A csv formatted list of #malspam campaigns that crossed my path in February to include subjects, #malware type, hashes, c2's, and email exfil addresses:
gist.github.com/silence-is-best/49cbc511...
#retrohunt
A csv formatted list of #malspam campaigns that crossed my path in January to include #malware, c2, hash, subject, and some email exfil addresses:
gist.github.com/silence-is-best/8b91cfa9...
#retrohunt
If you've been experiencing these new #malspam with @Action1corp #action1 RMM, there's a tasty lil file called C:\Windows\Action1\what_is_this.txt that's everything you need to know:
app.any.run/tasks/a38ca435-f03f-4e77...
A short (and late due to vacation) csv formatted list of #malspam campaigns that crossed my path in December to include #malware type, subject, hash, c2, and email exfil addresses:
gist.github.com/silence-is-best/720a513f...
#retrohunt
A csv formatted list of #malspam campaigns that crossed my path in November to include #malware type, c2, hash, subject, and some email exfil addresses:
gist.github.com/silence-is-best/b0eed8c8...
#retrohunt
A csv formatted list of #malspam campaigns that crossed my path in October to include subject, hash, #malware type, c2's, and email exfil addresses:
gist.github.com/silence-is-best/5ac67205...
#retrohunt
Some #evil gotoresolve unattended (@LogMeIn cruft) at:
https://padoneeronaccounto365\\.top/adobereader.msi
Company ID: 1441449199376154640
via docx #malspam
a665e6c5d05e02f5812c2bd1e4d405d7b7395dbe94fd380e6b1f1ad35bfd8b02 on the msi
An embarrassingly small csv formatted list of #malspam campaigns that crossed my path in September to include hash, subject, c2, #malware type and email exfil addresses:
gist.github.com/silence-is-best/d88941f8...
#retrohunt
A sparse and late (due to holiday and <groan> jury duty) csv formatted list of #malspam campaigns that crossed my path in August to include subjects, hashes, c2, #malware type, and email exfil addresses:
gist.github.com/silence-is-best/fe83da37...
#retrohunt
#malspam starting with zip -> vhd -> lnk
A semi-late (due to Friday off) csv formatted list of #malspam campaigns that crossed my path in July to include #malware, hash, c2, subjects, and email exfil addresses:
gist.github.com/silence-is-best/a2b497e7...
#retrohunt
A semi-late (due to illness, nothing major) csv formatted list of #malspam campaigns that crossed my path in June to include subjects, #malware type, hashes, c2's, and email exfil addresses:
gist.github.com/silence-is-best/44d48000...
#retrohunt
A (sparse) csv formatted list of #malspam campaigns that crossed my path in May to include #malware, subject, hashes, c2, and email exfil addresses.
gist.github.com/silence-is-best/ede4c444...
#retrohunt
A csv formatted list of #malspam campaigns that crossed my path in April to include #malware type, c2, hash, subject, and email exfill addresses:
gist.github.com/silence-is-best/413e27cc...
#retrohunt
Screenshot of the email distributing MassLogger
Traffic from the MassLogger infection filtered in Wireshark.
MassLogger malware persistent on an infected Windows host.
2025-04-17 (Thursday): #MassLogger malware sent through #malspam. Infection traffic indicates stolen data sent to email server at mail.bouttases[.]fr. Details at github.com/malware-traf...
A csv formatted list of #malspam campaigns that crossed my path in March to include subject, #malware, hash, c2's, and email exfil addresses:
gist.github.com/silence-is-best/70f69b4a...
#retrohunt
Screenshot from the DocuSign-themed Portuguese language (Brazil) email, showing the link to download malware.
Web browser showing download of zip archive from link in the email. Also shows the zip archive content, a Windows shortcut.
Details of the Windows shortcut extracted from the downloaded zip archive. The target is a command string using cmd.exe to run obfuscated code that results in a URL for further malware.
2025-03-05 (Wednesday): #Astaroth ( #Guildma ) distributed through Brazil #malspam - As usual, I didn't get a full infection chain, but I got the initial zip archive from link in the email. Details at github.com/malware-traf...
A csv formatted list of #malspam campaigns that crossed my path in February to include #malware name, c2, hash, subject, and email exfil addresses:
gist.github.com/silence-is-best/9ff7d57a...
#retrohunt
A csv formatted list of #malspam campaigns that crossed my path in February to include #malware name, c2, hash, subject, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
2025-02-26 (Wednesday): #XLoader (#Formbook) distributed through #malspam. The email has an attached PDF document. The PDF has links for a ZIP download, and the ZIP contains files that use DLL side-loading for XLoader.
bit.ly/4bgKRU8
Social media post I wrote for my employer on other platforms: 2025-02-26 (Wednesday): #XLoader (#Formbook) sent thru #malspam. Email has an attached PDF document. PDF has links for a ZIP download, and the ZIP contains files using DLL side-loading for XLoader. Details at github.com/PaloAltoNetw...
2025-02-25 (Tuesday): #VenomRAT from #malspam uses zip attachment containing a VHD file containing a VBS file. Calls Pastebin link for C2 server information. Details at github.com/malware-traf...
2025-02-12 (Wed): #VIP_Recovery (an #AgentTesla variant) from Brazil #malspam --> zip attachment --> extracted EXE.
File name: Factura Gastos.exe
Email accounts for data exfiltration: antonipont@grupobdb[.]com --> cludsewe3@gmail[.]com
EXE available at: bazaar.abuse.ch/sample/c7620...
A csv formatted list of #malspam campaigns that crossed my path in January to include subjects, hashes, c2's, #malware type, and email exfil addresses:
gist.github.com/silence-is-best/4a355842...
#retrohunt
A csv formatted list of #malspam campaigns that crossed my path in January to include subjects, hashes, c2's, #malware type, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
thehackernews.com/2025/01/1300...
#Infosec #Security #Cybersecurity #CeptBiro #MikroTik #Routers #Hijacked #Botnet #Malspam #Cyberattacks
🚨Cybercriminals spoof sender addresses using neglected domains to bypass security, spreading phishing links, QR codes, and extortion demands. Attacks target various sectors, exploit cheap gTLDs, and use malicious plugins to steal financial data.
#Cybersecurity #Phishing #Malspam #EmailSpoofing
⚠️ Muddling Meerkat linked to domain spoofing tactics in global spam campaigns, revealing sophisticated techniques like QR code phishing and extortion schemes.
Read: hackread.com/muddling-mee...
#CyberSecurity #Malspam #MuddlingMeerkat #Malware
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections reconbee.com/neglected-do...
#Domains #Malspam #SPF #DMARC #security #protection #cybersecurity #cybersecuritynews #cyberattacks
2025-01-09 (Thursday): Now this is more like it! Real #malspam with real #malware. Even if the infection traffic looks like it's an #Matiex or #SnakeLogger or #AgentTesla variant that exfiltrates data through api.telegram[.]org.
#AnyRun analysis of the malware EXE at: app.any.run/tasks/8ffd01...
