| 1 |
James_inthe_box |
A small #unknown .NET #stealer that's been kicking around for a few months; #snort / #suricata / #yara rule at: https://gist.github.com/a64b6f1c78ca5307d00d766c36b3d2e3 … https://www.hybrid-analysis.com/string-search/results/366c98ad4c62f26a254fe120add089fd3a6c27142985d277b04e90e51c03a070 … all hashes on @mal_share cc @snort @malwareforme @switchingtoguns @ET_Labs @EmergingThreats @travisbgreen pic.twitter.com/aRWh8WWbgK
|
2020-07-10 23:47:59 |
| 2 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/8ab8e7920f48dbf7acbf2a0fd7aab701ac2b4ce1eedb0a4d39b83819d62442fb/detection/f-8ab8e7920f48dbf7acbf2a0fd7aab701ac2b4ce1eedb0a4d39b83819d62442fb-1549325982 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 23:15:02 |
| 3 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/5e2b41ff89580533da7a0705be075ff0f586d117b002c28a0e4a9db61b125b20/detection/f-5e2b41ff89580533da7a0705be075ff0f586d117b002c28a0e4a9db61b125b20-1587967776 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 22:55:02 |
| 4 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/fa2e5958a51aaba66de40455b378522be5ea377e5accccb1cda59dced6cfa41b/detection/f-fa2e5958a51aaba66de40455b378522be5ea377e5accccb1cda59dced6cfa41b-1581030264 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 22:30:03 |
| 5 |
HeliosCert |
Sample submitted 2020-07-10 20:30:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:176.14.233.38 715b0735f78e94295ea08e991640e68469793efaafdc31a5ae03305ddec50916 #malware #cyber #security
|
2020-07-10 22:30:02 |
| 6 |
bryceabdo |
Very low AV detected (4/73) #cobaltstrike https://www.virustotal.com/gui/file/670d05296e29183d8f292c1fe61003bb8bc608c5ee4916c68996b4f64e587622 … https://www.virustotal.com/gui/file/164f816dc125ab0a507134a82a20c5c0de872f66b6a7a56a848d52819e49cb9c … Stager -> 104.194.10.206 C2 -> dukeid.com Related C2 infra - cashihash.com - checkbacktill.com - cashtil.com #malware #threatintel pic.twitter.com/2DvcLPtftj
|
2020-07-10 22:14:19 |
| 7 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/1f47cb0ff1f6fd0783a24163738a1c061be23270e716591c9961cb0c12989b7e/detection/f-1f47cb0ff1f6fd0783a24163738a1c061be23270e716591c9961cb0c12989b7e-1563393624 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 22:00:02 |
| 8 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/85cdff18dbd7e529c9805770cd2b85bd55cdd223c0614bce04c9f7b1a451b718/detection/f-85cdff18dbd7e529c9805770cd2b85bd55cdd223c0614bce04c9f7b1a451b718-1580181503 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 21:55:02 |
| 9 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/e2fd6826b949a6d000b9f12842df7028c1fd3cc5ee736ccdf27f76c5706861f3/detection/f-e2fd6826b949a6d000b9f12842df7028c1fd3cc5ee736ccdf27f76c5706861f3-1561723433 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 21:50:02 |
| 10 |
ufc251onlineTv |
https://www.hybrid-analysis.com/sample/c99fc1bccfef81dcc636c1f30b632fa0d0abcb8d0f271c836952498bedc075c6 …
|
2020-07-10 21:41:52 |
| 11 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/b12a12933679bc4574f3b3ab97d7cf89749dc901105ef8e79508dd591e76c53d/detection/f-b12a12933679bc4574f3b3ab97d7cf89749dc901105ef8e79508dd591e76c53d-1594254201 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 21:30:03 |
| 12 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/b52fadfb325fa25dd0888bc9572610b9b3d0e13ef1c74e5319bbce485a9d4b3a/detection/f-b52fadfb325fa25dd0888bc9572610b9b3d0e13ef1c74e5319bbce485a9d4b3a-1585449002 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 21:25:02 |
