1 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 56
VirusTotal: https://www.virustotal.com/gui/file/f3c35a5af515e2c2880e19333af5a6b9d856abfb0eada86c073ddf71def94c6b/detection/f-f3c35a5af515e2c2880e19333af5a6b9d856abfb0eada86c073ddf71def94c6b-1650556588
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 23:40:03 |
2 |
TaWeststrate |
Domain: http://rotterdamrides.nl - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/rotterdamrides.nl
|
2022-05-22 22:57:33 |
3 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 28
VirusTotal: https://www.virustotal.com/gui/file/f9981a6198009606540f61b26a759c519cee78be724bfe377b6be1b6d45a72fb/detection/f-f9981a6198009606540f61b26a759c519cee78be724bfe377b6be1b6d45a72fb-1646840055
Threat: Possible_IRCBOT.SMLBO (TrendMicro)
|
2022-05-22 22:40:02 |
4 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/9a88b86053e0b1701c991e35718ff71478ec0ba66f2a03a8a86516829f088f60/detection/f-9a88b86053e0b1701c991e35718ff71478ec0ba66f2a03a8a86516829f088f60-1650556346
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 22:10:02 |
5 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/74b4855f9b22972274260b357b291dc4244d5714caaaa591824d5780d4ba37a8/detection/f-74b4855f9b22972274260b357b291dc4244d5714caaaa591824d5780d4ba37a8-1634306717
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 20:50:02 |
6 |
TaWeststrate |
Domain: http://bcc.nl - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/bcc.nl
|
2022-05-22 20:38:01 |
7 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /iclloud.ml/
🚩 167.172.88.66
☁ DIGITALOCEAN-ASN
🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1528473516982558721/photo/1
|
2022-05-22 20:30:58 |
8 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 54
VirusTotal: https://www.virustotal.com/gui/file/091246b43567dd358bd784afa1854c6553fa1e661e66c077bc5de68a45f50dd4/detection/f-091246b43567dd358bd784afa1854c6553fa1e661e66c077bc5de68a45f50dd4-1650556559
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 20:25:02 |
9 |
TaWeststrate |
Domain: http://kpnstreaming.nl - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/kpnstreaming.nl
|
2022-05-22 20:22:53 |
10 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 64
VirusTotal: https://www.virustotal.com/gui/file/6a80565077ec7f363a1aba4d07ba19747ad1bf1c094df2f8ca48ddf5e957ee77/detection/f-6a80565077ec7f363a1aba4d07ba19747ad1bf1c094df2f8ca48ddf5e957ee77-1596243939
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 19:15:03 |
11 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/eea04bce30058338f29d97b4d55ae56b75c7025c41816523df318a8d33b8e0c3/detection/f-eea04bce30058338f29d97b4d55ae56b75c7025c41816523df318a8d33b8e0c3-1650556560
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 19:15:03 |
12 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/bb596c843347ed7c7a7a4b085698412c82ffbbc192bd1fab3dca5ae75285c54b/detection/f-bb596c843347ed7c7a7a4b085698412c82ffbbc192bd1fab3dca5ae75285c54b-1638481575
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 18:10:02 |
13 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 57
VirusTotal: https://www.virustotal.com/gui/file/7034df11ba018724cb8e824ad2ac7fdfe3cbab8e289f716cca5b150fd4fedfcf/detection/f-7034df11ba018724cb8e824ad2ac7fdfe3cbab8e289f716cca5b150fd4fedfcf-1650556485
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 17:30:02 |
14 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/b190b08b52f0028c34e28758bc2de866d223e206207279c7324fb695b2323048/detection/f-b190b08b52f0028c34e28758bc2de866d223e206207279c7324fb695b2323048-1647151518
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 16:45:02 |
15 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /instagram-copyright.eu/
🚩 92.204.220.55
☁ Host Europe GmbH
🔒 ZeroSSL RSA Domain Secure Site CA https://twitter.com/phishunt_io/status/1528412775583735808/photo/1
|
2022-05-22 16:29:36 |
16 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 55
VirusTotal: https://www.virustotal.com/gui/file/b05dc9b387ae32d96ccc1615898ef3cf4b623eb224f264565d1f09115007756e/detection/f-b05dc9b387ae32d96ccc1615898ef3cf4b623eb224f264565d1f09115007756e-1535611289
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 15:55:02 |
17 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/a0ddd0d6596fdca886ac2892224dc2905a594e96663fa551c3193f420217dcb8/detection/f-a0ddd0d6596fdca886ac2892224dc2905a594e96663fa551c3193f420217dcb8-1638477013
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 15:35:02 |
18 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 55
VirusTotal: https://www.virustotal.com/gui/file/a92cdcbb47664e6d8ffda73a865b2c9b5c1932de0c291ceef4a89707bd267b0b/detection/f-a92cdcbb47664e6d8ffda73a865b2c9b5c1932de0c291ceef4a89707bd267b0b-1650556396
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 14:55:02 |
19 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/e717a381bf0642560482c1c8a4a3908ff4b6e0bf3300dcddd78f0f81065bd602/detection/f-e717a381bf0642560482c1c8a4a3908ff4b6e0bf3300dcddd78f0f81065bd602-1630894740
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 13:50:02 |
20 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/b30a9457d46bbfb8ab98c3108fd804049fd8612cb0e92d2ad6108f3ea5f2ed2d/detection/f-b30a9457d46bbfb8ab98c3108fd804049fd8612cb0e92d2ad6108f3ea5f2ed2d-1650792618
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 13:10:02 |
21 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 44
VirusTotal: https://www.virustotal.com/gui/file/a4b97fd561d49eb3a43fcb259c5352840254a188e73d5d75768ad3bafa9fa58f/detection/f-a4b97fd561d49eb3a43fcb259c5352840254a188e73d5d75768ad3bafa9fa58f-1651577118
Threat: Trojan-Ransom.Win32.Wanna.m (Kaspersky)
|
2022-05-22 13:00:02 |
22 |
Necio_news |
KWFLPC.exe (MD5: 1CD8A018B6AF07D08C22BD6429014B0E) #Ransomware https://app.any.run/tasks/d611022e-214d-4db2-b947-cd684b79c794/
|
2022-05-22 12:52:33 |
23 |
BushidoToken |
@urlscanio @ofgem Expect more of these to come. Found four additional @ofgem-themed sites on the same IP:
ofgem-energy-rebate.com
rebate-ofgem.com
ofgem-register-rebate.com
ofgem-rebate.com
Found w/ the pDNS feature of @alienvault
https://otx.alienvault.com/indicator/ip/91.235.116.232
|
2022-05-22 12:28:38 |
24 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /santander.co.uk.app-review.guide/3/Login.php
🚩 185.254.198.135
☁ Virtual Systems LLC
🔒 R3 https://twitter.com/phishunt_io/status/1528351445971521536/photo/1
|
2022-05-22 12:25:54 |
25 |
petrovic082 |
#Magniber
https://www.virustotal.com/gui/file/e34f36059d3a8cc09e0127325c2ab74346d460e867b8961b8e5aa3714aef9f3c
|
2022-05-22 12:25:42 |
26 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/1708bf36cb4624324bca48b1e8bc9e07c920321300300b54c8b84712197ba59a/detection/f-1708bf36cb4624324bca48b1e8bc9e07c920321300300b54c8b84712197ba59a-1611882411
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 12:05:02 |
27 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/bb003235ea4eddd693df2d3582a82df1ac965b77a544b22b0a69470adc4032e5/detection/f-bb003235ea4eddd693df2d3582a82df1ac965b77a544b22b0a69470adc4032e5-1621810887
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 11:50:02 |
28 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/f54fbfcb038af9a12d446f0150b97fef7a71ca02eec07c517f0ed00fdbea8185/detection/f-f54fbfcb038af9a12d446f0150b97fef7a71ca02eec07c517f0ed00fdbea8185-1652756118
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 11:40:03 |
29 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/9c954911f360b38eba00754c98b57bc99b9cc8869dba0de8fb492115490bed2a/detection/f-9c954911f360b38eba00754c98b57bc99b9cc8869dba0de8fb492115490bed2a-1620892775
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 11:40:02 |
30 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/989ed5b9434bcf536121430528ab94e1d2385485e0c3d951b2f23000143614cc/detection/f-989ed5b9434bcf536121430528ab94e1d2385485e0c3d951b2f23000143614cc-1650557009
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 11:15:02 |
31 |
WhichbufferArda |
@malwrhunterteam @JAMESWT_MHT #IOC
miniboxmail.com
3855dc19811715e15d9775a42b1a6c55
7a371437e98c546c6649713703134727
90e6878ebfb3e962523f03f9d411b35c
Decrypted INIT file (SPINNER backdoor)
https://www.virustotal.com/gui/file/c598043454430c7911d4ade27e5a7ba3aaa425eaddaabded7b1f66dae9ba908f/detection
|
2022-05-22 10:44:51 |
32 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/e8aaa8bb667a77f8859a583e51ba9b36882292cf1fba24b44543607c9d56c06c/detection/f-e8aaa8bb667a77f8859a583e51ba9b36882292cf1fba24b44543607c9d56c06c-1643587225
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 09:30:02 |
33 |
WhichbufferArda |
Chinese APT called Twisted Panda using macro enabled word file ".dotm" as a dropper to execute #malware .When I analyzed the macro code we can clearly see the Base64 + XOR Obfuscated DLL file has been stored inside UserForm1.
