Last 5 Entries

ID User Tweet Date
1 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/f3c35a5af515e2c2880e19333af5a6b9d856abfb0eada86c073ddf71def94c6b/detection/f-f3c35a5af515e2c2880e19333af5a6b9d856abfb0eada86c073ddf71def94c6b-1650556588 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 23:40:03
2 TaWeststrate Domain: http://rotterdamrides.nl - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/rotterdamrides.nl 2022-05-22 22:57:33
3 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 28 VirusTotal: https://www.virustotal.com/gui/file/f9981a6198009606540f61b26a759c519cee78be724bfe377b6be1b6d45a72fb/detection/f-f9981a6198009606540f61b26a759c519cee78be724bfe377b6be1b6d45a72fb-1646840055 Threat: Possible_IRCBOT.SMLBO (TrendMicro) 2022-05-22 22:40:02
4 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/9a88b86053e0b1701c991e35718ff71478ec0ba66f2a03a8a86516829f088f60/detection/f-9a88b86053e0b1701c991e35718ff71478ec0ba66f2a03a8a86516829f088f60-1650556346 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 22:10:02
5 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/74b4855f9b22972274260b357b291dc4244d5714caaaa591824d5780d4ba37a8/detection/f-74b4855f9b22972274260b357b291dc4244d5714caaaa591824d5780d4ba37a8-1634306717 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 20:50:02
6 TaWeststrate Domain: http://bcc.nl - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/bcc.nl 2022-05-22 20:38:01
7 phishunt_io #NewPhishing | #phishing #scam 🔗 /iclloud.ml/ 🚩 167.172.88.66 ☁ DIGITALOCEAN-ASN 🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1528473516982558721/photo/1 2022-05-22 20:30:58
8 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/091246b43567dd358bd784afa1854c6553fa1e661e66c077bc5de68a45f50dd4/detection/f-091246b43567dd358bd784afa1854c6553fa1e661e66c077bc5de68a45f50dd4-1650556559 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 20:25:02
9 TaWeststrate Domain: http://kpnstreaming.nl - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/kpnstreaming.nl 2022-05-22 20:22:53
10 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/6a80565077ec7f363a1aba4d07ba19747ad1bf1c094df2f8ca48ddf5e957ee77/detection/f-6a80565077ec7f363a1aba4d07ba19747ad1bf1c094df2f8ca48ddf5e957ee77-1596243939 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 19:15:03
11 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/eea04bce30058338f29d97b4d55ae56b75c7025c41816523df318a8d33b8e0c3/detection/f-eea04bce30058338f29d97b4d55ae56b75c7025c41816523df318a8d33b8e0c3-1650556560 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 19:15:03
12 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/bb596c843347ed7c7a7a4b085698412c82ffbbc192bd1fab3dca5ae75285c54b/detection/f-bb596c843347ed7c7a7a4b085698412c82ffbbc192bd1fab3dca5ae75285c54b-1638481575 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 18:10:02
13 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/7034df11ba018724cb8e824ad2ac7fdfe3cbab8e289f716cca5b150fd4fedfcf/detection/f-7034df11ba018724cb8e824ad2ac7fdfe3cbab8e289f716cca5b150fd4fedfcf-1650556485 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 17:30:02
14 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/b190b08b52f0028c34e28758bc2de866d223e206207279c7324fb695b2323048/detection/f-b190b08b52f0028c34e28758bc2de866d223e206207279c7324fb695b2323048-1647151518 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 16:45:02
15 phishunt_io #NewPhishing | #phishing #scam 🔗 /instagram-copyright.eu/ 🚩 92.204.220.55 ☁ Host Europe GmbH 🔒 ZeroSSL RSA Domain Secure Site CA https://twitter.com/phishunt_io/status/1528412775583735808/photo/1 2022-05-22 16:29:36