| 13 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/01b4ccf4892ef5b859e2d582a768416854a219ce8b975741c01004bce55f7c93/detection/f-01b4ccf4892ef5b859e2d582a768416854a219ce8b975741c01004bce55f7c93-1561826104 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 21:20:02 |
| 14 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/ea672091ca0f46c89e5b23c1ec37cfba633ceb2cf65a4b0f1e5aad289aab78be/detection/f-ea672091ca0f46c89e5b23c1ec37cfba633ceb2cf65a4b0f1e5aad289aab78be-1585412514 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 21:15:02 |
| 15 |
HeliosCert |
Sample submitted 2020-07-10 19:05:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:14.98.126.90 5e2b41ff89580533da7a0705be075ff0f586d117b002c28a0e4a9db61b125b20 #malware #cyber #security
|
2020-07-10 21:05:03 |
| 16 |
HeliosCert |
Sample submitted 2020-07-10 19:00:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:190.201.121.29 8f4baaf2de0d6c9fe050e5362bde2a9274962006c1ab2483339521324ca45913 #malware #cyber #security
|
2020-07-10 21:00:02 |
| 17 |
HeliosCert |
Sample submitted 2020-07-10 18:50:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:190.74.235.222 1f47cb0ff1f6fd0783a24163738a1c061be23270e716591c9961cb0c12989b7e #malware #cyber #security
|
2020-07-10 20:50:02 |
| 18 |
HeliosCert |
Sample submitted 2020-07-10 18:40:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:42.116.162.108 8ab8e7920f48dbf7acbf2a0fd7aab701ac2b4ce1eedb0a4d39b83819d62442fb #malware #cyber #security
|
2020-07-10 20:40:02 |
| 19 |
ebotpoloskun |
#Windows #Trojan #Malware From: https://sys-optimize.com/#Windows>> https://sys-optimize.com/aso3setup_systweak-default.exe VirusTotal: https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection … pic.twitter.com/HEGKz42RS7
|
2020-07-10 20:39:23 |
| 20 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/94256a0f310b2d4da277e7684d579344aaacb572c86a8fdc9d7038b552c14548/detection/f-94256a0f310b2d4da277e7684d579344aaacb572c86a8fdc9d7038b552c14548-1572602563 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 20:30:02 |
| 21 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/98d00f97a58c4e2973da360f3233328e6eb6d37141a475cddc52c71a9939d8bb/detection/f-98d00f97a58c4e2973da360f3233328e6eb6d37141a475cddc52c71a9939d8bb-1562878900 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 20:20:02 |
| 22 |
bryceabdo |
Neat lil fake AV archive "漏洞检测工具.rar" https://www.virustotal.com/gui/file/337fa5bc6f79e67436a08d890da9d76e … - "VirusCheck.exe" load -> "uninstall.exe" (low detected) - cdb.exe -> alpha2 shellcode runner -> EnSafeNotify.exe - "After the inspection. no risks were found" - "/windowsxp/updcheck.php" #malware pic.twitter.com/EFqBvpy1Fo
|
2020-07-10 19:56:23 |
| 23 |
VK_Intel |
2020-07-05: Breaking New Blog: "The Dark Web of Intrigue: How #REvil Used the Underground Ecosystem to Form an Extortion Cartel" by our team @y_advintel & Daniel Frey Underground Extortion Business Model | REvil Pursues High-Value Targets https://www.advanced-intel.com/post/the-dark-web-of-intrigue-how-revil-used-the-underground-ecosystem-to-form-an-extortion-cartel … pic.twitter.com/aNU7viUmAT
|
2020-07-10 19:22:19 |
| 24 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/2ba85503ccbec5ca59f4196a92b5e89f001a5e1e9c49971d0b72f39c1043abb8/detection/f-2ba85503ccbec5ca59f4196a92b5e89f001a5e1e9c49971d0b72f39c1043abb8-1537755397 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 19:10:02 |