@malwrhunterteam @JAMESWT_MHT
https://www.virustotal.com/gui/file/defd44e440403033f9a0f222439c2b6a2bd670817dd483ad1bbae11c30e81034/detection https://twitter.com/WhichbufferArda/status/1528304666781667328/photo/1
|
2022-05-22 09:20:01 |
34 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /mtb-online.netfl1x.duckdns.org/
🚩 34.201.145.26
☁ AMAZON-AES
🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1528290715951841283/photo/1
|
2022-05-22 08:24:35 |
35 |
bad_packets |
Mass scanning activity detected from 58.62.36.13 (🇨🇳) and 58.62.36.17 (🇨🇳) targeting F5 BIG-IP iControl REST endpoints vulnerable to unauthenticated remote code execution (CVE-2022-1388).
#threatintel
|
2022-05-22 07:13:38 |
36 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 12
VirusTotal: https://www.virustotal.com/gui/file/50f7939939bbb2a4d81e54a406e8b1bec0473326792490e8d1d67bef965295bc/detection/f-50f7939939bbb2a4d81e54a406e8b1bec0473326792490e8d1d67bef965295bc-1653049536
Threat: Possible_MIRAIDLOD.SMLBAT6 (TrendMicro)
|
2022-05-22 07:05:02 |
37 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/df6d5b29a97647bca44e2306069f7675ef992f591c8c761af99bbdc17cfa7692/detection/f-df6d5b29a97647bca44e2306069f7675ef992f591c8c761af99bbdc17cfa7692-1652882718
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 07:00:02 |
38 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 28
VirusTotal: https://www.virustotal.com/gui/file/99228bb1175c75d6192b30e8c9ed9754b9489122cb152cf3ccbef8cdc674911d/detection/f-99228bb1175c75d6192b30e8c9ed9754b9489122cb152cf3ccbef8cdc674911d-1648638468
Threat: Possible_IRCBOT.SMLBO (TrendMicro)
|
2022-05-22 06:55:03 |
39 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 57
VirusTotal: https://www.virustotal.com/gui/file/ede6464addf1620c5123faba7a64142f70331b33c6bcc2723b8a4f0b3ee5126a/detection/f-ede6464addf1620c5123faba7a64142f70331b33c6bcc2723b8a4f0b3ee5126a-1650557000
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 06:45:02 |
40 |
micham |
Sunday's #phishingkit phun with that #opendir site🙄
Be safe!
https://www.virustotal.com/gui/url/946a4052b6566d68f2d246c016ecaca48e9708d1866feb7cb9d303a7a8c24986 https://twitter.com/micham/status/1528262755316551681/photo/1
|
2022-05-22 06:33:29 |
41 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/6eeab1c7ca288556dc5d98ac4eb7dc16a493c5558085675ff95ab1d66802cfd7/detection/f-6eeab1c7ca288556dc5d98ac4eb7dc16a493c5558085675ff95ab1d66802cfd7-1650553882
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 06:30:02 |
42 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/be8dddd609e698899c7889810639af43afa1ceee4bfa2579f290f07b943b2341/detection/f-be8dddd609e698899c7889810639af43afa1ceee4bfa2579f290f07b943b2341-1621816465
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 06:20:03 |
43 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/362ecf6627234418c784e898b5f6f74dcce68008ff152fb20302cefd66c11786/detection/f-362ecf6627234418c784e898b5f6f74dcce68008ff152fb20302cefd66c11786-1588575271
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 06:15:03 |
44 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/0f124af552cf80d692cf10bea71c85ddf9906c6a4ac0eab5b1964bb7eb9a1500/detection/f-0f124af552cf80d692cf10bea71c85ddf9906c6a4ac0eab5b1964bb7eb9a1500-1650556499
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 05:50:02 |
45 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47/detection/f-2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47-1650556609
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 04:45:02 |
46 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 62
VirusTotal: https://www.virustotal.com/gui/file/2c963a97776593ddf2101d612f978a576d2183df2fbb8d1066e3539b7569182a/detection/f-2c963a97776593ddf2101d612f978a576d2183df2fbb8d1066e3539b7569182a-1595474844
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-22 04:35:02 |
47 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /img-instagram-file.my.id/
🚩 188.114.97.10
☁ CLOUDFLARENET
🔒 Cloudflare Inc ECC CA-3 https://twitter.com/phishunt_io/status/1528229904474591232/photo/1
|
2022-05-22 04:22:57 |
48 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 24
VirusTotal: https://www.virustotal.com/gui/file/256af3aa89168028c4979029d00e1510e75a742ab93793f3283c77bcaddd6cea/detection/f-256af3aa89168028c4979029d00e1510e75a742ab93793f3283c77bcaddd6cea-1653126666
Threat: ELF_MIRAILOD.SM (TrendMicro)
|
2022-05-22 03:15:01 |
49 |
micham |
Sunday morning #phish for breakfast.
Email arrival from 117.50.163.118🇨🇳 pointing to a bunch of @AmazonJP #phishing pages.
Be safe!
https://www.phishtank.com/phish_detail.php?phish_id= 7522970
https://www.virustotal.com/gui/url/eafa09b6663add931a4368add05a766a026d86ad7589929ad3ce3d33a2fcca09?nocache= 1 https://twitter.com/micham/status/1528188110785630208/photo/1
|
2022-05-22 01:36:52 |
50 |
Fevilhalva460 |
@alaskalute @discord I wouldn't click on it
https://www.virustotal.com/gui/url/45d132305a72ea647f2b34bdcff05e0cfab824453ecc19be4c84bb0dbe24ce02/community
|
2022-05-22 01:33:05 |
51 |
Fevilhalva460 |
@Tom48925403 @discord The scans from VirusTotal say it is safe. BUT if you go on comunity someone commented it is a phising link. so better not open it
https://www.virustotal.com/gui/url/45d132305a72ea647f2b34bdcff05e0cfab824453ecc19be4c84bb0dbe24ce02/community
|
2022-05-22 01:32:19 |
52 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /www.googlegiftcards.tk/
🚩 142.250.74.211
☁ GOOGLE
🔒 GTS CA 1D4 https://twitter.com/phishunt_io/status/1528168862402879489/photo/1
|
2022-05-22 00:20:23 |
53 |
petrovic082 |
https://www.virustotal.com/gui/file/c7f88943301b4e6fdc6f2823932b3d5d7d24a40e114e1399e5c42c4d18b2aed9
|
2022-05-21 21:07:48 |
54 |
petrovic082 |
#GANDCRAB V5.0.3 #Ransomware
https://www.virustotal.com/gui/file/d11d4506f4edca9f202a237d35f484ee02aa0579d886696385d16769c8eb21d0/details
|
2022-05-21 21:05:56 |
55 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /confirm.santander.device48.com/
🚩 34.118.0.86
☁ GOOGLE-CLOUD-PLATFORM
🔒 R3 https://twitter.com/phishunt_io/status/1528108049088618496/photo/1
|
2022-05-21 20:18:44 |
56 |
500mk500 |
@malwrhunterteam @LukasStefanko B: https://bazaar.abuse.ch/sample/a07e63fb0b0edc75361f191c3c15fad4f0fbffbbd73369499c0e393a4add7547/
|
2022-05-21 19:53:30 |
57 |
Decio_o_o |
y compris pour macOS (Mach-O x86_64)
voilà le spécimen
https://www.virustotal.com/gui/file/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45/detection
https://hybrid-analysis.com/sample/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45 https://twitter.com/Decio_o_o/status/1528074318718066688/photo/1
|
2022-05-21 18:04:42 |
58 |
1ightanddark |
@threatresearch @SophosLabs @GossiTheDog @cyb3rops @BleepinComputer @MBThreatIntel @MsftSecIntel This one as well!!! Pretty malicious activity.