16 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/b05dc9b387ae32d96ccc1615898ef3cf4b623eb224f264565d1f09115007756e/detection/f-b05dc9b387ae32d96ccc1615898ef3cf4b623eb224f264565d1f09115007756e-1535611289 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 15:55:02
17 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/a0ddd0d6596fdca886ac2892224dc2905a594e96663fa551c3193f420217dcb8/detection/f-a0ddd0d6596fdca886ac2892224dc2905a594e96663fa551c3193f420217dcb8-1638477013 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 15:35:02
18 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/a92cdcbb47664e6d8ffda73a865b2c9b5c1932de0c291ceef4a89707bd267b0b/detection/f-a92cdcbb47664e6d8ffda73a865b2c9b5c1932de0c291ceef4a89707bd267b0b-1650556396 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 14:55:02
19 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/e717a381bf0642560482c1c8a4a3908ff4b6e0bf3300dcddd78f0f81065bd602/detection/f-e717a381bf0642560482c1c8a4a3908ff4b6e0bf3300dcddd78f0f81065bd602-1630894740 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 13:50:02
20 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/b30a9457d46bbfb8ab98c3108fd804049fd8612cb0e92d2ad6108f3ea5f2ed2d/detection/f-b30a9457d46bbfb8ab98c3108fd804049fd8612cb0e92d2ad6108f3ea5f2ed2d-1650792618 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 13:10:02
21 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 44 VirusTotal: https://www.virustotal.com/gui/file/a4b97fd561d49eb3a43fcb259c5352840254a188e73d5d75768ad3bafa9fa58f/detection/f-a4b97fd561d49eb3a43fcb259c5352840254a188e73d5d75768ad3bafa9fa58f-1651577118 Threat: Trojan-Ransom.Win32.Wanna.m (Kaspersky) 2022-05-22 13:00:02
22 Necio_news KWFLPC.exe (MD5: 1CD8A018B6AF07D08C22BD6429014B0E) #Ransomware https://app.any.run/tasks/d611022e-214d-4db2-b947-cd684b79c794/ 2022-05-22 12:52:33
23 BushidoToken @urlscanio @ofgem Expect more of these to come. Found four additional @ofgem-themed sites on the same IP: ofgem-energy-rebate.com rebate-ofgem.com ofgem-register-rebate.com ofgem-rebate.com Found w/ the pDNS feature of @alienvault https://otx.alienvault.com/indicator/ip/91.235.116.232 2022-05-22 12:28:38
24 phishunt_io #NewPhishing | #phishing #scam 🔗 /santander.co.uk.app-review.guide/3/Login.php 🚩 185.254.198.135 ☁ Virtual Systems LLC 🔒 R3 https://twitter.com/phishunt_io/status/1528351445971521536/photo/1 2022-05-22 12:25:54
25 petrovic082 #Magniber https://www.virustotal.com/gui/file/e34f36059d3a8cc09e0127325c2ab74346d460e867b8961b8e5aa3714aef9f3c 2022-05-22 12:25:42
26 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/1708bf36cb4624324bca48b1e8bc9e07c920321300300b54c8b84712197ba59a/detection/f-1708bf36cb4624324bca48b1e8bc9e07c920321300300b54c8b84712197ba59a-1611882411 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 12:05:02
27 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/bb003235ea4eddd693df2d3582a82df1ac965b77a544b22b0a69470adc4032e5/detection/f-bb003235ea4eddd693df2d3582a82df1ac965b77a544b22b0a69470adc4032e5-1621810887 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 11:50:02
28 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/f54fbfcb038af9a12d446f0150b97fef7a71ca02eec07c517f0ed00fdbea8185/detection/f-f54fbfcb038af9a12d446f0150b97fef7a71ca02eec07c517f0ed00fdbea8185-1652756118 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 11:40:03
29 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/9c954911f360b38eba00754c98b57bc99b9cc8869dba0de8fb492115490bed2a/detection/f-9c954911f360b38eba00754c98b57bc99b9cc8869dba0de8fb492115490bed2a-1620892775 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 11:40:02
30 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/989ed5b9434bcf536121430528ab94e1d2385485e0c3d951b2f23000143614cc/detection/f-989ed5b9434bcf536121430528ab94e1d2385485e0c3d951b2f23000143614cc-1650557009 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 11:15:02
