https://www.techtarget.com/searchsecurity/feature/Why-the-Keitaro-TDS-keeps-causing-security-headaches

Why the Keitaro TDS keeps causing security headaches | TechTarget

Security vendors refer to Keitaro as a legitimate entity, but the company's TDS keeps getting flagged in threat reports.

Security

Show thread

Rob Wright Apr 10, 2024

Most TDSes used by cybercriminals – BlackTDS, Prometheus, Parrot, 404 – are underground/black market tools. #KeitaroTDS is different. It's a commercial offering from a software company in Estonia that is viewed as legitimate by vendors like Microsoft.