https://www.virustotal.com/gui/url/9a0b4e8b109b1fd20d8a771982feed778e2633685d2add0c3658fd3d22104104/summary
#malware
|
2022-05-21 17:40:15 |
59 |
1ightanddark |
@threatresearch @SophosLabs @GossiTheDog @cyb3rops @BleepinComputer @MBThreatIntel @MsftSecIntel Including a few others for awareness but Of course! This domain is also showing very interesting activity from Russia. #russia https://www.virustotal.com/gui/url/59f0840bf40e391f962872b4d0708e525fd8f74b7dca86a9b24e4510229a0d72
|
2022-05-21 17:38:56 |
60 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 23
VirusTotal: https://www.virustotal.com/gui/file/09c96526fe5c758db7051dc23470e5cacaa4f920d6678aed94b76f1ecbd95653/detection/f-09c96526fe5c758db7051dc23470e5cacaa4f920d6678aed94b76f1ecbd95653-1653109054
Threat: ELF_MIRAILOD.SM (TrendMicro)
|
2022-05-21 17:30:02 |
61 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/aec918fc5527c8960921c04c7abbcf3aadcb5d8f0aa6862c6d6be68e28771a68/detection/f-aec918fc5527c8960921c04c7abbcf3aadcb5d8f0aa6862c6d6be68e28771a68-1650556640
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 17:20:02 |
62 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/e58460224496dbc08ff03c6162cf20e6e5b0b7e38acd0e6fec4003a6a090eb2e/detection/f-e58460224496dbc08ff03c6162cf20e6e5b0b7e38acd0e6fec4003a6a090eb2e-1650556692
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 16:30:02 |
63 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /instagramhelpbussines.ml/
🚩 37.140.192.240
☁ Domain names registrar http://REG.RU. Ltd
🔒 R3 https://twitter.com/phishunt_io/status/1528046334934147073/photo/1
|
2022-05-21 16:13:30 |
64 |
infosec_jcp |
👀👇Watch this graph:👇👀
https://www.virustotal.com/gui/url/9c333eb5de979df6813a6b93f4019f31b7c2cc49cf407d4969ff1fc407a731f8/summary
#2015HackedFinFisher
#FinFisher
#FinSpy
#Finsky
#SSM™ #StateSponsoredMalware™
http://FinFisher.com website offline since 03-18-2022
#VirusTotal #FinFisherCom
💀👇⚰️🦈⚰️🦈⚰️🦈👇💀
https://www.virustotal.com/gui/url/9c333eb5de979df6813a6b93f4019f31b7c2cc49cf407d4969ff1fc407a731f8/summary
|
2022-05-21 16:06:29 |
65 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/363808e54482dfb192d43648a7676be80d4374e3ed43682cc2d8bdefbd7b9e84/detection/f-363808e54482dfb192d43648a7676be80d4374e3ed43682cc2d8bdefbd7b9e84-1588207027
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 15:30:02 |
66 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://gumi-repair.iptime.org/wordpress/qrkL1zS36aRe6yk/
hxxps://kingkongpizza.ru/fonts/sFUY3/
|
2022-05-21 14:39:43 |
67 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxps://karimexpress.ma/cronHelper/Pwbq/
hxxps://kingmode.ir/wp-admin/VKuUS10kNpfiLRwQEXN/
hxxp://kwinglobal.dothome.co.kr/inc/TbUvEBJ/
|
2022-05-21 14:39:42 |
68 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 48
VirusTotal: https://www.virustotal.com/gui/file/6c82013032eab92ebe508eeafc725189533510eb42226c79674c2a180a1620fd/detection/f-6c82013032eab92ebe508eeafc725189533510eb42226c79674c2a180a1620fd-1650553975
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 14:25:02 |
69 |
yvesago |
#phishing @amazon s://vosariclesexpress.suspemessageriedesurgences.com/messageries/synchonisation/ VIA p://cuires.bisemortelsmodelesdedemain.com/ ping @malwrhunterteam @PhishStats https://twitter.com/yvesago/status/1528014532727169024/photo/1
|
2022-05-21 14:07:08 |
70 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/1919cbc264a1b31f79dcf3e4ebee5912e855f2d48b71486c7334c9d1ef70dc72/detection/f-1919cbc264a1b31f79dcf3e4ebee5912e855f2d48b71486c7334c9d1ef70dc72-1594371325
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 13:40:02 |
71 |
petrovic082 |
#bumblebee
https://www.virustotal.com/gui/file/0f78561577ce1a5ab8b98634fb9b2ff0392e173fb354e3625f6bab53e0f28b05
|
2022-05-21 13:26:51 |
72 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 14
VirusTotal: https://www.virustotal.com/gui/file/2ac6f911e2d93d6269edf364b0c6e21bf822040e495711375ef8a61c7d9c9ca3/detection/f-2ac6f911e2d93d6269edf364b0c6e21bf822040e495711375ef8a61c7d9c9ca3-1653124364
Threat: Possible_SMSHELLDLOAD1 (TrendMicro)
|
2022-05-21 12:55:03 |
73 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968/detection/f-b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968-1638478064
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 12:55:02 |
74 |
TaWeststrate |
IPv4: 3.33.136.22 - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/ip/3.33.136.22
|
2022-05-21 12:35:14 |
75 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/f18ff12529c790e31c0c8e853acc17894826c76c2d50ac854cab3f194809eee9/detection/f-f18ff12529c790e31c0c8e853acc17894826c76c2d50ac854cab3f194809eee9-1651827618
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 12:35:02 |
76 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 55
VirusTotal: https://www.virustotal.com/gui/file/5b4f44b3f4cf218b37c5dd83f2944edde2e64d6d730ddc1fd92800062158bc9f/detection/f-5b4f44b3f4cf218b37c5dd83f2944edde2e64d6d730ddc1fd92800062158bc9f-1650554213
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 12:25:02 |
77 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /confirm.santander.device84.com/
🚩 34.118.0.86
☁ GOOGLE-CLOUD-PLATFORM
🔒 R3 https://twitter.com/phishunt_io/status/1527985647235084288/photo/1
|
2022-05-21 12:12:21 |
78 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/4a790d4054c1e835069731f71cc4c2a77b4e8279011a7939c0d2da8422b55af5/detection/f-4a790d4054c1e835069731f71cc4c2a77b4e8279011a7939c0d2da8422b55af5-1583210788
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 10:50:02 |
79 |
Certego_Intel |
#Covid19 #Spam #Suspicious
Domain: chillerfeilds.click
VirusTotal: https://www.virustotal.com/gui/domain/chillerfeilds.click
#CyberSecurity #ThreatIntel (bot generated)
|
2022-05-21 10:25:27 |
80 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 40
VirusTotal: https://www.virustotal.com/gui/file/15b6b5499fdc0a336f332b9db70f1ead3a12eb068d1ff4cc4fe120e8868ba8d5/detection/f-15b6b5499fdc0a336f332b9db70f1ead3a12eb068d1ff4cc4fe120e8868ba8d5-1652562652
Threat: Possible_MIRAI.SMLBO22 (TrendMicro)
|
2022-05-21 09:30:03 |
81 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/a647ec9eb47f2091759a94ed59281e159f57c627d24cbcc68c13a187a7bfad73/detection/f-a647ec9eb47f2091759a94ed59281e159f57c627d24cbcc68c13a187a7bfad73-1650556543
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 09:30:02 |
82 |
micham |
Bunch of #phishing pages targeting @MastercardJP
Be safe!
