Hi @Namecheap Can you check this #mythic c2 panel on https://159[.]198[.]36[.]237 https://t.co/hPb82Yn309 See also: https://t.co/dvc5gyP5T4

Phishing ABN AMRO at https://abnmroinvestments[.]com/nl/ #Phishing #namecheap @Namecheap @ABNAMRO

🌟New report out today!🌟 Navigating Through The Fog Analysis and reporting completed by @angelo_violetti, and reviewed by @svch0st. Audio: Available on Spotify, Apple, YouTube and more! https://t.co/aN5xFoYATD

Hi @Namecheap Can you check these domains (linked to Lumma Stealer) and registered at Namecheap: deepymouthi[.]sbs consumeroo[.]sbs ferrycheatyk[.]sbs captaitwik[.]sbs snailyeductyi[.]sbs monstourtu[.]sbs

Phishing FakeTech at https://porzopornpedia[.]online/004/index.html #Phishing #namecheap @Namecheap

Hello @Namecheap, These domains are used by Lumma stealer: https://teachherwjw[.]shop/api https://condedqpwqm[.]shop/api Sample: https://t.co/rZuaIy4Yh1 The domains are registered at Namecheap. Thanks!

⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍

@Namecheap cc: @500mk500 @banthisguy9349 @malwrhunterteam

New #darkgate domain (eventgrids[.]online): https://t.co/yelOWFGhqt Sample: https://t.co/q7kWO4e2Ay @Namecheap can this domain be taken down?

Finally published #ChartingTheIOCs - a blog post to: - help #SysAdmins defend their networks 🛡️ - explain how @SarlackLab’s mapping works - … and share my wisdom (rant) on hunting #C2 servers https://t.co/TApCzb5kge Let us know what your thoughts are! #OneTeamOneFight

@500mk500 @banthisguy9349 @malwrhunterteam Also getting files from 103.192.209[.]60:7474/ (like source.rar)

Found an executable on http://103.192.209.60[:]8888/ C2 seems to be: cdc.ogagp[.]top:6688 and 103.192.209[.]60:7575 Virustotal is labeling it flystudio. https://t.co/wFyRTrqHmz Anyone know more about this malware? cc: @500mk500 @banthisguy9349 @malwrhunterteam

Full url: http://mylittlecabbage[.]net/xcdttafq

New #darkgate domain (mylittlecabbage[.]net): https://t.co/qmoqQXGPms Sample: https://t.co/erMuWihtLa @Namecheap can this domain be taken down?

@Namecheap @Namecheap Can you look at this?

New #darkgate domain (flexiblemaria[.]com): https://t.co/YQHJ7AlUx9 Sample: https://t.co/xTtomqxdrF @Namecheap can this domain be taken down?

@Namecheap Thanks in advance! More can be found here: https://t.co/SDWQO95p5k

@Namecheap @Namecheap More of these from the same source: wt-api[.]top webstaticcdn[.]com counter247[.]live js-min[.]site abc-cdn[.]online 24supportkit[.]com jsdevlvr[.]info opttracker[.]online schema-forms[.]org 365analytics[.]xyz js-assets[.]cloud watchasync[.]com localadswidget[.]com

In campaign https://t.co/ZirfbNuQVf there is a domain streaming.jsonmediapacks[.]com which @Namecheap is registar of that domain. Can it be taken down? See also:

#opendir with #agenttesla on 37.49.228[.]234 Exfil credentials to boydjackson[.]org:587 Any RUN: https://t.co/SNfriHE2gi Files: https://t.co/VXJy6PnhJN - purchase.js -> https://yourfile[.]boo/Purchase.js https://t.co/JCYQTLg9S7 cc: @500mk500 @malwrhunterteam @banthisguy9349