31 WhichbufferArda @malwrhunterteam @JAMESWT_MHT #IOC miniboxmail.com 3855dc19811715e15d9775a42b1a6c55 7a371437e98c546c6649713703134727 90e6878ebfb3e962523f03f9d411b35c Decrypted INIT file (SPINNER backdoor) https://www.virustotal.com/gui/file/c598043454430c7911d4ade27e5a7ba3aaa425eaddaabded7b1f66dae9ba908f/detection 2022-05-22 10:44:51
32 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/e8aaa8bb667a77f8859a583e51ba9b36882292cf1fba24b44543607c9d56c06c/detection/f-e8aaa8bb667a77f8859a583e51ba9b36882292cf1fba24b44543607c9d56c06c-1643587225 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 09:30:02
33 WhichbufferArda Chinese APT called Twisted Panda using macro enabled word file ".dotm" as a dropper to execute #malware .When I analyzed the macro code we can clearly see the Base64 + XOR Obfuscated DLL file has been stored inside UserForm1. @malwrhunterteam @JAMESWT_MHT https://www.virustotal.com/gui/file/defd44e440403033f9a0f222439c2b6a2bd670817dd483ad1bbae11c30e81034/detection https://twitter.com/WhichbufferArda/status/1528304666781667328/photo/1 2022-05-22 09:20:01
34 phishunt_io #NewPhishing | #phishing #scam 🔗 /mtb-online.netfl1x.duckdns.org/ 🚩 34.201.145.26 ☁ AMAZON-AES 🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1528290715951841283/photo/1 2022-05-22 08:24:35
35 bad_packets Mass scanning activity detected from 58.62.36.13 (🇨🇳) and 58.62.36.17 (🇨🇳) targeting F5 BIG-IP iControl REST endpoints vulnerable to unauthenticated remote code execution (CVE-2022-1388). #threatintel 2022-05-22 07:13:38
36 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 12 VirusTotal: https://www.virustotal.com/gui/file/50f7939939bbb2a4d81e54a406e8b1bec0473326792490e8d1d67bef965295bc/detection/f-50f7939939bbb2a4d81e54a406e8b1bec0473326792490e8d1d67bef965295bc-1653049536 Threat: Possible_MIRAIDLOD.SMLBAT6 (TrendMicro) 2022-05-22 07:05:02
37 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/df6d5b29a97647bca44e2306069f7675ef992f591c8c761af99bbdc17cfa7692/detection/f-df6d5b29a97647bca44e2306069f7675ef992f591c8c761af99bbdc17cfa7692-1652882718 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 07:00:02
38 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 28 VirusTotal: https://www.virustotal.com/gui/file/99228bb1175c75d6192b30e8c9ed9754b9489122cb152cf3ccbef8cdc674911d/detection/f-99228bb1175c75d6192b30e8c9ed9754b9489122cb152cf3ccbef8cdc674911d-1648638468 Threat: Possible_IRCBOT.SMLBO (TrendMicro) 2022-05-22 06:55:03
39 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/ede6464addf1620c5123faba7a64142f70331b33c6bcc2723b8a4f0b3ee5126a/detection/f-ede6464addf1620c5123faba7a64142f70331b33c6bcc2723b8a4f0b3ee5126a-1650557000 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 06:45:02
40 micham Sunday's #phishingkit phun with that #opendir site🙄 Be safe! https://www.virustotal.com/gui/url/946a4052b6566d68f2d246c016ecaca48e9708d1866feb7cb9d303a7a8c24986 https://twitter.com/micham/status/1528262755316551681/photo/1 2022-05-22 06:33:29
41 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/6eeab1c7ca288556dc5d98ac4eb7dc16a493c5558085675ff95ab1d66802cfd7/detection/f-6eeab1c7ca288556dc5d98ac4eb7dc16a493c5558085675ff95ab1d66802cfd7-1650553882 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 06:30:02
42 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/be8dddd609e698899c7889810639af43afa1ceee4bfa2579f290f07b943b2341/detection/f-be8dddd609e698899c7889810639af43afa1ceee4bfa2579f290f07b943b2341-1621816465 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 06:20:03
43 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/362ecf6627234418c784e898b5f6f74dcce68008ff152fb20302cefd66c11786/detection/f-362ecf6627234418c784e898b5f6f74dcce68008ff152fb20302cefd66c11786-1588575271 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 06:15:03