https://www.phishtank.com/phish_detail.php?phish_id= 7522728
https://www.virustotal.com/gui/url/0f0496c7ef7b901be9ccedb8445bf97e77c7476e889b1155c345d773afcf9d54 https://twitter.com/micham/status/1527943508891676672/photo/1
|
2022-05-21 09:24:54 |
83 |
micham |
Fresh #email arrival from tk2-107-54724.vs.sakura.ne.jp @sakura_pr @sakura_ope @sakura_server (153.121.36.228🇯🇵) leading to a bunch of #phishing pages targeting @AEONCARD_jp
Be safe!
https://www.phishtank.com/phish_detail.php?phish_id= 7522718
https://www.virustotal.com/gui/url/d7a3b6a43ba0f5d7277e9396dab0262f60d6c8281f05f7c1d1d141374a0c83c2 https://twitter.com/micham/status/1527941451593969664/photo/1
|
2022-05-21 09:16:44 |
84 |
techworldaleant |
App Android da disinstallare. contiene #malware
https://play.google.com/store/apps/details?id= com.unpdf.scan.read.docscanuniver (10000 installazioni)
https://www.virustotal.com/gui/file/9c058c415565f34dd8bec6549efccf39845c6bbf0e5e137510918daa5ae17098/detection https://twitter.com/ReBensk/status/1527862269308043265 https://twitter.com/techworldaleant/status/1527938591657275398/photo/1
|
2022-05-21 09:05:22 |
85 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 57
VirusTotal: https://www.virustotal.com/gui/file/617a13a18f98bc180121653be6716e27fb2921ceca4af65c3f226955a1da4345/detection/f-617a13a18f98bc180121653be6716e27fb2921ceca4af65c3f226955a1da4345-1650556508
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 08:35:02 |
86 |
Certego_Intel |
#Covid19 #CertStream #Suspicious
Domain: www.www.www.www.www.www.www.covid19.teimladhoodz.info
VirusTotal: https://www.virustotal.com/gui/domain/www.www.www.www.www.www.www.covid19.teimladhoodz.info
#CyberSecurity #ThreatIntel (bot generated)
|
2022-05-21 08:25:27 |
87 |
dorkingbeauty1 |
190.2.139.23. https://www.virustotal.com/graph/embed/g05c39149a58340b9ad76f2b702fabf8f3dba743574a14e50a456f0163b6721a3
|
2022-05-21 08:16:57 |
88 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /appintesa-check.me/
🚩 199.188.200.4
☁ NAMECHEAP-NET
🔒 Sectigo RSA Domain Validation Secure Server CA https://twitter.com/phishunt_io/status/1527924784708956160/photo/1
|
2022-05-21 08:10:30 |
89 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 54
VirusTotal: https://www.virustotal.com/gui/file/aff98acfd0aef3559852a389511f6e6ecafed3d2e89312be102b719d9ff7efb1/detection/f-aff98acfd0aef3559852a389511f6e6ecafed3d2e89312be102b719d9ff7efb1-1653034875
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 07:25:02 |
90 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 56
VirusTotal: https://www.virustotal.com/gui/file/418075b0fe4f85b9e8d5aa095ffaa5df8261683af29be1cc64e3696b5b3f2b79/detection/f-418075b0fe4f85b9e8d5aa095ffaa5df8261683af29be1cc64e3696b5b3f2b79-1638481626
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 06:45:02 |
91 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/04fc2210495ae6757aa3e4207adb40a962814f9e3959898b65342642e341bb66/detection/f-04fc2210495ae6757aa3e4207adb40a962814f9e3959898b65342642e341bb66-1650556308
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 06:35:02 |
92 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/c0af5be3062f93921ab7dfa8544c5b4b35c65cfbe56b0e1fb2234db8d1446a69/detection/f-c0af5be3062f93921ab7dfa8544c5b4b35c65cfbe56b0e1fb2234db8d1446a69-1640727092
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 06:20:01 |
93 |
500mk500 |
@ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @JAMESWT_MHT @ni_fi_70 B: https://bazaar.abuse.ch/sample/9c058c415565f34dd8bec6549efccf39845c6bbf0e5e137510918daa5ae17098/
V: https://www.virustotal.com/gui/file/9c058c415565f34dd8bec6549efccf39845c6bbf0e5e137510918daa5ae17098/detection
|
2022-05-21 05:49:02 |
94 |
satontonton |
しばらく呟いてませんでしたが #Emotet は日々届いてますね。
■件名
(受信者表示名)
Re: (受信者表示名)
RE:(過去メール件名)
MIME-Version: 1.0
■ファイル名
2022-05-20_hhmm.zip
(アドレスドメイン).zip
(アドレスドメイン)_Form.zip
zipの中身はlnkやxls
triage: https://tria.ge/220521-fgcxmsaac5
|
2022-05-21 04:59:12 |
95 |
micham |
Today's #email arrival from 119.112.206.34🇨🇳 leading to an @AmazonJP #phishing page at amazon.co-jp.info.
Be safe!
https://www.phishtank.com/phish_detail.php?phish_id= 7522681
https://www.virustotal.com/gui/url/7353fc6e8673302721053fecf9009f02bf97dd99cc59674094990c787e008742 https://twitter.com/micham/status/1527870389489369088/photo/1
|
2022-05-21 04:34:21 |
96 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/64bb708b31b4b043018457c1098465ea83da7d6408c7029b2f68c333fc25891c/detection/f-64bb708b31b4b043018457c1098465ea83da7d6408c7029b2f68c333fc25891c-1653049818
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 03:45:02 |
97 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/5ae2fd4d5a9f9f8d274861fdefc40459e4fab67f15aadf8934501f73f3d9b502/detection/f-5ae2fd4d5a9f9f8d274861fdefc40459e4fab67f15aadf8934501f73f3d9b502-1615766195
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 03:25:02 |
98 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/54cd349fb5bbba78d7d4801e01a4b8be7a254beae606341c43908a0b3fd1cda9/detection/f-54cd349fb5bbba78d7d4801e01a4b8be7a254beae606341c43908a0b3fd1cda9-1648550925
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 03:15:03 |
99 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 65
VirusTotal: https://www.virustotal.com/gui/file/973067dbc6c657462841d7b41c6828809060aef7b35cbb4f1cfdb21e304f667c/detection/f-973067dbc6c657462841d7b41c6828809060aef7b35cbb4f1cfdb21e304f667c-1593995723
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 01:40:03 |
100 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/25b7e641f8b6ae7f2c90520e00c2d0b9fccc0f12d2ec3065f8d3bd1a5915b1e0/detection/f-25b7e641f8b6ae7f2c90520e00c2d0b9fccc0f12d2ec3065f8d3bd1a5915b1e0-1652289318
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-21 01:35:03 |
101 |
TaWeststrate |
Domain: http://google.net - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/google.net
|
2022-05-21 00:20:16 |
102 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /hotmailer.is/
🚩 193.169.253.161
☁ sprint S.A.
