Malicious @github repo at:
github/.com/charlie...
seen dropped via #xworm on a hijacked @operagxofficial installer
app.any.run/tasks/4be36a...
1 year ago
0
0
0
0
Posts by
If you'be been dealing with these janky downloaders ("pdfs" if MiTM the TLS), these have been #darkcloud #stealer so far:
app.any.run/tasks/925ce6...
Look for:
vbs file
showip\.net
LoginData
WebData
keyDBPath.db
in the run and
StrFtpServer
DCS V
in the dmp file
1 year ago
0
0
0
0
Some fresh (and I can't believe I'm typing this) #lokibot:
app.any.run/tasks/054d7a...
c2: http:// touxzw\.ir/fix/five/fre.php
1 year ago
0
0
0
0
A csv formatted list of #malspam campaigns that crossed my path in February to include #malware name, c2, hash, subject, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
1 year ago
0
0
0
0
Hrmm....thinking a whitehat has taken control ;)
1 year ago
0
0
0
0
Huh...first time I've seen threat actor's using @ThinkstCanary :
https:// assistance-newton-adam-indiana.trycloudflare\.com
1 year ago
0
0
1
0
Badness at:
144.91.79.54/10022025/
app.any.run/tasks/70b515...
Ultimately #darkcloud (the txt file); c2 juguly\.shop
1 year ago
0
0
0
0
Ultimately #asyncrat and #hvnc:
mathewhvnc.twilightparadox\.com
kjhvnc.duckdns\.org
rtasyn.duckdns\.org
asyncyam.twilightparadox\.com
1 year ago
1
0
0
0
If you're not blocking trycloudflare\.com at the perimeter, now's the time: #opendir 's:
https:// em-ash-announcements-alpha.trycloudflare\.com/1DSAHJKSA/ ->
https:// did-efficiency-than-lenses.trycloudflare\.com ->
https:// reached-theoretical-regular-impact\.trycloudflare.com
1 year ago
2
1
1
0
Advertisement
http:// account\.empireaccelerate.com:9200/empire_account/account/account.do 🤨
1 year ago
0
0
0
0
When the threat actor REALLY wants it to run... #venomrat c2:
176.65.142.172:4449
1 year ago
1
0
1
0
A csv formatted list of #malspam campaigns that crossed my path in January to include subjects, hashes, c2's, #malware type, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
1 year ago
0
0
0
0
When #windows decides it's had enough of you blocking it's update/telemetry processes (going to wd-prod-cp-us-west-2-fe\.westus.cloudapp.azure.com) and just yeats out the lookup over #netbios 🤷
1 year ago
0
0
0
0
A fairly sizable distributed port scan (all source port 19000) about 30 minutes ago; raw logs and sources here:
gist.github.com/silence-is-b...
1 year ago
1
1
0
0
If you're....you know...bored...
app.any.run/tasks/365f89...
1 year ago
2
0
0
0
#webshell #opendir #netsupport #rat at:
https:// appointedtimeagriculture\.com/wp-includes/blocks/post-content/
GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA
1 year ago
0
0
0
0
As much as I was excited about #telegram cooperating with LE...I haven't noticed much of a change:
app.any.run/tasks/694cb9...
1 year ago
0
0
1
0
Advertisement
#opendir at:
https:// superior-somalia-bs-leisure.trycloudflare\.com ->
http:// jsnybsafva\.biz:8030
1 year ago
4
1
1
0
Same
1 year ago
0
0
0
0
A late (due to holiday vacation) and sparse csv formatted list of #malspam campaigns that crossed my path in December to include subjects, #malware, hashes, c2's, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
1 year ago
3
1
0
0
Additional details:
1 year ago
0
0
0
0
An #expiro (believe it or not) dropping #xloader
app.any.run/tasks/43f807...
fake c2 and campaign:
http ://www.sunnyz.store/px6j
1 year ago
1
0
1
0
But it's not though. Not really.
1 year ago
0
0
0
0
Interesting use of @Formstack as an interactive landing page for a #ms365 #phish:
https:// bilykfilms .com/m/
is the site.
1 year ago
4
1
0
0
An unsurprisingly light csv formatted list of #malspam campaigns that crossed my path in November to included subjects, #malware type, hashes, c2's and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt #infosec #cybersecurity
1 year ago
9
1
0
0
Advertisement
Excellent...thanks!
1 year ago
0
0
0
0
A curious js file...
app.any.run/tasks/112848...
1 year ago
7
1
1
0
...nice place you got here...
1 year ago
2
0
0
0