44 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/0f124af552cf80d692cf10bea71c85ddf9906c6a4ac0eab5b1964bb7eb9a1500/detection/f-0f124af552cf80d692cf10bea71c85ddf9906c6a4ac0eab5b1964bb7eb9a1500-1650556499 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 05:50:02
45 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47/detection/f-2f383c28b6429b54ff34ae6aea90ea064ca5d78ceb93d7ed027271960d6d9d47-1650556609 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 04:45:02
46 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/2c963a97776593ddf2101d612f978a576d2183df2fbb8d1066e3539b7569182a/detection/f-2c963a97776593ddf2101d612f978a576d2183df2fbb8d1066e3539b7569182a-1595474844 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-22 04:35:02
47 phishunt_io #NewPhishing | #phishing #scam 🔗 /img-instagram-file.my.id/ 🚩 188.114.97.10 ☁ CLOUDFLARENET 🔒 Cloudflare Inc ECC CA-3 https://twitter.com/phishunt_io/status/1528229904474591232/photo/1 2022-05-22 04:22:57
48 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 24 VirusTotal: https://www.virustotal.com/gui/file/256af3aa89168028c4979029d00e1510e75a742ab93793f3283c77bcaddd6cea/detection/f-256af3aa89168028c4979029d00e1510e75a742ab93793f3283c77bcaddd6cea-1653126666 Threat: ELF_MIRAILOD.SM (TrendMicro) 2022-05-22 03:15:01
49 micham Sunday morning #phish for breakfast. Email arrival from 117.50.163.118🇨🇳 pointing to a bunch of @AmazonJP #phishing pages. Be safe! https://www.phishtank.com/phish_detail.php?phish_id= 7522970 https://www.virustotal.com/gui/url/eafa09b6663add931a4368add05a766a026d86ad7589929ad3ce3d33a2fcca09?nocache= 1 https://twitter.com/micham/status/1528188110785630208/photo/1 2022-05-22 01:36:52
50 Fevilhalva460 @alaskalute @discord I wouldn't click on it https://www.virustotal.com/gui/url/45d132305a72ea647f2b34bdcff05e0cfab824453ecc19be4c84bb0dbe24ce02/community 2022-05-22 01:33:05
51 Fevilhalva460 @Tom48925403 @discord The scans from VirusTotal say it is safe. BUT if you go on comunity someone commented it is a phising link. so better not open it https://www.virustotal.com/gui/url/45d132305a72ea647f2b34bdcff05e0cfab824453ecc19be4c84bb0dbe24ce02/community 2022-05-22 01:32:19
52 phishunt_io #NewPhishing | #phishing #scam 🔗 /www.googlegiftcards.tk/ 🚩 142.250.74.211 ☁ GOOGLE 🔒 GTS CA 1D4 https://twitter.com/phishunt_io/status/1528168862402879489/photo/1 2022-05-22 00:20:23
53 petrovic082 https://www.virustotal.com/gui/file/c7f88943301b4e6fdc6f2823932b3d5d7d24a40e114e1399e5c42c4d18b2aed9 2022-05-21 21:07:48
54 petrovic082 #GANDCRAB V5.0.3 #Ransomware https://www.virustotal.com/gui/file/d11d4506f4edca9f202a237d35f484ee02aa0579d886696385d16769c8eb21d0/details 2022-05-21 21:05:56
55 phishunt_io #NewPhishing | #phishing #scam 🔗 /confirm.santander.device48.com/ 🚩 34.118.0.86 ☁ GOOGLE-CLOUD-PLATFORM 🔒 R3 https://twitter.com/phishunt_io/status/1528108049088618496/photo/1 2022-05-21 20:18:44
56 500mk500 @malwrhunterteam @LukasStefanko B: https://bazaar.abuse.ch/sample/a07e63fb0b0edc75361f191c3c15fad4f0fbffbbd73369499c0e393a4add7547/ 2022-05-21 19:53:30
57 Decio_o_o y compris pour macOS (Mach-O x86_64) voilà le spécimen https://www.virustotal.com/gui/file/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45/detection https://hybrid-analysis.com/sample/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45 https://twitter.com/Decio_o_o/status/1528074318718066688/photo/1 2022-05-21 18:04:42
58 1ightanddark @threatresearch @SophosLabs @GossiTheDog @cyb3rops @BleepinComputer @MBThreatIntel @MsftSecIntel This one as well!!! Pretty malicious activity. https://www.virustotal.com/gui/url/9a0b4e8b109b1fd20d8a771982feed778e2633685d2add0c3658fd3d22104104/summary #malware 2022-05-21 17:40:15
