| 1 |
Arkbird_SOLG |
Good point for the similarities between #RotaJakiro and the 2016 version of ELF backdoor of Oceanlotus. II share the rule at the same time.
H/T @c3rb3ru5d3d53c @JAMESWT_MHT
Samples :
https://bazaar.abuse.ch/browse/signature/RotaJakiro/
https://bazaar.abuse.ch/sample/07154b7a45937f2f5a2cda5b701504b179d0304fc653edb2d0672f54796c35f7/
Yara :
https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-08/RotaJakiro/MAL_ELF_RotaJakiro_May_2021_1.yara
|
2021-05-08 21:23:58 |
| 2 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 64
VirusTotal: https://www.virustotal.com/gui/file/59e7413a5d917b6e2ec91f72ab2e53ae6762eb87a6ee92cda1259488bd61afed/detection/f-59e7413a5d917b6e2ec91f72ab2e53ae6762eb87a6ee92cda1259488bd61afed-1577753785
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 21:20:02 |
| 3 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/4f740d8bd13708b231618cebfb7fa1f9d22aa24a330012ea3bf5eaad17ea635a/detection/f-4f740d8bd13708b231618cebfb7fa1f9d22aa24a330012ea3bf5eaad17ea635a-1615797918
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 21:00:02 |
| 4 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/707a5586650d344d30819317dd36a295be398ed1d4c4beb9d4ecacd05ec95e1c/detection/f-707a5586650d344d30819317dd36a295be398ed1d4c4beb9d4ecacd05ec95e1c-1546008060
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 20:50:03 |
| 5 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/ce8a56eece99455b88ee03b5d43f70fe979fc25718bf6f7c82ea73c1a579cb7c/detection/f-ce8a56eece99455b88ee03b5d43f70fe979fc25718bf6f7c82ea73c1a579cb7c-1599651171
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 20:10:02 |
| 6 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 65
VirusTotal: https://www.virustotal.com/gui/file/0317f30f3b8872da8b3e2504ffd20e98d269b5d3a9d5bea9babb9684c8a02a8f/detection/f-0317f30f3b8872da8b3e2504ffd20e98d269b5d3a9d5bea9babb9684c8a02a8f-1579176570
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 19:55:02 |
| 7 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/a5ea1a1955e87f6698a2e099b292b20b28ead49421b8c5a223ef82d7979096e9/detection/f-a5ea1a1955e87f6698a2e099b292b20b28ead49421b8c5a223ef82d7979096e9-1557961053
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 19:25:02 |
| 8 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 55
VirusTotal: https://www.virustotal.com/gui/file/7c731d25b23ece405ac3de4cc27240eea7673e9ccedc004a69da2f440cbd800d/detection/f-7c731d25b23ece405ac3de4cc27240eea7673e9ccedc004a69da2f440cbd800d-1545339925
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 18:30:03 |
| 9 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 67
VirusTotal: https://www.virustotal.com/gui/file/c6a705fe818a60b190610479a8b8c1da900fb019ae961beabcc371b08e3689d0/detection/f-c6a705fe818a60b190610479a8b8c1da900fb019ae961beabcc371b08e3689d0-1586998217
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 18:15:02 |
| 10 |
m0rb |
2021-05-08T18:06:17 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection
|
2021-05-08 18:06:18 |
| 11 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/867150935ecc2ec3dc3051d0446cf1325c5e5d17e26340727c828cdefe61c03e/detection/f-867150935ecc2ec3dc3051d0446cf1325c5e5d17e26340727c828cdefe61c03e-1602855873
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 17:50:01 |
| 12 |
kawaii_FoxZ |
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Credits for the mod creator! #HoloFunk
@FoxArcana @C013Huff @SaltyHotcakes and teams
Using Kade's Engine build version 1.4.2
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Link Download LUL
Games: https://www.mediafire.com/file/c3u3vr0yjo8x4tg/HoloFunk-UnOfficial.rar/file
Virus Total https://www.virustotal.com/gui/file/b8c67325daefa120e9ef5f9a111d9ec62360c8b07b388e9d79e1375388fa42d6/detection https://twitter.com/kawaii_FoxZ/status/1391084701671067649/photo/1
|
2021-05-08 17:36:52 |
