MalasadaTech

@[email protected]
18 Followers
35 Following
154 Posts

ALOHA! This is my "Independent Researcher" persona. I post about things that I enjoy researching and analyzing during my personal time.

"Views are my own, not my employer’s. All research is done independently, on personal time and resources. Tools or references used are unaffiliated with my employer."

Webhttps://malasada.tech
Show threadMalasadaTechOct 30

@apth @nopatience

Thanks!

Show threadMalasadaTechNov 19, 2024

Two more on today's check. Pretty cool.

bajcgicdiinbegb[.]top
cfverclsid[.]top

MalasadaTechNov 17, 2024

Testing out Chris Duggan's DNS Coffee workflow (https://x.com/TLP_R3D/status/1845446668549775372) to search for new TA582 domains.

New #TA582 domains observed via the workflow:

pbizntettbvs[.]top
rigzuvzi3bnz3[.]top
robnzuwubz[.]top

Chris Duggan (@TLP_R3D) on X

🧵Thread / 🕵️‍♂️ Ever wanted to hunt down APTs like #TheCom via DNS but can't be bothered with all the searching and clicking? Want to get a list of interesting 'live' domains to investigate in under 60 seconds ⏰!! No worries! Let's automate the process with a Python script

X (formerly Twitter)
Show threadMalasadaTechNov 15, 2024

@cyberamateur @rmceoin

HOWZIT! I'm very interested. Thanks for sharing! Will reply in a private mention.

Show threadMalasadaTechNov 9, 2024

@coldiv

Thanks!

Show threadMalasadaTechNov 7, 2024
@cyberamateur @crep1x Thanks! Had to do a quick refresher. I'll add that to my notes - appreciate it!
Show threadMalasadaTechNov 7, 2024
@cyberamateur Nice! Looks like it's injected into compromised sites.
Show threadMalasadaTechNov 7, 2024

Thanks @crep1x for the original post that inspired me to monitor for this!

https://x.com/crep1x/status/1850965395114508452

crep1x (@crep1x) on X

Infrastructure distributing #NetSupport RAT remains active, currently using fake 7-Zip webpages MSIX > PS1 > NetSupport C2: 91.149.232.]112 Infra: 7zip10-2024.]life 7zip10-2024.]live 7zip2024.]one meetgo2024.]life 38.180.141.]203 85.209.134.]45 ⬇️ https://t.co/9fSPN4GFo1

X (formerly Twitter)
MalasadaTechNov 7, 2024

7-Zip #FakeApp observed serving #NetSupportRat

https[:]//7zlp2024[.]shop

>>

0511file24.msix (b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56)

MGJFFRT466
NSM301071

62.76.234[.]49:443

MalasadaTechNov 6, 2024

Observed a few possible upcoming #KeitaroTDS domains via Silent Push. Found in research, not observed in any compromised sites yet. #SocGholish #TA569.

designinteractiveplatform[.]club
ajaxapiendpoint[.]cloud
codingmastermindhub[.]club
apivuecomponent[.]com