| 25 |
James_inthe_box |
ours file is also #azorult c2: http://773475d.ddns.net/index.php hash cce7b05b4b744f36c28adbbb4a52f521 on @mal_share
|
2020-07-10 19:06:31 |
| 26 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/64587fd1141d08acdf994278e9d9ce99b042ec3645416153412bb74d1754fb4e/detection/f-64587fd1141d08acdf994278e9d9ce99b042ec3645416153412bb74d1754fb4e-1579174752 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 19:05:03 |
| 27 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/a78769b9672a3e7d7fd3bb8d36c5253c4fb8779adf2c02d405f1d599d3766f2a/detection/f-a78769b9672a3e7d7fd3bb8d36c5253c4fb8779adf2c02d405f1d599d3766f2a-1555770290 … Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)
|
2020-07-10 19:05:03 |
| 28 |
HeliosCert |
Sample submitted 2020-07-10 17:05:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:194.44.201.153 b52fadfb325fa25dd0888bc9572610b9b3d0e13ef1c74e5319bbce485a9d4b3a #malware #cyber #security
|
2020-07-10 19:05:02 |
| 29 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/a1e5e1a18924ab36fd6ffb24c9fca57ee81ca11a8c9cac76d48f10e63718d61a/detection/f-a1e5e1a18924ab36fd6ffb24c9fca57ee81ca11a8c9cac76d48f10e63718d61a-1540962172 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 19:00:04 |
| 30 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/03d502053b92c586c249f32a2cba53956f6c9fc922c40102c3404deaf8adf5c6/detection/f-03d502053b92c586c249f32a2cba53956f6c9fc922c40102c3404deaf8adf5c6-1568715775 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 19:00:03 |
| 31 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/bac2eb5e1098d882c1ac7bb840fe8bdfb187c0d10f3d47470ca8ec6b354cfb87/detection/f-bac2eb5e1098d882c1ac7bb840fe8bdfb187c0d10f3d47470ca8ec6b354cfb87-1542682504 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 19:00:02 |
| 32 |
AdamTheAnalyst |
Fun Gozi/Ursnif spreader doc https://www.virustotal.com/gui/file/258e55598e9c585d6e187666b30f22db1d680983c511c0e879181ea50e0801bd/detection … pic.twitter.com/zBFnYQ71lm
|
2020-07-10 18:56:27 |
| 33 |
HeliosCert |
Sample submitted 2020-07-10 16:45:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:190.215.183.232 98d00f97a58c4e2973da360f3233328e6eb6d37141a475cddc52c71a9939d8bb #malware #cyber #security
|
2020-07-10 18:45:02 |
| 34 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 49 VirusTotal: https://www.virustotal.com/gui/file/3dd2352bc83100b97419b2c457193ded0c3731efe630ee745f95d612c9d96922/detection/f-3dd2352bc83100b97419b2c457193ded0c3731efe630ee745f95d612c9d96922-1594349232 … Threat: HT_SMALL_GG3107CA.UVPM (TrendMicro)
|
2020-07-10 18:40:02 |
| 35 |
theDark3d |
#Powershell #Doc 10 July Doc To Powershell (Anyrun Detected) hxxp://mguy2934.duckdns.org/mguyfol/7.mt Sample : https://bazaar.abuse.ch/sample/86be98c5baa52cf4df40a61ef4dba40a30fcbfb72b9bf1159440ca88ef382252/ … AnyRun : https://app.any.run/tasks/a1885401-aac9-4cc4-8a85-12c5b5ac679b … @malwrhunterteam @malwarehub @DynamicAnalysis @DissectMalware @reecdeep @ReBensk @andsyn1 @anyrun_app
|
2020-07-10 18:27:26 |
| 36 |
bad_packets |
Not sure if this is CVE-2020-8193. CVE-2020-8195. CVE-2020-8196. or a re-use of CVE-2018-6808 – but either way opportunistic mass scanning detected from 34.70.136.122 () and 35.188.133.59 () checking for vulnerable Citrix servers. pic.twitter.com/HVovLFD7ru
|
2020-07-10 18:24:39 |