59 1ightanddark @threatresearch @SophosLabs @GossiTheDog @cyb3rops @BleepinComputer @MBThreatIntel @MsftSecIntel Including a few others for awareness but Of course! This domain is also showing very interesting activity from Russia. #russia https://www.virustotal.com/gui/url/59f0840bf40e391f962872b4d0708e525fd8f74b7dca86a9b24e4510229a0d72 2022-05-21 17:38:56
60 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 23 VirusTotal: https://www.virustotal.com/gui/file/09c96526fe5c758db7051dc23470e5cacaa4f920d6678aed94b76f1ecbd95653/detection/f-09c96526fe5c758db7051dc23470e5cacaa4f920d6678aed94b76f1ecbd95653-1653109054 Threat: ELF_MIRAILOD.SM (TrendMicro) 2022-05-21 17:30:02
61 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/aec918fc5527c8960921c04c7abbcf3aadcb5d8f0aa6862c6d6be68e28771a68/detection/f-aec918fc5527c8960921c04c7abbcf3aadcb5d8f0aa6862c6d6be68e28771a68-1650556640 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 17:20:02
62 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/e58460224496dbc08ff03c6162cf20e6e5b0b7e38acd0e6fec4003a6a090eb2e/detection/f-e58460224496dbc08ff03c6162cf20e6e5b0b7e38acd0e6fec4003a6a090eb2e-1650556692 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 16:30:02
63 phishunt_io #NewPhishing | #phishing #scam 🔗 /instagramhelpbussines.ml/ 🚩 37.140.192.240 ☁ Domain names registrar http://REG.RU. Ltd 🔒 R3 https://twitter.com/phishunt_io/status/1528046334934147073/photo/1 2022-05-21 16:13:30
64 infosec_jcp 👀👇Watch this graph:👇👀 https://www.virustotal.com/gui/url/9c333eb5de979df6813a6b93f4019f31b7c2cc49cf407d4969ff1fc407a731f8/summary #2015HackedFinFisher #FinFisher #FinSpy #Finsky #SSM™ #StateSponsoredMalware™ http://FinFisher.com website offline since 03-18-2022 #VirusTotal #FinFisherCom 💀👇⚰️🦈⚰️🦈⚰️🦈👇💀 https://www.virustotal.com/gui/url/9c333eb5de979df6813a6b93f4019f31b7c2cc49cf407d4969ff1fc407a731f8/summary 2022-05-21 16:06:29
65 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/363808e54482dfb192d43648a7676be80d4374e3ed43682cc2d8bdefbd7b9e84/detection/f-363808e54482dfb192d43648a7676be80d4374e3ed43682cc2d8bdefbd7b9e84-1588207027 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 15:30:02
66 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://gumi-repair.iptime.org/wordpress/qrkL1zS36aRe6yk/ hxxps://kingkongpizza.ru/fonts/sFUY3/ 2022-05-21 14:39:43
67 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxps://karimexpress.ma/cronHelper/Pwbq/ hxxps://kingmode.ir/wp-admin/VKuUS10kNpfiLRwQEXN/ hxxp://kwinglobal.dothome.co.kr/inc/TbUvEBJ/ 2022-05-21 14:39:42
68 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 48 VirusTotal: https://www.virustotal.com/gui/file/6c82013032eab92ebe508eeafc725189533510eb42226c79674c2a180a1620fd/detection/f-6c82013032eab92ebe508eeafc725189533510eb42226c79674c2a180a1620fd-1650553975 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 14:25:02
69 yvesago #phishing @amazon s://vosariclesexpress.suspemessageriedesurgences.com/messageries/synchonisation/ VIA p://cuires.bisemortelsmodelesdedemain.com/ ping @malwrhunterteam @PhishStats https://twitter.com/yvesago/status/1528014532727169024/photo/1 2022-05-21 14:07:08
70 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/1919cbc264a1b31f79dcf3e4ebee5912e855f2d48b71486c7334c9d1ef70dc72/detection/f-1919cbc264a1b31f79dcf3e4ebee5912e855f2d48b71486c7334c9d1ef70dc72-1594371325 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 13:40:02
71 petrovic082 #bumblebee https://www.virustotal.com/gui/file/0f78561577ce1a5ab8b98634fb9b2ff0392e173fb354e3625f6bab53e0f28b05 2022-05-21 13:26:51
72 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 14 VirusTotal: https://www.virustotal.com/gui/file/2ac6f911e2d93d6269edf364b0c6e21bf822040e495711375ef8a61c7d9c9ca3/detection/f-2ac6f911e2d93d6269edf364b0c6e21bf822040e495711375ef8a61c7d9c9ca3-1653124364 Threat: Possible_SMSHELLDLOAD1 (TrendMicro) 2022-05-21 12:55:03
