Last 5 Entries

ID User Tweet Date
1 Arkbird_SOLG Good point for the similarities between #RotaJakiro and the 2016 version of ELF backdoor of Oceanlotus. II share the rule at the same time. H/T @c3rb3ru5d3d53c @JAMESWT_MHT Samples : https://bazaar.abuse.ch/browse/signature/RotaJakiro/ https://bazaar.abuse.ch/sample/07154b7a45937f2f5a2cda5b701504b179d0304fc653edb2d0672f54796c35f7/ Yara : https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-08/RotaJakiro/MAL_ELF_RotaJakiro_May_2021_1.yara 2021-05-08 21:23:58
2 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/59e7413a5d917b6e2ec91f72ab2e53ae6762eb87a6ee92cda1259488bd61afed/detection/f-59e7413a5d917b6e2ec91f72ab2e53ae6762eb87a6ee92cda1259488bd61afed-1577753785 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 21:20:02
3 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/4f740d8bd13708b231618cebfb7fa1f9d22aa24a330012ea3bf5eaad17ea635a/detection/f-4f740d8bd13708b231618cebfb7fa1f9d22aa24a330012ea3bf5eaad17ea635a-1615797918 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 21:00:02
4 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/707a5586650d344d30819317dd36a295be398ed1d4c4beb9d4ecacd05ec95e1c/detection/f-707a5586650d344d30819317dd36a295be398ed1d4c4beb9d4ecacd05ec95e1c-1546008060 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 20:50:03
5 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/ce8a56eece99455b88ee03b5d43f70fe979fc25718bf6f7c82ea73c1a579cb7c/detection/f-ce8a56eece99455b88ee03b5d43f70fe979fc25718bf6f7c82ea73c1a579cb7c-1599651171 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 20:10:02
6 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/0317f30f3b8872da8b3e2504ffd20e98d269b5d3a9d5bea9babb9684c8a02a8f/detection/f-0317f30f3b8872da8b3e2504ffd20e98d269b5d3a9d5bea9babb9684c8a02a8f-1579176570 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 19:55:02
7 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/a5ea1a1955e87f6698a2e099b292b20b28ead49421b8c5a223ef82d7979096e9/detection/f-a5ea1a1955e87f6698a2e099b292b20b28ead49421b8c5a223ef82d7979096e9-1557961053 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 19:25:02
8 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/7c731d25b23ece405ac3de4cc27240eea7673e9ccedc004a69da2f440cbd800d/detection/f-7c731d25b23ece405ac3de4cc27240eea7673e9ccedc004a69da2f440cbd800d-1545339925 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 18:30:03
9 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/c6a705fe818a60b190610479a8b8c1da900fb019ae961beabcc371b08e3689d0/detection/f-c6a705fe818a60b190610479a8b8c1da900fb019ae961beabcc371b08e3689d0-1586998217 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 18:15:02
10 m0rb 2021-05-08T18:06:17 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection 2021-05-08 18:06:18
11 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/867150935ecc2ec3dc3051d0446cf1325c5e5d17e26340727c828cdefe61c03e/detection/f-867150935ecc2ec3dc3051d0446cf1325c5e5d17e26340727c828cdefe61c03e-1602855873 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 17:50:01
12 kawaii_FoxZ = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Credits for the mod creator! #HoloFunk @FoxArcana @C013Huff @SaltyHotcakes and teams Using Kade's Engine build version 1.4.2 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Link Download LUL Games: https://www.mediafire.com/file/c3u3vr0yjo8x4tg/HoloFunk-UnOfficial.rar/file Virus Total https://www.virustotal.com/gui/file/b8c67325daefa120e9ef5f9a111d9ec62360c8b07b388e9d79e1375388fa42d6/detection https://twitter.com/kawaii_FoxZ/status/1391084701671067649/photo/1 2021-05-08 17:36:52