🔒 R3 https://twitter.com/phishunt_io/status/1527803423445372928/photo/1
|
2022-05-21 00:08:16 |
103 |
DidierStevens |
@GootLoaderSites This is the URL I extracted from that file: https://www.virustotal.com/gui/url/2e241e277de700ac551806d2855b34c8429cd8c1cd49f97e3cf9308fdf62ea6f
|
2022-05-20 23:02:48 |
104 |
GootLoaderSites |
@DidierStevens Here is most recent example https://www.virustotal.com/gui/file/10aeaaa563015ffbfb7cb69b5227a27a54986656c8e44b44f2d2492bfbcdb9f3?nocache= 1
|
2022-05-20 22:51:32 |
105 |
abel1ma |
5月21日もEmotetへの感染を狙ったメールのばらまきが継続しています
epoch4
.xls
https://tria.ge/220520-1vhehaecf9
ModifyDate:2022-05-20 15:15:56
.lnk
https://tria.ge/220520-15plkaefe7
epoch5
.xls
https://tria.ge/220520-1d5tgahaaj
2022-05-20 15:34:57
https://tria.ge/220520-16n2esega9
2022-05-20 07:48:01
|
2022-05-20 22:27:55 |
106 |
h2jazi |
#Patchwork #APT
save.xlsm
a52e4eeb2bf7f1bfdac3e3c0673ece5f
Template: "Federal Board of Revenue- Government of Pakistan"
#Quasar:
icon.db (Printer.dll)
b4864ef86be2c148c18b1a960f3ca3fc
Executes the payload as service using svchost.exe -knetsvcs
related:
https://twitter.com/__0XYC__/status/1517466726740512770 https://twitter.com/h2jazi/status/1527759554691334148/photo/1
|
2022-05-20 21:13:56 |
107 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (1/2)
hxxps://www.berekethaber.com/hatax/fovLaro/
hxxps://bosny.com/aspnet_client/ErI5F74cwiiOywe/
hxxp://www.cesasin.com.ar/administrator/HC46kHDUSYN305GglCP/
|
2022-05-20 20:34:57 |
108 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (2/2)
hxxps://bencevendeghaz.hu/wp-includes/tXQBsglNOIsunk/
|
2022-05-20 20:34:57 |
109 |
MrCl0wnLab |
REF:
> https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
> https://www.virustotal.com/gui/file/137edba65b32868fbf557c07469888e7104d44911cd589190f53f6900d1f3dfb/details
> https://www.virustotal.com/gui/file/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45/detection
> https://pepy.tech/project/pymafka
> https://pykafka.readthedocs.io/en/latest/
> https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike
> https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-29th-2022-new-operations-emerge/
> https://pris.com.br/blog/cybersquatting-e-typosquatting-pirataria-no-meio-digital/
|
2022-05-20 20:23:42 |
110 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /office365.sydneyboatshow.com.au/
🚩 175.45.129.5
☁ IPNG
🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1527742421576163329/photo/1
|
2022-05-20 20:05:52 |
111 |
angel11VR |
@intel can you please confirm that this b8f8ddaba5754af65c9b7c762d69e1b2bd3702307c41589977759d813bf78635 pyinstaller exe is part of your legit software ? https://www.virustotal.com/gui/file/b8f8ddaba5754af65c9b7c762d69e1b2bd3702307c41589977759d813bf78635/details
|
2022-05-20 19:52:42 |
112 |
HenkPoley |
@Namecheap Could you investigate this? https://urlscan.io/search/#domain%3Amulti-chat-platform.com
That domain is the central hub for a large romance scamnetwork. And the domain is hosted by you 🙏
Lots more here. some also on Namecheap: https://www.virustotal.com/gui/collection/50a498f00563ed35c620a3774c806e61c76882f0e8c9062cc54c249c20f6f82b
Gets spammed by generated Gmail/Hotmail accounts.
|
2022-05-20 16:14:07 |
113 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /amazonzyw36.vip/
🚩 23.224.25.234
☁ CNSERVERS
🔒 R3 https://twitter.com/phishunt_io/status/1527680384615448578/photo/1
|
2022-05-20 15:59:21 |
114 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/
|
2022-05-20 15:55:47 |
115 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxp://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/
hxxp://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/
hxxps://airliftlimo.com/wp-admin/iMc/
|
2022-05-20 15:55:47 |
116 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /microsoftrussia.com/
🚩 37.140.192.170
☁ Domain names registrar http://REG.RU. Ltd
🔒 R3 https://twitter.com/phishunt_io/status/1527671894626926592/photo/1
|
2022-05-20 15:25:37 |
117 |
TaWeststrate |
Hostname: http://a.root-servers.net - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/hostname/a.root-servers.net
|
2022-05-20 15:16:05 |
118 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (2/2)
hxxp://www.pjesacac.com/components/O93XXhMN3tOtTlV/
|
2022-05-20 14:47:51 |
119 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (1/2)
hxxp://www.clasite.com/blogs/IEEsyn/
hxxps://oncrete-egy.com/wp-content/V6Igzw8/
hxxp://opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/
|
2022-05-20 14:47:51 |
120 |
infosec_jcp |
@NerdShinobi Dig In: 👇 https://play.google.com/store/apps/details?id= com.sprint.ms.smf.services
😲😲😲😲👍🤷♂️👇👇👇👇
#CarrierHub
https://www.virustotal.com/graph/embed/g49710ca169254d56a53d6129cf550d7018108a59b14e4e61ab271611a6c1e4dd
|
2022-05-20 14:29:39 |
121 |
Malwar3Ninja |
http://Threatview.io🌀🎣Proactive hunter identified 1667 potential #Phishing / #malicious domain between 01 April - 19 May added in our feeds & on #virustotal collection👇
#scam
#cybersecurity
#ThreatIntel
h/t: @James_inthe_box @malwrhunterteam
https://www.virustotal.com/gui/collection/60b0843cebfcd4df6ade69e8bc30508059ed2476a9c9633b1ef7d7122dd2792b https://twitter.com/Malwar3Ninja/status/1527643998910676993/photo/1
|
2022-05-20 13:34:46 |
122 |
500mk500 |
C2: allapks.online
Samples:
1 https://www.virustotal.com/gui/file/642b8bd970d0c035f6b861c0251fc8d0cc941c30fddb93b67f61fa540593b470/detection
2 https://www.virustotal.com/gui/file/dee63434b13911450a54cb6df057f45589cdfaecea2cf30fd3ab06620c0132af/detection
3 https://www.virustotal.com/gui/file/5092fb08941f45b11df3147ca9f16c15339271e91e717244d5158952ce9fa669/detection
*/aus_888a/api/api.php
*/green_888a/api/api.php
*/pink_888a/api/api.php
#Android #Bankbot https://twitter.com/malwrhunterteam/status/1527637165827579904
|
2022-05-20 13:28:09 |
123 |
500mk500 |
Despite on being from 2019. very modestly detected #Ursnif domains
busemedgan.com
hutorescag.com
vorimusesa.com
1 https://www.virustotal.com/gui/domain/busemedgan.com/detection
2 https://www.virustotal.com/gui/domain/hutorescag.com/detection
3 https://www.virustotal.com/gui/domain/vorimusesa.com/detection
Samples:
1 https://www.virustotal.com/gui/file/36c13521e2c5ac68d729ac2030bbfc1fd48d3e16df660d495e161dd506b9a821/detection
2 https://www.virustotal.com/gui/file/056d2b0241aeae0dc3c58ef6a742775c5da75b9bbeb4c196d3c6e0e3d3838de9/detection https://twitter.com/500mk500/status/1527636142782308352/photo/1
|
2022-05-20 13:03:33 |
124 |
JAMESWT_MHT |
@ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @500mk500 @ni_fi_70 Mentioned #Joker #Android Sample
VT
https://www.virustotal.com/gui/file/f280014426edf49d760864029f678cb53760029d02ce8b2965976258c8ece919?nocache= 1
Bazaar
https://bazaar.abuse.ch/sample/f280014426edf49d760864029f678cb53760029d02ce8b2965976258c8ece919/
|
2022-05-20 12:47:27 |
125 |
chesh_be_ra |
@roshankei @Ziya_Sadr https://www.virustotal.com/gui/url/cd6633a141741bae819747919937b71002932da9d6113ef7c651d10f19411db3
این هم نتیجه تست این برنامه که 30از30 انتی ویروس پاک تشخیصش دادند
|
2022-05-20 11:11:52 |
126 |
Certego_Intel |
#Malware #SMSspy #Blocklist
Domain: omidkhan.herokuapp.com
VirusTotal: https://www.virustotal.com/gui/domain/omidkhan.herokuapp.com
#CyberSecurity #ThreatIntel (bot generated)
|
2022-05-20 10:25:27 |
127 |
cyberwar_15 |
#북한 #NorthKorea
https://www.boannews.com/media/view.asp?idx= 106924
b12a75528991e03b61e0bd1ea4688ddd https://twitter.com/cyberwar_15/status/1527596225205514240/photo/1
|
2022-05-20 10:24:56 |
128 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxp://yamada-shoshi.main.jp/yamada-shoshi/V61hH/
hxxps://bpsjambi.id/about/VPe69A9Tk/
hxxp://pacemaker.cd/images/Xc/
|
2022-05-20 09:09:13 |
129 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://marmaris.com.br/wp-admin/2cfpSuAH/
hxxp://masidiomas.com/D4WStats/GAhmgvhLgUn6/
hxxp://mandom.co.id/assets/TpIIt7SmNBsWCECLoHrS/
|
2022-05-20 09:09:13 |
130 |
Lvanoel |
https://www.security.nl/posting/754236/Belgische+ziekenhuizen+annuleren+operaties+wegens+ransomware-aanval
Triest.
