Mastodawn

Threat Insight Jul 29, 2025

Every threat actor group has its own unique tactics, techniques, and procedures (TTPs). For example, during #taxseason, #TA558 pivots from its typical reservation-themed email lures to target financial firms with tax-related lures.

#TA2541 is known to consistently target organizations in the aerospace, manufacturing, and defense industries using remote access trojans (RATs).

#TA582's TTPs feel like a digital jigsaw puzzle, with simultaneous email, web inject, and compromised site vectors.

Stream this DISCARDED podcast episode to hear all about the chaotic brilliance of mid-tier eCrime actors. https://www.proofpoint.com/us/podcasts/discarded#143240

MalasadaTech Nov 17, 2024

Testing out Chris Duggan's DNS Coffee workflow (https://x.com/TLP_R3D/status/1845446668549775372) to search for new TA582 domains.

New #TA582 domains observed via the workflow:

pbizntettbvs[.]top
rigzuvzi3bnz3[.]top
robnzuwubz[.]top

Chris Duggan (@TLP_R3D) on X

🧵Thread / 🕵️‍♂️ Ever wanted to hunt down APTs like #TheCom via DNS but can't be bothered with all the searching and clicking? Want to get a list of interesting 'live' domains to investigate in under 60 seconds ⏰!! No worries! Let's automate the process with a Python script

X (formerly Twitter)