| 13 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 48
VirusTotal: https://www.virustotal.com/gui/file/4f79e47d32894d1db875edecd20b830abe80b27f8af1b5917874301c0bf36a27/detection/f-4f79e47d32894d1db875edecd20b830abe80b27f8af1b5917874301c0bf36a27-1619231080
Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)
|
2021-05-08 17:05:02 |
| 14 |
James_inthe_box |
@ViriBack @EmergingThreats @ET_Labs exe hash of your sample:
f7c14b31287077767f6c64fad68fabe53a78273ed4cf303c041357d66675bab2
thanks for the tag..been a while :) https://twitter.com/James_inthe_box/status/1391074927193649152/photo/1
|
2021-05-08 16:58:02 |
| 15 |
ViriBack |
Seems to Load interesting #cypress from the behavior in VT:
40e74935dd9135e38e3fd3e99aa361c87cee569664fce16660501ea617bd9d93
@James_inthe_box @500mk500 https://twitter.com/ViriBack/status/1391073120308580356/photo/1
|
2021-05-08 16:50:51 |
| 16 |
500mk500 |
@ViriBack https://www.virustotal.com/gui/file/365c4d412d538e3308c77cac58204ce5e596d0baa7788215368fb4495e4b4232/behavior :
number1g.top <-- #Raccoon #Stealer ( https://tria.ge/210507-8mfadfbjpe/behavioral1)
miranore.top <-- can also be related to #Raccoon #Stealer
|
2021-05-08 16:45:49 |
| 17 |
James_inthe_box |
@ViriBack Confirmed #modernloader. flagged by @EmergingThreats @ET_Labs as #avatarloader. Hashes of ones from 2019:
b64d211186b34c12c5c89da1c43689ea1584b54fda855862731c795acd80d4c1
fcc550358ddeae5061b3bdf1b720be49b39b78356e3cb189cfe26cd170ac7aa2
|
2021-05-08 16:43:30 |
| 18 |
ViriBack |
Unknown #malware C2 to me:
miranore.top/ASHASHAShOWIWWWQQQ/
https://app.any.run/tasks/e3e3d3af-abb3-4956-a986-6186d2c8b61a
Interesting GET with base64 obfuscated payload:
#modernLoader ? https://twitter.com/ViriBack/status/1391069175548948483/photo/1
|
2021-05-08 16:35:10 |
| 19 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/d27a0b116b8166d133d56c54cc4b539ef4dae62dd56d77154f34ba78a2ed855f/detection/f-d27a0b116b8166d133d56c54cc4b539ef4dae62dd56d77154f34ba78a2ed855f-1594372436
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 15:55:02 |
| 20 |
MalwareHomie |
MIPS malware dropping into my honeypot from an Iranian IP // 185.141.38.60
🇮🇷
sha256 hash // 020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0
APT35 lol Y'all need to chill
https://analyze.intezer.com/analyses/46bc2d0d-0478-46a6-8175-7576c4605df2
https://www.virustotal.com/gui/file/020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0/detection
#ThreatIntel #Malware https://twitter.com/MalwareHomie/status/1391037235303264256/photo/1
|
2021-05-08 14:28:15 |
| 21 |
James_inthe_box |
@LittleRedBean2 @malwrhunterteam @JAMESWT_MHT @Kafan_MalwareHT #keylogger and #stealer. I do not see where it targets #telegram however (might have missed it). Extracted hash:
17075832426b085743c2ba811690b525cf8d486da127edc030f28bb3e10e0734 https://twitter.com/James_inthe_box/status/1391029028673376256/photo/1
|
2021-05-08 13:55:39 |
| 22 |
LittleRedBean2 |
Maybe #Fickerstealer
I found it on Anyrun,zip archive has low detection rate on VT
The Setup.exe is too big,Cannot Upload to VT
fcc260dbb9465ac34ce760ffd10d5251
https://app.any.run/tasks/99b2dfc9-f14c-4e3d-ad08-6fb3e2b68279/
@malwrhunterteam @Arkbird_SOLG @c3rb3ru5d3d53c @JAMESWT_MHT
Is it Malicious?🤔
|
2021-05-08 13:44:16 |
| 23 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 65
VirusTotal: https://www.virustotal.com/gui/file/a10549ced98461aed6acdcc3cd2aefc3e2bbbe9fe3b1d44bb32dff3af1106f54/detection/f-a10549ced98461aed6acdcc3cd2aefc3e2bbbe9fe3b1d44bb32dff3af1106f54-1593497552
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 12:50:02 |
| 24 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/4a4b710604cbf08c7506bee133c71213d9bc9302e1883317c7e3f732b98b03af/detection/f-4a4b710604cbf08c7506bee133c71213d9bc9302e1883317c7e3f732b98b03af-1579500918
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 12:35:02 |