|
2022-05-20 08:58:50 |
131 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxps://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
hxxp://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
hxxp://masyuk.com/581voyze/MlX/
|
2022-05-20 08:26:47 |
132 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
|
2022-05-20 08:26:47 |
133 |
500mk500 |
@ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @JAMESWT_MHT @ni_fi_70 B: https://bazaar.abuse.ch/sample/ffb1ed3b567996567a76e5d640bfddcdea8c659addc3d656da05bf5350fecfac/
V: https://www.virustotal.com/gui/file/ffb1ed3b567996567a76e5d640bfddcdea8c659addc3d656da05bf5350fecfac/detection
|
2022-05-20 08:23:24 |
134 |
500mk500 |
@ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @JAMESWT_MHT @ni_fi_70 B: https://bazaar.abuse.ch/sample/c679455265d1632f6a2665ec5fd644db47a3d633abadc3c63b1097c096affaf6/
V: https://www.virustotal.com/gui/file/c679455265d1632f6a2665ec5fd644db47a3d633abadc3c63b1097c096affaf6/detection
|
2022-05-20 08:20:33 |
135 |
JAMESWT_MHT |
IP 154.56.0.221 Relation
#Aenjaris samples👇👇👇
https://bazaar.abuse.ch/browse/tag/Aenjaris/
⚡️ https://analyze.intezer.com/analyses/2eb889a5-82fa-46c3-a6b9-d7bd5a8deb78 https://twitter.com/pr0xylife/status/1527356211053547529 https://twitter.com/JAMESWT_MHT/status/1527559451196149765/photo/1
|
2022-05-20 07:58:48 |
136 |
Slvlombardo |
idem🔎 https://bazaar.abuse.ch/sample/d642109e621c6758027c2fc0e5ea3d1126963a001ab1858b95f82e09403943bd https://twitter.com/Slvlombardo/status/1527553261926076417/photo/1
|
2022-05-20 07:34:12 |
137 |
exia_han |
This site which fraud user to allow it to send notifications has been exist for a long time but it seems only a few sec vendor's mark it as malicious/Adware.
https://www.virustotal.com/gui/url/d2ce8356281c170d7b020739f10672dd30a5f6b4f2687fee6a8021509834d4a3 https://twitter.com/exia_han/status/1527552658151596035/photo/1
|
2022-05-20 07:31:48 |
138 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (2/2)
hxxp://milanstaffing.com/images/D4TRnDubF/
|
2022-05-20 07:07:55 |
139 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (1/2)
hxxp://learnviaonline.com/wp-admin/qGb/
hxxp://kolejleri.com/wp-admin/REvup/
hxxp://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/
|
2022-05-20 07:07:55 |
140 |
pcrisk |
ZareuS Ransomware; Extension: .ZareuS; Ransom note: HELP_DECRYPT_YOUR_FILES.txt
https://www.virustotal.com/gui/file/0efd6b49298d740f611298d8b0091dd1b6673b0e25cc1e968c049e1d72514261/detection
@Amigo_A_ @LawrenceAbrams @demonslay335 @struppigel @JakubKroustek
|
2022-05-20 06:41:26 |
141 |
bad_packets |
Mass scanning activity detected from 2.56.11.65 (🇩🇪) targeting F5 BIG-IP iControl REST endpoints vulnerable to unauthenticated remote code execution (CVE-2022-1388).
#threatintel
|
2022-05-20 02:33:41 |
142 |
bomccss |
2022/05/20(金)
引き続き #Emotet E4/E5からメール送信されています。
E4
返信型、偽装返信型
パスワード付きzip->lnk添付
パスワード付きzip->xls . xls の添付
https://tria.ge/220519-3nd5lsfgcj
E5
返信型、定形型
パスワード付きzip->lnk
パスワード付きzip->xls . xls の添付
https://tria.ge/220519-3l24nadaf4 https://twitter.com/bomccss/status/1527436023139287041/photo/1
|
2022-05-19 23:48:20 |
143 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 56
VirusTotal: https://www.virustotal.com/gui/file/1fa15eed4a393e57285fafed8bb058fb3982fc9cf8f1d4897e81fbed60b09d4e/detection/f-1fa15eed4a393e57285fafed8bb058fb3982fc9cf8f1d4897e81fbed60b09d4e-1527580027
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 22:55:02 |
144 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/fafbd3cda44ffbab47c7b9c18922cf5e7800b9649f7f26a0d732bb2cbb132723/detection/f-fafbd3cda44ffbab47c7b9c18922cf5e7800b9649f7f26a0d732bb2cbb132723-1639561878
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 22:40:02 |
145 |
abel1ma |
5月20日もEmotetへの感染を狙ったメールがばらまかれています
epoch4
lnk
https://tria.ge/220519-yqcbksebel
https://tria.ge/220519-2ck84sfcan
xls
https://tria.ge/220519-ypm2paebdq
ModifyDate:2022:05:19 13:28:48
https://tria.ge/220519-13f7eafahq
2022:05:19 21:08:10
epoch5
xls
https://tria.ge/220519-yqx82sebfn
2022:05:19 16:58:23
|
2022-05-19 22:31:11 |
146 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 22
VirusTotal: https://www.virustotal.com/gui/file/b89b7700cb4013353dcddb27c59e4e8faaea7dc6bea54c654129aec416098841/detection/f-b89b7700cb4013353dcddb27c59e4e8faaea7dc6bea54c654129aec416098841-1652974167
Threat: ELF_MIRAILOD.SM (TrendMicro)
|
2022-05-19 22:05:02 |
147 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/ef9653c4e35f603477d39da1f1dd7333ad82c0ff0f869b86022fe45a6d333ece/detection/f-ef9653c4e35f603477d39da1f1dd7333ad82c0ff0f869b86022fe45a6d333ece-1567604628
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 21:55:03 |
148 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://ncia.dothome.co.kr/wp-includes/lu7JbjX8XL1KaD/
hxxp://piffl.com/piffl.com/a/
hxxp://digitalkitchen.jp/images/PVn/
|
2022-05-19 21:36:38 |
149 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxp://www.jsonsintl.com/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/
hxxp://cmentarz.5v.pl/themes/zalMkTb/
hxxps://nakharinitwebhosting.com/HSDYKN1X5GLF/
|
2022-05-19 21:36:37 |
150 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxps://microlent.com/admin/3/
hxxp://kuluckaci.com/yarisma/cgi-bin/aIuI4Ukdtl730sP1F/
hxxp://mcapublicschool.com/Achievements/r4psv/
|
2022-05-19 21:24:47 |
151 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://moorworld.com/aspnet_client/fTDJOdTa1USKl43wFtnb/
|
2022-05-19 21:24:47 |
152 |
TaWeststrate |
Domain: http://paypalcorp.com - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/paypalcorp.com
|
2022-05-19 21:21:56 |
153 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/e59a71ee7be3f49136ad564b3d8efcb2b4496df65e12b12973c213523bbabada/detection/f-e59a71ee7be3f49136ad564b3d8efcb2b4496df65e12b12973c213523bbabada-1650556383
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 20:50:02 |
154 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/2dedd1eaac27cf0fbe315bafffa8ee7600185a57b463db9f3846c7200d40b6de/detection/f-2dedd1eaac27cf0fbe315bafffa8ee7600185a57b463db9f3846c7200d40b6de-1622418097
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 20:30:02 |
155 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/b6c08aff47a8949e77b05eb6485678d070c49ed8f3c12f8af568d855c954fd37/detection/f-b6c08aff47a8949e77b05eb6485678d070c49ed8f3c12f8af568d855c954fd37-1650556984
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 19:25:02 |
156 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (1/2)
hxxps://www.megakonferans.com/wp-admin/Xzz08i514NBrg/