73 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968/detection/f-b0f677d8c8efc32a2cc86e5af2b266575f2fd4a24d82898ca75193cda5cb7968-1638478064 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 12:55:02
74 TaWeststrate IPv4: 3.33.136.22 - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/ip/3.33.136.22 2022-05-21 12:35:14
75 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/f18ff12529c790e31c0c8e853acc17894826c76c2d50ac854cab3f194809eee9/detection/f-f18ff12529c790e31c0c8e853acc17894826c76c2d50ac854cab3f194809eee9-1651827618 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 12:35:02
76 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/5b4f44b3f4cf218b37c5dd83f2944edde2e64d6d730ddc1fd92800062158bc9f/detection/f-5b4f44b3f4cf218b37c5dd83f2944edde2e64d6d730ddc1fd92800062158bc9f-1650554213 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 12:25:02
77 phishunt_io #NewPhishing | #phishing #scam 🔗 /confirm.santander.device84.com/ 🚩 34.118.0.86 ☁ GOOGLE-CLOUD-PLATFORM 🔒 R3 https://twitter.com/phishunt_io/status/1527985647235084288/photo/1 2022-05-21 12:12:21
78 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/4a790d4054c1e835069731f71cc4c2a77b4e8279011a7939c0d2da8422b55af5/detection/f-4a790d4054c1e835069731f71cc4c2a77b4e8279011a7939c0d2da8422b55af5-1583210788 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 10:50:02
79 Certego_Intel #Covid19 #Spam #Suspicious Domain: chillerfeilds.click VirusTotal: https://www.virustotal.com/gui/domain/chillerfeilds.click #CyberSecurity #ThreatIntel (bot generated) 2022-05-21 10:25:27
80 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 40 VirusTotal: https://www.virustotal.com/gui/file/15b6b5499fdc0a336f332b9db70f1ead3a12eb068d1ff4cc4fe120e8868ba8d5/detection/f-15b6b5499fdc0a336f332b9db70f1ead3a12eb068d1ff4cc4fe120e8868ba8d5-1652562652 Threat: Possible_MIRAI.SMLBO22 (TrendMicro) 2022-05-21 09:30:03
81 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/a647ec9eb47f2091759a94ed59281e159f57c627d24cbcc68c13a187a7bfad73/detection/f-a647ec9eb47f2091759a94ed59281e159f57c627d24cbcc68c13a187a7bfad73-1650556543 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 09:30:02
82 micham Bunch of #phishing pages targeting @MastercardJP Be safe! https://www.phishtank.com/phish_detail.php?phish_id= 7522728 https://www.virustotal.com/gui/url/0f0496c7ef7b901be9ccedb8445bf97e77c7476e889b1155c345d773afcf9d54 https://twitter.com/micham/status/1527943508891676672/photo/1 2022-05-21 09:24:54
83 micham Fresh #email arrival from tk2-107-54724.vs.sakura.ne.jp @sakura_pr @sakura_ope @sakura_server (153.121.36.228🇯🇵) leading to a bunch of #phishing pages targeting @AEONCARD_jp Be safe! https://www.phishtank.com/phish_detail.php?phish_id= 7522718 https://www.virustotal.com/gui/url/d7a3b6a43ba0f5d7277e9396dab0262f60d6c8281f05f7c1d1d141374a0c83c2 https://twitter.com/micham/status/1527941451593969664/photo/1 2022-05-21 09:16:44
84 techworldaleant App Android da disinstallare. contiene #malware https://play.google.com/store/apps/details?id= com.unpdf.scan.read.docscanuniver (10000 installazioni) https://www.virustotal.com/gui/file/9c058c415565f34dd8bec6549efccf39845c6bbf0e5e137510918daa5ae17098/detection https://twitter.com/ReBensk/status/1527862269308043265 https://twitter.com/techworldaleant/status/1527938591657275398/photo/1 2022-05-21 09:05:22
85 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/617a13a18f98bc180121653be6716e27fb2921ceca4af65c3f226955a1da4345/detection/f-617a13a18f98bc180121653be6716e27fb2921ceca4af65c3f226955a1da4345-1650556508 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 08:35:02
