CTI.FYI2h ago

๐ŸšจNew ransom group blog post!๐Ÿšจ

Group name: lapsus$
Post title: MAPFRE ASSURANCE
Info: https://cti.fyi/groups/lapsus$.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

VulDB 7h ago
Indicators added for: pupy (+1), DCRat (+3), Kinsing (+1), RedTail (+1), Cobalt Strike (+4), Stealc (+1) and ValleyRAT (+2). https://vuldb.com/actor #apt #cti #ioc
Actors

Predictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

Vulnerability Database
CTI.FYI8h ago

๐ŸšจNew ransom group blog post!๐Ÿšจ

Group name: gunra
Post title: STAREMPIRE
Info: https://cti.fyi/groups/gunra.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

CTI.FYI1d ago

๐ŸšจNew ransom group blog posts!๐Ÿšจ

Group name: genesis
Post title: A Roettgers
Info: https://cti.fyi/groups/genesis.html

Group name: genesis
Post title: Cedar Street Capital (A part of a Cynvestors Limited Partnership)
Info: https://cti.fyi/groups/genesis.html

Group name: genesis
Post title: Green Resource
Info: https://cti.fyi/groups/genesis.html

Group name: genesis
Post title: Wentworth
Info: https://cti.fyi/groups/genesis.html

Group name: genesis
Post title: Cavalier Flooring Systems Inc.
Info: https://cti.fyi/groups/genesis.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

CTI.FYI1d ago

๐ŸšจNew ransom group blog posts!๐Ÿšจ

Group name: everest
Post title: Asopagos S.A.
Info: https://cti.fyi/groups/everest.html

Group name: everest
Post title: ะ•ะ ะœ
Info: https://cti.fyi/groups/everest.html

Group name: 0day Syndicate
Post title: DOWNLOAD DATA
Info: https://cti.fyi/groups/0day Syndicate.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

DarkJstr1d ago

Hinge database allegedly for sale on BreachForums.

Actor "nilojeda" claims 8M+ records: email, password_hash, oauth_subject_hash, phone_hash, DoB, geolocation. A sample PoC is publicly available in the thread.

$400, accepts crypto. No statement from Hinge yet.

If you use Hinge: rotate password, revoke OAuth sessions, enable 2FA.#DataBreach #CTI #ThreatIntel #infosec #OSINT #Hinge #BreachForums #ATO #privacy

DarkJstr1d ago

Spotted a TikTok video promoting free Fortnite skins linking to fortgg[.]cc. Ended up being a full AiTM phishing kit impersonating Epic Games login.

The kit uses a custom DNSPod CAPTCHA gate to block scanners then serves a pixel perfect Epic Games credential harvester. Under the hood it hooks fetch and XHR to proxy requests to Epic in real time bypassing all 2FA methods including authenticator app, SMS, backup codes and Epic app.

After credential harvest victims are redirected to a fake "Star Locker" page to keep them busy while the operator processes the stolen session token server side.

Source code comments are in Russian. Hosted on 91.227.114.14 AS210006 bullet proof infrastructure. Related domains on same IP include Valorant themed kits suggesting a single operator targeting multiple gaming platforms.

IOCs in image.

#CTI #ThreatIntel #Phishing #AiTM #EpicGames #Fortnite #OSINT #DFIR #infosec #malware

VulDB 1d ago
Added some more indicators for: NetSupportManager RAT (+1), SectopRAT (+1), RedTail (+2), Havoc (+1), SalatStealer (+1), VShell (+8) and Gafgyt (+1). https://vuldb.com/actor #apt #cti #ioc
Actors

Predictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

Vulnerability Database
CTI.FYI1d ago

๐ŸšจNew ransom group blog post!๐Ÿšจ

Group name: nova
Post title: LTI Services and Larick Towing
Info: https://cti.fyi/groups/nova.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

CTI.FYI1d ago

๐ŸšจNew ransom group blog post!๐Ÿšจ

Group name: nova
Post title: BC3 Tecnologia
Info: https://cti.fyi/groups/nova.html

#ransomware #cti #threatintelligence #cybersecurity #infosec