hxxps://noronhalanches.com.br/cgi-bin/xixssuML9NOJO9/
hxxp://myqservice.com.ar/wp-includes/UamQky9H9rSyN7CWdue/
|
2022-05-19 19:01:51 |
157 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (2/2)
hxxp://nerz.net/stats/TXGRpKb/
|
2022-05-19 19:01:51 |
158 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/3523eaea635d4f782c31bddf9faa325b926c7cd6248ba5472c3742c8d136d99c/detection/f-3523eaea635d4f782c31bddf9faa325b926c7cd6248ba5472c3742c8d136d99c-1628661317
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 18:35:02 |
159 |
pr0xylife |
#Bumblebee - url > .iso > .lnk > .dll
rundll32.exe tamirlan.dll.EdHVntqdWt
https://bazaar.abuse.ch/sample/11bce4f2dcdc2c1992fddefb109e3ddad384b5171786a1daaddadc83be25f355/
https://bazaar.abuse.ch/sample/123f96ff0a583d507439f79033ba4f5aa28cf43c5f2c093ac2445aaebdcfd31b/
c2's
154.56.0.221:443
64.44.101.250:443
103.175.16.117:443 https://twitter.com/pr0xylife/status/1527356211053547529/photo/1
|
2022-05-19 18:31:12 |
160 |
k3dg3 |
This #Bumblebee was more fun. Email -> 1drv link -> OneDrive hosted ISO. The DLL is compressed and pass-protected inside of the ISO. instead of the iso being pass-protected. Uses #PowerShell to pass the pass (:
https://bazaar.abuse.ch/sample/5fa56c3c2cc2b06792ce65be87efd3930d66d8d80791ddc76204f841ac261f43/ https://twitter.com/k3dg3/status/1527348294833565696/photo/1
|
2022-05-19 17:59:44 |
161 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 53
VirusTotal: https://www.virustotal.com/gui/file/9df4c8ab9148e3896eb8404f8ffc66db8dbee6cd1f9e57903928c5ae5dd56afb/detection/f-9df4c8ab9148e3896eb8404f8ffc66db8dbee6cd1f9e57903928c5ae5dd56afb-1620067802
Threat: TROJ_WEBDOWN.THEOIAH (TrendMicro)
|
2022-05-19 17:45:02 |
162 |
amitaiz |
2. לדעתי לפתוח במובייל זה סוג של (סוג של!) סנד בוקס. או נאמר אחרת. הסיכוי לנזק יותר קטן מאשר ב-PC.
3. אפשר לגגל את האתר ולראות אם הוא נראה לג'יט.
4. אפשר להשתמש בהרבה אתרים של URL ריפוטיישן. כמו וירוס טוטאל או במקרה שלנו הנה הסריקה:
https://www.virustotal.com/gui/url/9be3d833dd033871763f889d07e62e35e1ca95aefdc8707489bd98b5055323fe
|
2022-05-19 17:27:58 |
163 |
f1rstm4tter |
hxxp://23.95.52.191/onye/
hxxps://gg-l.xyz/BlZch
198.199.122.148
https://app.any.run/tasks/de4404e7-fee8-4ad6-9bd0-2b3911b4eda3
@ColoCrossing malware hosted
@digitalocean ns for domain
@GoDaddyHelp registrar
|
2022-05-19 17:11:38 |
164 |
h2jazi |
An old sample of #TransparentTribe has submitted to VT today:
7f3d3a055ecb5a6f787b0afbd373af88
Paper for Review.doc
millitarytocorp.com
It seems they got bored and did some artworks in their macro :) https://twitter.com/h2jazi/status/1527331543206617101/photo/1
|
2022-05-19 16:53:11 |
165 |
Nihilisme10 |
My new fav tweet:
ℹ️ New functionality added to #Colibri Loader: Hypervisor Detection Technique: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/feature-discovery Sample: https://www.virustotal.com/gui/file/45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e https://twitter.com/MBThreatIntel/status/1511414110394613760 https://twitter.com/MBThreatIntel/status/1527317885143592962/photo/1
— Malwarebytes Threat Intelligence (@MBThreatIntel) May 19. 2022
ℹ️ Ne…
|
2022-05-19 16:50:37 |
166 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 65
VirusTotal: https://www.virustotal.com/gui/file/7819a4c18580491fa1806b3969064f809afda15426bb2046e2a02dbb440c55d0/detection/f-7819a4c18580491fa1806b3969064f809afda15426bb2046e2a02dbb440c55d0-1578305084
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 16:40:04 |
167 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/5554c10bcf7bcbeeea4df84e59c5df6375fdbebd5a7de64fb7fa80608cd1d6a3/detection/f-5554c10bcf7bcbeeea4df84e59c5df6375fdbebd5a7de64fb7fa80608cd1d6a3-1583740421
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 16:10:02 |
168 |
elfdigest |
Active IoT #botnet
URL: 194.31.98.232/notabotnet
domains: http://urlhaus.abuse.ch
Port Scanning: 2323.23.60001.5500.5501.443.80.8081.37215
arch: arm
AvClass2: linux|10.mirai|7.server|2.backdoor|2
analysis: https://bit.ly/3lsKZai
|
2022-05-19 16:04:03 |
169 |
MBThreatIntel |
ℹ️ New functionality added to #Colibri Loader: Hypervisor Detection
Technique: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/feature-discovery
Sample: https://www.virustotal.com/gui/file/45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e https://twitter.com/MBThreatIntel/status/1511414110394613760 https://twitter.com/MBThreatIntel/status/1527317885143592962/photo/1
|
2022-05-19 15:58:54 |
170 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (2/2)
hxxp://muhsinsirim.com/cgi-bin/Vt2umvq3ufyBZZWR2HZ/
|
2022-05-19 15:39:17 |
171 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (1/2)
hxxps://neoexc.com/cgi-bin/gOTeFmMuXhfsGqDl/
hxxp://mythicpeak.com/wp-includes/zGWQ9q3QsWU/
hxxp://demo-re-usables.inertiasoft.net/cgi-bin/z1CD/
|
2022-05-19 15:39:17 |
172 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 68
VirusTotal: https://www.virustotal.com/gui/file/ee6512a174783fa2aeebc807b0f13e2297bbc667e4cba6bc4c84e787a1b787be/detection/f-ee6512a174783fa2aeebc807b0f13e2297bbc667e4cba6bc4c84e787a1b787be-1588570733
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 15:30:03 |
173 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxp://natdemo.natrixsoftware.com/wp-admin/B1bA/
hxxp://norbealun.id.au/images/ZL8/
hxxp://napolilovemark.com/Re9e27V3Kd/PQFv/
|
2022-05-19 15:06:23 |
174 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxps://nordicbysight.se/wp-admin/kdFrWJ4/
hxxp://p236119.webspaceconfig.de/wordpress/7/
|
2022-05-19 15:06:23 |
175 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://omeryener.com.tr/wp-admin/oakwcoWufii0JR89G/
|
2022-05-19 14:56:35 |
176 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (1/2)
hxxps://nandonikwebdesign.com/OWs/
hxxps://gelish.com/email-hog/YXaPiWbFMKT/
hxxp://nutensport-wezep.nl/wp-includes/QyezZmBmTL8AulMVv0oh/
|
2022-05-19 14:56:35 |
177 |
JAMESWT_MHT |
"Rv: POSTA CERTIFICATA: avviso ai fornitori - ordini via NSO"
spam email from stolen conversation
spread #emotet #heodo #epoch4
Xls
https://bazaar.abuse.ch/sample/67d84182f4307c392d4e7c55156211d5fc456b4d3ff86e99b86eb4e21c68b976
Dll
https://bazaar.abuse.ch/sample/95d0519cec69e64ac5cc72d2b1e9f57bbf67606a90eacc451ec63d6e841e48d4/
Dll Urls
https://urlhaus.abuse.ch/browse/tag/emotet https://twitter.com/JAMESWT_MHT/status/1527288531390910465/photo/1
|
2022-05-19 14:02:16 |
178 |
500mk500 |
Currently very modest detection for domains
powerdust.digital
restoreuseroffers-api.com (rather rich for various doc-downloaders' connections).