13 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 48 VirusTotal: https://www.virustotal.com/gui/file/4f79e47d32894d1db875edecd20b830abe80b27f8af1b5917874301c0bf36a27/detection/f-4f79e47d32894d1db875edecd20b830abe80b27f8af1b5917874301c0bf36a27-1619231080 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2021-05-08 17:05:02
14 James_inthe_box @ViriBack @EmergingThreats @ET_Labs exe hash of your sample: f7c14b31287077767f6c64fad68fabe53a78273ed4cf303c041357d66675bab2 thanks for the tag..been a while :) https://twitter.com/James_inthe_box/status/1391074927193649152/photo/1 2021-05-08 16:58:02
15 ViriBack Seems to Load interesting #cypress from the behavior in VT: 40e74935dd9135e38e3fd3e99aa361c87cee569664fce16660501ea617bd9d93 @James_inthe_box @500mk500 https://twitter.com/ViriBack/status/1391073120308580356/photo/1 2021-05-08 16:50:51
16 500mk500 @ViriBack https://www.virustotal.com/gui/file/365c4d412d538e3308c77cac58204ce5e596d0baa7788215368fb4495e4b4232/behavior : number1g.top <-- #Raccoon #Stealer ( https://tria.ge/210507-8mfadfbjpe/behavioral1) miranore.top <-- can also be related to #Raccoon #Stealer 2021-05-08 16:45:49
17 James_inthe_box @ViriBack Confirmed #modernloader. flagged by @EmergingThreats @ET_Labs as #avatarloader. Hashes of ones from 2019: b64d211186b34c12c5c89da1c43689ea1584b54fda855862731c795acd80d4c1 fcc550358ddeae5061b3bdf1b720be49b39b78356e3cb189cfe26cd170ac7aa2 2021-05-08 16:43:30
18 ViriBack Unknown #malware C2 to me: miranore.top/ASHASHAShOWIWWWQQQ/ https://app.any.run/tasks/e3e3d3af-abb3-4956-a986-6186d2c8b61a Interesting GET with base64 obfuscated payload: #modernLoader ? https://twitter.com/ViriBack/status/1391069175548948483/photo/1 2021-05-08 16:35:10
19 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/d27a0b116b8166d133d56c54cc4b539ef4dae62dd56d77154f34ba78a2ed855f/detection/f-d27a0b116b8166d133d56c54cc4b539ef4dae62dd56d77154f34ba78a2ed855f-1594372436 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 15:55:02
20 MalwareHomie MIPS malware dropping into my honeypot from an Iranian IP // 185.141.38.60 🇮🇷 sha256 hash // 020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0 APT35 lol Y'all need to chill https://analyze.intezer.com/analyses/46bc2d0d-0478-46a6-8175-7576c4605df2 https://www.virustotal.com/gui/file/020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0/detection #ThreatIntel #Malware https://twitter.com/MalwareHomie/status/1391037235303264256/photo/1 2021-05-08 14:28:15
21 James_inthe_box @LittleRedBean2 @malwrhunterteam @JAMESWT_MHT @Kafan_MalwareHT #keylogger and #stealer. I do not see where it targets #telegram however (might have missed it). Extracted hash: 17075832426b085743c2ba811690b525cf8d486da127edc030f28bb3e10e0734 https://twitter.com/James_inthe_box/status/1391029028673376256/photo/1 2021-05-08 13:55:39
22 LittleRedBean2 Maybe #Fickerstealer I found it on Anyrun,zip archive has low detection rate on VT The Setup.exe is too big,Cannot Upload to VT fcc260dbb9465ac34ce760ffd10d5251 https://app.any.run/tasks/99b2dfc9-f14c-4e3d-ad08-6fb3e2b68279/ @malwrhunterteam @Arkbird_SOLG @c3rb3ru5d3d53c @JAMESWT_MHT Is it Malicious?🤔 2021-05-08 13:44:16
23 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/a10549ced98461aed6acdcc3cd2aefc3e2bbbe9fe3b1d44bb32dff3af1106f54/detection/f-a10549ced98461aed6acdcc3cd2aefc3e2bbbe9fe3b1d44bb32dff3af1106f54-1593497552 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 12:50:02