| 25 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/b03f4f37fbea42d2565e702d16152c29b2528967eedb3de7cd096b4a59f9dabd/detection/f-b03f4f37fbea42d2565e702d16152c29b2528967eedb3de7cd096b4a59f9dabd-1609992809
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 11:05:02 |
| 26 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 67
VirusTotal: https://www.virustotal.com/gui/file/2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20/detection/f-2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20-1588890318
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 09:05:02 |
| 27 |
Certego_Intel |
#Covid19 #CertStream #Suspicious
Domain: rm-iso-cmp-snew-covid19.sn-covid-19.srv.dev.smartnews.net
VirusTotal: https://www.virustotal.com/gui/domain/rm-iso-cmp-snew-covid19.sn-covid-19.srv.dev.smartnews.net
#CyberSecurity #ThreatIntel (bot generated)
|
2021-05-08 08:21:30 |
| 28 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/3d612a8b59f1621427b98adbf9f257b35c6f7b32b9a693979f06af2db6377ede/detection/f-3d612a8b59f1621427b98adbf9f257b35c6f7b32b9a693979f06af2db6377ede-1594601306
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 08:20:02 |
| 29 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/4933111fbf5b7b1388adbc57e104b4625921a687fced7be85990a7197d4d11de/detection/f-4933111fbf5b7b1388adbc57e104b4625921a687fced7be85990a7197d4d11de-1594309984
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 08:05:02 |
| 30 |
fbgwls245 |
98ECE7FEC34F365849966B07FC74724B
C:\Users\camil\source\repos\NewRanSmWare\NewRanSmWare\obj\Debug\NewRanSmWare.pdb https://twitter.com/fbgwls245/status/1390939769882877955/photo/1
|
2021-05-08 08:00:58 |
| 31 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 54
VirusTotal: https://www.virustotal.com/gui/file/b7c6630360ab77535619e687cb6f82395768ac932bc0199fe186cf5951b293c3/detection/f-b7c6630360ab77535619e687cb6f82395768ac932bc0199fe186cf5951b293c3-1523243621
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 06:15:02 |
| 32 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 65
VirusTotal: https://www.virustotal.com/gui/file/2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47/detection/f-2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47-1579183210
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 06:10:02 |
| 33 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 64
VirusTotal: https://www.virustotal.com/gui/file/5987fd44b3bc9e1d83234af65ba3af71c2ddc1457738620eada5313bb4ac5454/detection/f-5987fd44b3bc9e1d83234af65ba3af71c2ddc1457738620eada5313bb4ac5454-1597874983
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 06:00:02 |
| 34 |
m0rb |
2021-05-08T05:09:36 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection
|
2021-05-08 05:09:36 |
| 35 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 67
VirusTotal: https://www.virustotal.com/gui/file/11d1b9e86aa6f141c5e1070e05b961fe50fe889baf4c370607fb218580abff25/detection/f-11d1b9e86aa6f141c5e1070e05b961fe50fe889baf4c370607fb218580abff25-1588077317
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 04:25:03 |
| 36 |
ozuma5119 |
#Phishing Alert⚠ #フィッシング #詐欺
hxxps://myjcb.co.registrarpeople.buzz/
IP: 205.185.122.243 (AS53667 FranTech. CA🇨🇦 & US🇺🇸)
Registrar: NameSilo
https://otx.alienvault.com/indicator/domain/registrarpeople.buzz
Brand: JCB Card ジェーシービーカード. Japan🇯🇵
https://urlscan.io/result/634c226f-fe13-4eda-9504-67d980749c05 https://twitter.com/ozuma5119/status/1390882970924290051/photo/1
|
2021-05-08 04:15:16 |
| 37 |
ozuma5119 |
#Phishing Alert⚠ #フィッシング #詐欺 #MoqHao
hxxp://ifu-mufg.com/
IP: 165.3.87.71 (WOOLWORTHS. ZA🇿🇦) #Afrinic
Registrar: GoDaddy
https://otx.alienvault.com/indicator/domain/ifu-mufg.com
Brand: MUFG Bank 三菱UFJ銀行. Japan🇯🇵
https://urlscan.io/result/4a395367-a1cf-459a-b945-4d82fbfbff4a/
@Bank_Security @bakabanker2 @yako_hiro https://twitter.com/ozuma5119/status/1390875960283598849/photo/1