E.g.: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/behavior/C2AE https://twitter.com/500mk500/status/1527286864066932738/photo/1
|
2022-05-19 13:55:38 |
179 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/464e7eba3b108d5e2345dba64a301cae607ade4f3854bb067a506166706794d8/detection/f-464e7eba3b108d5e2345dba64a301cae607ade4f3854bb067a506166706794d8-1650556720
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 13:55:02 |
180 |
podalirius_ |
#thread 🧵(3/4) For 'CVE-2022-24500':
This CVE is supposed to be a Windows SMB Remote Code Execution Vulnerability.
But instead this .exe drops a beacon and connects back to a command and control server.
https://www.virustotal.com/gui/file/6c676773700c1de750c3f8767dbce9106317396d66a004aabbdd29882435d5e0/community https://twitter.com/podalirius_/status/1527286349090414592/photo/1
|
2022-05-19 13:53:35 |
181 |
podalirius_ |
#thread 🧵(2/4) For 'CVE-2022-26809':
This CVE is supposed to be a Remote Procedure Call Runtime Remote Code Execution Vulnerability.
But instead this .exe drops a beacon and connects back to a command and control server.
https://www.virustotal.com/gui/file/fa78d114e4dfff90a3e4ba8c0a60f8aa95745c26cc4681340e4fda79234026fd/community https://twitter.com/podalirius_/status/1527286344329834496/photo/1
|
2022-05-19 13:53:34 |
182 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/292a32c26effedb1eaff4d00ffa2c242b36224c0c7674b6c245d1a657632dffb/detection/f-292a32c26effedb1eaff4d00ffa2c242b36224c0c7674b6c245d1a657632dffb-1618820681
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 13:40:02 |
183 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/142715871796254e17f1ec8e66b4d00e175ed6d28b56f77859d4c54d8175a916/detection/f-142715871796254e17f1ec8e66b4d00e175ed6d28b56f77859d4c54d8175a916-1579584618
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 13:30:02 |
184 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/e55ff68c216152b45e9e2a900cc584907c16bfcfdeb5ed6cc83ec227af907661/detection/f-e55ff68c216152b45e9e2a900cc584907c16bfcfdeb5ed6cc83ec227af907661-1650891018
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 13:25:02 |
185 |
petrovic082 |
#Magniber
https://www.virustotal.com/gui/file/b3bc117f0242c26f453ca5ebe5ed4ef61ff1e5be9b2f6942ea805464fb8acdcc/
|
2022-05-19 13:23:34 |
186 |
petrovic082 |
#Ransomware #pxj
https://app.any.run/tasks/3373f768-5440-41e2-87bd-cf9a3fc5817a/
notes:
LOOK.txt
http://paste.awesom.eu/TruX
@Amigo_A_
|
2022-05-19 13:19:05 |
187 |
kyleehmke |
Highly likely Parscale/Trump domains that may be set up soon:
freedompledge.org
greatagain45.com https://twitter.com/kyleehmke/status/1527267123772506114/photo/1
|
2022-05-19 12:37:12 |
188 |
kyleehmke |
Suspicious domain systemapplicationcertification.com was registered on 5/5 through MonoVM using 9bb97f52@protonmail.com. Currently set to loopback. https://twitter.com/kyleehmke/status/1527264764543520768/photo/1
|
2022-05-19 12:27:49 |
189 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/4a1794cc3744912327736d111931c735908839663c49524ca3eb015ca58114aa/detection/f-4a1794cc3744912327736d111931c735908839663c49524ca3eb015ca58114aa-1650554427
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 12:20:02 |
190 |
Slvlombardo |
🔴#Malspam wave #Emotet #Epoch5 via #SilentBuilder
⚠️#malicious Excel 4.0 Macro
🔎Other sample zip->xls->dll⤵️
https://bazaar.abuse.ch/sample/18e6aa0dd7e7cdfd3f937dac0d917ee9dec0e6a20a4d5ef24c47a45cf53c9862
https://bazaar.abuse.ch/sample/d20690f352b36dac34d6cff24f7e83c496eb6ea6e2a61ab037839dad64fa7bea https://twitter.com/Slvlombardo/status/1527256065385308160/photo/1
|
2022-05-19 11:53:15 |
191 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 65
VirusTotal: https://www.virustotal.com/gui/file/97df26af59eb3281d408e663ad03a4b035d355b5a61180fc1f56ffad6fa3cb46/detection/f-97df26af59eb3281d408e663ad03a4b035d355b5a61180fc1f56ffad6fa3cb46-1595563544
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 11:50:02 |
192 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/494604466e33955244c595a8e159b098496645900399d7cb1541adab0458264d/detection/f-494604466e33955244c595a8e159b098496645900399d7cb1541adab0458264d-1639403833
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 11:15:02 |
193 |
pr0xylife |
#Qakbot - AA - url > .zip > .xlsb > .dll
CreateDirectory C:\Uduw
regsvr32 C:\Uduw\soam1.OCX
https://bazaar.abuse.ch/sample/ba11f475804d86f4c7313d87cd962016bdc7b78068c3ac946af4fd62d2403521/
IOC's
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_19.05.2022.txt https://twitter.com/pr0xylife/status/1527237097924485120/photo/1
|
2022-05-19 10:37:53 |
194 |
Certego_Intel |
#Covid19 #Spam #Suspicious
Domain: jordanairfinity.click
VirusTotal: https://www.virustotal.com/gui/domain/jordanairfinity.click
#CyberSecurity #ThreatIntel (bot generated)
|
2022-05-19 10:25:26 |
195 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (1/2)
hxxps://myphamcuatui.com/assets/z1b9YfHoX7Fp/
hxxp://myramark.com/mail/rdhEPylXD8BuTA/
hxxps://myechoproject.com/pitterpatter/bNx/
|
2022-05-19 10:21:15 |
196 |
Cryptolaemus1 |
new Emotet E5 urls detected. DLL (2/2)
hxxp://mybiscotto.com/images/BDcjQT/
|
2022-05-19 10:21:15 |
197 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/558aa6dc4a8edc327ac35d8cd7a6a63550e94ed2d21670edebfe947bbf8e1552/detection/f-558aa6dc4a8edc327ac35d8cd7a6a63550e94ed2d21670edebfe947bbf8e1552-1650556324
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2022-05-19 10:10:02 |
198 |
HoneygainHelp |
@sevens_heaven Hi. it's a false positive. AS you can see this page is only marked by one antivirus program: https://www.virustotal.com/gui/url/c741eb923723ee21aa50819622cb934d2756efc3aeb6a2a031c54d1a4b715488
|
2022-05-19 09:56:11 |
199 |
yvesago |
#Phishing s://sites.google.com/view/628woihj/zlmbra-web-client-sign-in post to @TallyForms s://tally.so/r/3EkKd2 ping @malwrhunterteam @PhishStats https://twitter.com/yvesago/status/1527225858087428096/photo/1
|
2022-05-19 09:53:13 |
200 |
Cryptolaemus1 |
new Emotet E4 urls detected. DLL (2/2)
hxxp://oshop.es/test/yLT3Xjra352ky/
|
2022-05-19 09:51:21 |