24 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/4a4b710604cbf08c7506bee133c71213d9bc9302e1883317c7e3f732b98b03af/detection/f-4a4b710604cbf08c7506bee133c71213d9bc9302e1883317c7e3f732b98b03af-1579500918 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 12:35:02
25 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/b03f4f37fbea42d2565e702d16152c29b2528967eedb3de7cd096b4a59f9dabd/detection/f-b03f4f37fbea42d2565e702d16152c29b2528967eedb3de7cd096b4a59f9dabd-1609992809 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 11:05:02
26 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20/detection/f-2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20-1588890318 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 09:05:02
27 Certego_Intel #Covid19 #CertStream #Suspicious Domain: rm-iso-cmp-snew-covid19.sn-covid-19.srv.dev.smartnews.net VirusTotal: https://www.virustotal.com/gui/domain/rm-iso-cmp-snew-covid19.sn-covid-19.srv.dev.smartnews.net #CyberSecurity #ThreatIntel (bot generated) 2021-05-08 08:21:30
28 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/3d612a8b59f1621427b98adbf9f257b35c6f7b32b9a693979f06af2db6377ede/detection/f-3d612a8b59f1621427b98adbf9f257b35c6f7b32b9a693979f06af2db6377ede-1594601306 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 08:20:02
29 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/4933111fbf5b7b1388adbc57e104b4625921a687fced7be85990a7197d4d11de/detection/f-4933111fbf5b7b1388adbc57e104b4625921a687fced7be85990a7197d4d11de-1594309984 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 08:05:02
30 fbgwls245 98ECE7FEC34F365849966B07FC74724B C:\Users\camil\source\repos\NewRanSmWare\NewRanSmWare\obj\Debug\NewRanSmWare.pdb https://twitter.com/fbgwls245/status/1390939769882877955/photo/1 2021-05-08 08:00:58
31 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/b7c6630360ab77535619e687cb6f82395768ac932bc0199fe186cf5951b293c3/detection/f-b7c6630360ab77535619e687cb6f82395768ac932bc0199fe186cf5951b293c3-1523243621 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 06:15:02
32 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47/detection/f-2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47-1579183210 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 06:10:02
33 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/5987fd44b3bc9e1d83234af65ba3af71c2ddc1457738620eada5313bb4ac5454/detection/f-5987fd44b3bc9e1d83234af65ba3af71c2ddc1457738620eada5313bb4ac5454-1597874983 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 06:00:02
34 m0rb 2021-05-08T05:09:36 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection 2021-05-08 05:09:36
35 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/11d1b9e86aa6f141c5e1070e05b961fe50fe889baf4c370607fb218580abff25/detection/f-11d1b9e86aa6f141c5e1070e05b961fe50fe889baf4c370607fb218580abff25-1588077317 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 04:25:03
36 ozuma5119 #Phishing Alert⚠ #フィッシング #詐欺 hxxps://myjcb.co.registrarpeople.buzz/ IP: 205.185.122.243 (AS53667 FranTech. CA🇨🇦 & US🇺🇸) Registrar: NameSilo https://otx.alienvault.com/indicator/domain/registrarpeople.buzz Brand: JCB Card ジェーシービーカード. Japan🇯🇵 https://urlscan.io/result/634c226f-fe13-4eda-9504-67d980749c05 https://twitter.com/ozuma5119/status/1390882970924290051/photo/1 2021-05-08 04:15:16
37 ozuma5119 #Phishing Alert⚠ #フィッシング #詐欺 #MoqHao hxxp://ifu-mufg.com/ IP: 165.3.87.71 (WOOLWORTHS. ZA🇿🇦) #Afrinic Registrar: GoDaddy https://otx.alienvault.com/indicator/domain/ifu-mufg.com Brand: MUFG Bank 三菱UFJ銀行. Japan🇯🇵 https://urlscan.io/result/4a395367-a1cf-459a-b945-4d82fbfbff4a/ @Bank_Security @bakabanker2 @yako_hiro https://twitter.com/ozuma5119/status/1390875960283598849/photo/1 2021-05-08 03:47:24
