Sourajeet 🔍

@soursecc

Security Researcher @cloudsek, All views personal

out of sight

Joined September 2020

58Following

523Followers

Pinned

Sourajeet 🔍@soursecc · Sep 27, 2023

🧵#AePS (Aadhaar Enabled Payment System) based frauds & Leakage of #Biometrics from State Government site #Aadhaar #privacy #security #hacking

soursecc's tweet image. 🧵#AePS (Aadhaar Enabled Payment System) based frauds &amp; Leakage of #Biometrics from State Government site

#Aadhaar #privacy #security #hacking

12.0K

Sourajeet 🔍@soursecc · Jul 18

Fresh ClickFix IoC : /clasoftmedia[.]ci /retcap[.]eu /rafelink[.]life /akwatic-hotel[.]ci /bleulab[.]ci /gomezmontero[.]eu /gtl[.]ci /javiergomezmontero[.]eu /ardiellifornasa[.]ge #IoC #ClickFix | #ThreatHunting #Validin cc : @500mk500 @MichalKoczwara @skocherhan @1ZRR4H

soursecc's tweet image. Fresh ClickFix IoC :

/clasoftmedia[.]ci
/retcap[.]eu
/rafelink[.]life
/akwatic-hotel[.]ci
/bleulab[.]ci
/gomezmontero[.]eu
/gtl[.]ci
/javiergomezmontero[.]eu
/ardiellifornasa[.]ge

#IoC #ClickFix | #ThreatHunting #Validin

cc : @500mk500 @MichalKoczwara @skocherhan @1ZRR4H

1.0K

Sourajeet 🔍@soursecc · Jul 16

ClickFix IoC : generali-fx[.]com generali-fx[.]com/cloudfare #IoCs #ClickFix | #Censys #ThreatHunting cc : @500mk500 @skocherhan @MichalKoczwara @malwrhunterteam @1ZRR4H

soursecc's tweet image. ClickFix IoC :

generali-fx[.]com
generali-fx[.]com/cloudfare

#IoCs #ClickFix | #Censys #ThreatHunting

cc : @500mk500 @skocherhan @MichalKoczwara @malwrhunterteam @1ZRR4H

524

Sourajeet 🔍@soursecc · Jul 15

ClickFix IoC : hrdepartments[.]org #IoCs #ClickFix | #Censys #ThreatHunting cc : @500mk500 @skocherhan @MichalKoczwara @malwrhunterteam @1ZRR4H

soursecc's tweet image. ClickFix IoC :

hrdepartments[.]org

#IoCs #ClickFix | #Censys #ThreatHunting

cc : @500mk500 @skocherhan @MichalKoczwara @malwrhunterteam @1ZRR4H

4.0K

Sourajeet 🔍@soursecc · Jul 15

Fresh similar ones : /meet.google.webconnect58[.]com/ktb-gkc-xha /meet.google.web-connect[.]us /meet.google.webconnect49[.]com/krk-rvc-xwh/ /www.meet.google.webconnect88[.]com /meet.google.webconnect11[.]com #IoCs | #ThreatHunting #Censys cc : @500mk500 @moonlock_lab

MMoonlock Lab@moonlock_lab · Jul 8

Thanks for sharing! Looks like this domain plays a key role in this campaign too: meet[.]google[.]webconnect49[.]com We will be taking a closer look as well 👀

322

Sourajeet 🔍@soursecc · Jul 14

Phishing pages targeting @VALORANT gamers : /valorantid.ikwb[.]com/verify[.]php /valorantidn.duckdns[.]org/verify[.]php #IoCs #Valorant | #ThreatHunting #Censys cc: @500mk500

soursecc's tweet image. Phishing pages targeting @VALORANT gamers :

/valorantid.ikwb[.]com/verify[.]php
/valorantidn.duckdns[.]org/verify[.]php

#IoCs #Valorant | #ThreatHunting #Censys

cc: @500mk500

288

Sourajeet 🔍@soursecc · Jul 13

Fresh IoCs for #ClickFix impersonating @bookingcom - 77.105.164[.]95/s/59ed1342-898f-4455-a521-dc4b737b6aea - booking.extranethelpid612[.]com - admin.extra-book3[.]com #IoCs | #Censys #ThreatHunting cc : @500mk500 @malwrhunterteam @MichalKoczwara @skocherhan @1ZRR4H

soursecc's tweet image. Fresh IoCs for #ClickFix impersonating @bookingcom

- 77.105.164[.]95/s/59ed1342-898f-4455-a521-dc4b737b6aea
- booking.extranethelpid612[.]com
- admin.extra-book3[.]com

#IoCs | #Censys #ThreatHunting

cc : @500mk500 @malwrhunterteam @MichalKoczwara @skocherhan @1ZRR4H

2.0K

Sourajeet 🔍@soursecc · Jul 11

Possible Scattered Spider Infra Targeting @iconectiv🕷️ /18.219.115[.]252 #IoCs #ScatteredSpider | #ThreatHunting #Censys cc : @500mk500 @MichalKoczwara @skocherhan @volrant136 @malwrhunterteam

soursecc's tweet image. Possible Scattered Spider Infra Targeting @iconectiv🕷️

/18.219.115[.]252

#IoCs #ScatteredSpider | #ThreatHunting #Censys

cc : @500mk500 @MichalKoczwara @skocherhan @volrant136 @malwrhunterteam

454