| 37 |
IronNetTR |
Malware opendir found hosting suspected FormBook info stealer executable at hxxp://gvkibio.com/Scan012.exe. #Malware #opendir MD5: d39742571e0c6265c39592480ef45c04 https://app.any.run/tasks/e686b8b7-4520-41d5-b7e8-99f147ecb789 … pic.twitter.com/ypJfk62ZO9
|
2020-07-10 18:17:18 |
| 38 |
James_inthe_box |
An #opendir found by my friend @FewAtoms containing CHIL64 gtag #trickbot at: 185.14.31.93 couple c2's: 95.171.16.42 51.81.112.144 hash 5bf8e55247c38900f94178eca68df336 on @mal_share cc @fumik0_ @cocaman @Anti_Expl0it pic.twitter.com/TfNxXhboMH
|
2020-07-10 18:16:21 |
| 39 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/87f5792e30d05aa549669dad4fddbf1380142605b44de5a22717477893dab86a/detection/f-87f5792e30d05aa549669dad4fddbf1380142605b44de5a22717477893dab86a-1594249735 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 18:10:02 |
| 40 |
HeliosCert |
Sample submitted 2020-07-10 16:05:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:115.79.62.162 0b116b756cd56c64d23595a3eb067f271b7165dc31379129edf4439f734e604a #malware #cyber #security
|
2020-07-10 18:05:02 |
| 41 |
HeliosCert |
Sample submitted 2020-07-10 15:45:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:49.150.77.19 e2fd6826b949a6d000b9f12842df7028c1fd3cc5ee736ccdf27f76c5706861f3 #malware #cyber #security
|
2020-07-10 17:45:02 |
| 42 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/fd77624386af765e3821db69071e565a855ce7d95e0fe48d6e94dad5f10e4ddd/detection/f-fd77624386af765e3821db69071e565a855ce7d95e0fe48d6e94dad5f10e4ddd-1546844106 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 17:40:02 |
| 43 |
safety64607016 |
".rxx" - "back_data@foxmail.com" https://app.any.run/tasks/4f3d06f5-9a88-4213-bb8f-f9844ac2b14e … #CrySiS #Dharma #ransomware
|
2020-07-10 17:38:00 |
| 44 |
HeliosCert |
Sample submitted 2020-07-10 15:30:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:124.123.171.102 87f5792e30d05aa549669dad4fddbf1380142605b44de5a22717477893dab86a #malware #cyber #security
|
2020-07-10 17:30:02 |
| 45 |
James_inthe_box |
2.1.0.0 #masslogger
|
2020-07-10 17:25:52 |
| 46 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/ba82d6fe31bcafab856721f27f119a61cfab468cfddf66713a87488f4a7dff95/detection/f-ba82d6fe31bcafab856721f27f119a61cfab468cfddf66713a87488f4a7dff95-1554599332 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 17:25:02 |
| 47 |
James_inthe_box |
hashes: https://gist.github.com/1e805ccfb6195ccad98575827f93dd32 pic.twitter.com/I6krnwOUZY
|
2020-07-10 17:21:56 |
| 48 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/b8906f7452676ab39d8d4c3c6a16b41ec1dbbaf41c550ec83b40c3d82083f2d6/detection/f-b8906f7452676ab39d8d4c3c6a16b41ec1dbbaf41c550ec83b40c3d82083f2d6-1594383457 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 17:15:02 |
| 49 |
theDark3d |
#Fedex #Phishing 10 July Kenya School Of Law Student Portal Got Hack3d .. Phishing Url : hxxp://www.ksl.ac.ke/wp-content/plugins/hell/filco4/backup/ https://app.any.run/tasks/4bce7882-4f2e-4baf-ae8a-5398fe503342 … @ActorExpose @phishunt_io @PhishKitTracker @malwrhunterteam @JAMESWT_MHT @reecdeep
|
2020-07-10 17:13:40 |
| 50 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/6d2732c449c79076dbf9a640f027d128679ff2feb7b9e890b496e9efa8322559/detection/f-6d2732c449c79076dbf9a640f027d128679ff2feb7b9e890b496e9efa8322559-1550303859 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-07-10 17:05:02 |