38 m0rb 2021-05-08T03:45:43 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection 2021-05-08 03:45:44
39 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/e09d8625fa4a860c58bfa47e626f14347e7becb8f2ba36668aa832f7257688fd/detection/f-e09d8625fa4a860c58bfa47e626f14347e7becb8f2ba36668aa832f7257688fd-1579188970 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 03:40:02
40 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968/detection/f-b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968-1585137043 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 02:55:02
41 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/65d2cbf312795b3f237301d0346d82d399d73ab0437c30ec1b9fbc5d3d50a1cd/detection/f-65d2cbf312795b3f237301d0346d82d399d73ab0437c30ec1b9fbc5d3d50a1cd-1597870959 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 02:45:02
42 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/2cbd206dc685cd77f357a30d6d76e37e0e5595a9db869825b7f7a4e580caaa3a/detection/f-2cbd206dc685cd77f357a30d6d76e37e0e5595a9db869825b7f7a4e580caaa3a-1579174625 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 01:40:02
43 GossiTheDog Fake Teams update if that's your thing. connects to eter101\.dvrlists\.com https://www.virustotal.com/gui/file/c563bb1b071c663ac571520bc2077d6d97cf0ba49b85c7f35f62dce90ef86fbf/detection https://twitter.com/GossiTheDog/status/1390836090546892802/photo/1 2021-05-08 01:08:59
44 GossiTheDog NitroRansomware still around - yes. still using Discord Nitro as payment (money laundering?). Only 9 out of 69 detection on VirusTotal. YARA rule in thread still detects. https://www.virustotal.com/gui/file/0730d2c78882147ae3c7adc67756a1436bb81132679c235b41fb2c484beb7345/detection https://twitter.com/GossiTheDog/status/1390830074182656003/photo/1 2021-05-08 00:45:04
45 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/5e19dc557b6c8af6b88d560976b5c93794a7981e69775604e8d09ebcdb1caaf0/detection/f-5e19dc557b6c8af6b88d560976b5c93794a7981e69775604e8d09ebcdb1caaf0-1612211428 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 00:20:02
46 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/c690cdb4530ba581810ac548d857f439576ef2e8183c4090399fda5dfbd6ccff/detection/f-c690cdb4530ba581810ac548d857f439576ef2e8183c4090399fda5dfbd6ccff-1611402429 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-08 00:05:02
47 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/4823fd6a8b6ba2e9738b870d823893ab3d73bbd38db17de6e83a081eea4283a9/detection/f-4823fd6a8b6ba2e9738b870d823893ab3d73bbd38db17de6e83a081eea4283a9-1602846479 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-07 23:40:03
48 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/4df5061df002146e496f999a3044bd06022a58ba670c229353a7a8442dab7061/detection/f-4df5061df002146e496f999a3044bd06022a58ba670c229353a7a8442dab7061-1518959550 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-07 23:40:02
49 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/57f222ad3126e54cecfba5e485cbfd7f2e4bc8fa61d5154e78384a040c8dc728/detection/f-57f222ad3126e54cecfba5e485cbfd7f2e4bc8fa61d5154e78384a040c8dc728-1567763947 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-07 23:00:02
50 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/8e3ec17f1c30adc3d7625635e77ae1991f7352dfdf25f64753e01ef071a79089/detection/f-8e3ec17f1c30adc3d7625635e77ae1991f7352dfdf25f64753e01ef071a79089-1578506418 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-05-07 22:50:02