| 1 |
malware_traffic |
@NerdShinobi Microsoft still controls the domain. so no one should be able to make http://msftconnecttest.com point to a bad server. If malware updates a victim's "hosts" file on a Windows computer. it could sneak something through that way. but that can be done for any domain.
|
2022-08-15 22:36:37 |
| 2 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /steamcommunityprice.com/
🚩 188.114.97.3
☁ CLOUDFLARENET
🔒 E1 https://twitter.com/phishunt_io/status/1559298902951600129/photo/1
|
2022-08-15 22:00:03 |
| 3 |
ArchinalLee |
In the Talos Security report. they listed hashes of the backdoors that they found. One of these hashes can be found on @VirusTotal for more information.
https://www.virustotal.com/gui/file/99be6e7e31f0a1d7eebd1e45ac3b9398384c1f0fa594565137abb14dc28c8a7f
#CyberSecurity #HappyHunting #ThreatHunting #MalwareMonday
|
2022-08-15 19:35:26 |
| 4 |
h2jazi |
#DangerousPassword (CryptoCore/CryptoMymic) #APT:
share.1drvmicrosoft.com (Registered 6 days ago)
1ce3d938f66cf051caf4c321a560db7c
New Profit Distributions. zip
6cdd8f7311975edcfd51e3a08e28390a
Password.txt.lnk
Related:
b6dc9ba009d68322a855705bdec21a52
SppedUp.lnk
|
2022-08-15 19:22:32 |
| 5 |
0xToxin |
#riskware
G-Drive -> password protected zip -> lnk -> ps1 -> #netsupport
VT confidence on LNK - 0/60
C2 - ssaiufny4yvsfdt43igov3.cn:443 (alt - ssaiufny4yvsfdt43igov3.cn:443)
Full IOC can be found here: https://github.com/0xToxin/Malware-IOCs/blob/main/Riskware/Riskware%20-%2015082022
Bazzar link: https://bazaar.abuse.ch/browse/tag/asjvyy4jvos-com/ https://twitter.com/0xToxin/status/1559255213260800002/photo/1
|
2022-08-15 19:06:27 |