|
2021-05-08 03:47:24 |
| 38 |
m0rb |
2021-05-08T03:45:43 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection
|
2021-05-08 03:45:44 |
| 39 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/e09d8625fa4a860c58bfa47e626f14347e7becb8f2ba36668aa832f7257688fd/detection/f-e09d8625fa4a860c58bfa47e626f14347e7becb8f2ba36668aa832f7257688fd-1579188970
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 03:40:02 |
| 40 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 67
VirusTotal: https://www.virustotal.com/gui/file/b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968/detection/f-b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968-1585137043
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 02:55:02 |
| 41 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/65d2cbf312795b3f237301d0346d82d399d73ab0437c30ec1b9fbc5d3d50a1cd/detection/f-65d2cbf312795b3f237301d0346d82d399d73ab0437c30ec1b9fbc5d3d50a1cd-1597870959
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 02:45:02 |
| 42 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/2cbd206dc685cd77f357a30d6d76e37e0e5595a9db869825b7f7a4e580caaa3a/detection/f-2cbd206dc685cd77f357a30d6d76e37e0e5595a9db869825b7f7a4e580caaa3a-1579174625
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 01:40:02 |
| 43 |
GossiTheDog |
Fake Teams update if that's your thing. connects to eter101\.dvrlists\.com https://www.virustotal.com/gui/file/c563bb1b071c663ac571520bc2077d6d97cf0ba49b85c7f35f62dce90ef86fbf/detection https://twitter.com/GossiTheDog/status/1390836090546892802/photo/1
|
2021-05-08 01:08:59 |
| 44 |
GossiTheDog |
NitroRansomware still around - yes. still using Discord Nitro as payment (money laundering?). Only 9 out of 69 detection on VirusTotal. YARA rule in thread still detects. https://www.virustotal.com/gui/file/0730d2c78882147ae3c7adc67756a1436bb81132679c235b41fb2c484beb7345/detection https://twitter.com/GossiTheDog/status/1390830074182656003/photo/1
|
2021-05-08 00:45:04 |
| 45 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/5e19dc557b6c8af6b88d560976b5c93794a7981e69775604e8d09ebcdb1caaf0/detection/f-5e19dc557b6c8af6b88d560976b5c93794a7981e69775604e8d09ebcdb1caaf0-1612211428
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 00:20:02 |
| 46 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 64
VirusTotal: https://www.virustotal.com/gui/file/c690cdb4530ba581810ac548d857f439576ef2e8183c4090399fda5dfbd6ccff/detection/f-c690cdb4530ba581810ac548d857f439576ef2e8183c4090399fda5dfbd6ccff-1611402429
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 00:05:02 |
| 47 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/4823fd6a8b6ba2e9738b870d823893ab3d73bbd38db17de6e83a081eea4283a9/detection/f-4823fd6a8b6ba2e9738b870d823893ab3d73bbd38db17de6e83a081eea4283a9-1602846479
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-07 23:40:03 |
| 48 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 57
VirusTotal: https://www.virustotal.com/gui/file/4df5061df002146e496f999a3044bd06022a58ba670c229353a7a8442dab7061/detection/f-4df5061df002146e496f999a3044bd06022a58ba670c229353a7a8442dab7061-1518959550
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-07 23:40:02 |
| 49 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 64
VirusTotal: https://www.virustotal.com/gui/file/57f222ad3126e54cecfba5e485cbfd7f2e4bc8fa61d5154e78384a040c8dc728/detection/f-57f222ad3126e54cecfba5e485cbfd7f2e4bc8fa61d5154e78384a040c8dc728-1567763947
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-07 23:00:02 |
| 50 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/8e3ec17f1c30adc3d7625635e77ae1991f7352dfdf25f64753e01ef071a79089/detection/f-8e3ec17f1c30adc3d7625635e77ae1991f7352dfdf25f64753e01ef071a79089-1578506418
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-07 22:50:02 |