Mikhail Kasimov (@500mk500) / X

Mikhail Kasimov

8,982 posts

Mikhail Kasimov

@500mk500

Malicious traffic detection system: @maltrail; Maltrail Demo Page: maltraildemo.github.io; Maltrail FAQ: bit.ly/3IM9z07

Ukraine, Kiev

Joined January 2016

Pinned
Mikhail Kasimov
@500mk500
Jun 6, 2025
Generalization is the key on solving the problem of "you-have-wrong-attribution" discussions.
LetsDefend
@LetsDefendIO
Jun 5, 2025
Cybersecurity Terminology
20K
Mikhail Kasimov
@500mk500
Dec 19, 2023
Unfortunately, authors haven't provide network IOCs. OK, no problem: 191.101.2[.]220:1337 198.12.73[.]120:1337 3.6.115[.]182:18560 3.6.122[.]107:18560 3.6.30[.]85:18560 3.6.98[.]232:18560 45.119.210[.]18:1337 62.72.57[.]78:7248 Det: github.com/stamparm/maltr… #JaskaGO #Stealer
Ofer Caspi
@shablolForce
Dec 19, 2023
#JaskaGO - new malware stealer infecting macOS and Windows systems flies under the radar cybersecurity.att.com/blogs/labs-res… #infosec #malware #threat #macOS #windows #cybersecurity
Create jaska.txt · stamparm/maltrail@50428a1
From github.com
9K
Mikhail Kasimov
@500mk500
Mar 21, 2021
Looks similar to #APT #Lazarus SHA256: 75d3d96033db529c9ae698ac6de8fba420c2daa5d97614d7118f49e03c2d83d3 C2: documentprotect[.]pro
Jazi
@h2jazi
Jan 28, 2021
These look like #Lazarus #APT maldocs using template injection: Abies VC Presentation.docx ee9dda6bbbb1138263873dbef36a4d42 00a63a302dcaffc9f28826e9dba30e03 https://documentprotect[.]live
Mikhail Kasimov
@500mk500
Mar 10, 2023
#APT #Gamaredon-related domains: aristakes[.]xyz arutyund[.]xyz kirmango[.]shop mahirgo[.]shop muayidgo[.]shop muvafakgo[.]shop IP: 31.129.22[.]48 Subs: eval71.autometrics[.]pro mid71.autometrics[.]pro responsebody71.autometrics[.]pro run71.aristakes[.]xyz IP: 64.227.48[.]39
4.2K
Mikhail Kasimov
@500mk500
Mar 2, 2024
#APT #Kimsuky-related fscns\.online gocgledrive\.store hometaxcs\.site hometaxes\.store mois-com\.site mois-kr\.site moisnews\.site nhis-doc\.space nscentre\.cloud nsrv\.space [1/2]
5.4K
Mikhail Kasimov
@500mk500
Sep 14, 2023
#Darkgate domains: antmanspshopsman[.]com antmanspshopsman[.]life coocooncookiedpo[.]com drkgatevservicceoffice[.]net msteamseyeappstore[.]com naserviceebaysmman[.]shop wmnwserviceadsmark[.]com Ref: virustotal.com/gui/ip-address… Detection: github.com/stamparm/maltr…
6.1K
Mikhail Kasimov
@500mk500
Sep 13, 2023
#Darkgate 45.141.87[.]89:9999 bikeontop[.]shop dreamteamup[.]shop positivereview[.]cloud whatup[.]cloud Ref: virustotal.com/gui/ip-address… virustotal.com/gui/file/1fd07… virustotal.com/gui/file/4c33d… virustotal.com/gui/file/ad692… virustotal.com/gui/file/ad692… virustotal.com/gui/file/d28a4… virustotal.com/gui/file/2e1e2…
1.9K
Mikhail Kasimov
@500mk500
Mar 22, 2024
#TA569 domains to detect: apiasyncpromise[.]com apieventemitter[.]com apifetchmethod[.]com apiframeworknode[.]com apifunctioncall[.]com apijsonparserkit[.]com apistoragecache[.]com asyncawaitapi[.]com
2.1K
Mikhail Kasimov
@500mk500
Sep 12, 2022
Looks like fresh #APT #Gamaredon-related domains: agaricuso[.]ru blackbirdo[.]ru rhchp[.]ru celvinhar[.]ru metallicas[.]ru paparoacho[.]ru silvicolas[.]ru sub: 71desirable.silvicolas[.]ru IPs: 144.202.78[.]240, 158.247.196[.]186, 178.62.208[.]14
Mikhail Kasimov
@500mk500
Jul 15, 2025
#APT #Lazarus domains from 12 Jul 2025 talenthireflow\.com api.stockdata\.tech
2.6K
Mikhail Kasimov
@500mk500
Feb 25, 2022
#APT #Gamaredon domains + derivative sub domains found on IP: 2.59.36[.]194 koparas[.]ru loralis[.]ru pitroksa[.]ru aaa.loralis[.]ru aaa.koparas[.]ru aaa.pitroksa[.]ru gloomily67.golitus[.]ru interference20.holotras[.]ru Detection:
Update apt_gamaredon.txt · stamparm/maltrail@157437d
From github.com
Mikhail Kasimov
@500mk500
May 10, 2021
#IcedID fresh C2s to add detection: - 83.97.20[.]126: icouldmakeyoubelieve[.]top makeyoubelieve[.]top - 194.5.249[.]85: barcafokliresd[.]top dsedertyhuiokle[.]top
Mikhail Kasimov
@500mk500
Mar 7, 2021
#APT #Gamaredon sample: b8ae65f340dcf4406c01570a6da09cc764499cf67cb647287613313659d7ae72 - hXXp://83.166.241.96/striped - acteran[.]ru
Mikhail Kasimov
@500mk500
Mar 3, 2021
[03-03-2021] #APT #Gamaredon IP: 83.166.244[.]243 and 89.223.124[.]22 acteran[.]ru ariuma[.]ru bacteri[.]ru botulina[.]ru butyri[.]ru candidar[.]ru debarys[.]ru enterow[.]ru erwina[.]ru guill[.]ru herica[.]ru ichia[.]ru iermo[.]ru lipolys[.]ru mondii[.]ru
Mikhail Kasimov
@500mk500
Apr 22, 2021
#Magecart-like domains from IP: 96.126.117[.]191 cdn-aws[.]com clicktracking321[.]com google-analytics-premium[.]com fonts-community[.]com fonts-directory[.]com leadcap-js[.]com