86 Certego_Intel #Covid19 #CertStream #Suspicious Domain: www.www.www.www.www.www.www.covid19.teimladhoodz.info VirusTotal: https://www.virustotal.com/gui/domain/www.www.www.www.www.www.www.covid19.teimladhoodz.info #CyberSecurity #ThreatIntel (bot generated) 2022-05-21 08:25:27
87 dorkingbeauty1 190.2.139.23. https://www.virustotal.com/graph/embed/g05c39149a58340b9ad76f2b702fabf8f3dba743574a14e50a456f0163b6721a3 2022-05-21 08:16:57
88 phishunt_io #NewPhishing | #phishing #scam 🔗 /appintesa-check.me/ 🚩 199.188.200.4 ☁ NAMECHEAP-NET 🔒 Sectigo RSA Domain Validation Secure Server CA https://twitter.com/phishunt_io/status/1527924784708956160/photo/1 2022-05-21 08:10:30
89 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/aff98acfd0aef3559852a389511f6e6ecafed3d2e89312be102b719d9ff7efb1/detection/f-aff98acfd0aef3559852a389511f6e6ecafed3d2e89312be102b719d9ff7efb1-1653034875 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 07:25:02
90 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/418075b0fe4f85b9e8d5aa095ffaa5df8261683af29be1cc64e3696b5b3f2b79/detection/f-418075b0fe4f85b9e8d5aa095ffaa5df8261683af29be1cc64e3696b5b3f2b79-1638481626 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 06:45:02
91 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/04fc2210495ae6757aa3e4207adb40a962814f9e3959898b65342642e341bb66/detection/f-04fc2210495ae6757aa3e4207adb40a962814f9e3959898b65342642e341bb66-1650556308 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 06:35:02
92 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/c0af5be3062f93921ab7dfa8544c5b4b35c65cfbe56b0e1fb2234db8d1446a69/detection/f-c0af5be3062f93921ab7dfa8544c5b4b35c65cfbe56b0e1fb2234db8d1446a69-1640727092 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 06:20:01
93 500mk500 @ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @JAMESWT_MHT @ni_fi_70 B: https://bazaar.abuse.ch/sample/9c058c415565f34dd8bec6549efccf39845c6bbf0e5e137510918daa5ae17098/ V: https://www.virustotal.com/gui/file/9c058c415565f34dd8bec6549efccf39845c6bbf0e5e137510918daa5ae17098/detection 2022-05-21 05:49:02
94 satontonton しばらく呟いてませんでしたが #Emotet は日々届いてますね。 ■件名 (受信者表示名) Re: (受信者表示名) RE:(過去メール件名) MIME-Version: 1.0 ■ファイル名 2022-05-20_hhmm.zip (アドレスドメイン).zip (アドレスドメイン)_Form.zip zipの中身はlnkやxls triage: https://tria.ge/220521-fgcxmsaac5 2022-05-21 04:59:12
95 micham Today's #email arrival from 119.112.206.34🇨🇳 leading to an @AmazonJP #phishing page at amazon.co-jp.info. Be safe! https://www.phishtank.com/phish_detail.php?phish_id= 7522681 https://www.virustotal.com/gui/url/7353fc6e8673302721053fecf9009f02bf97dd99cc59674094990c787e008742 https://twitter.com/micham/status/1527870389489369088/photo/1 2022-05-21 04:34:21
96 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/64bb708b31b4b043018457c1098465ea83da7d6408c7029b2f68c333fc25891c/detection/f-64bb708b31b4b043018457c1098465ea83da7d6408c7029b2f68c333fc25891c-1653049818 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 03:45:02
97 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/5ae2fd4d5a9f9f8d274861fdefc40459e4fab67f15aadf8934501f73f3d9b502/detection/f-5ae2fd4d5a9f9f8d274861fdefc40459e4fab67f15aadf8934501f73f3d9b502-1615766195 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 03:25:02
98 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/54cd349fb5bbba78d7d4801e01a4b8be7a254beae606341c43908a0b3fd1cda9/detection/f-54cd349fb5bbba78d7d4801e01a4b8be7a254beae606341c43908a0b3fd1cda9-1648550925 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 03:15:03
99 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/973067dbc6c657462841d7b41c6828809060aef7b35cbb4f1cfdb21e304f667c/detection/f-973067dbc6c657462841d7b41c6828809060aef7b35cbb4f1cfdb21e304f667c-1593995723 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 01:40:03
100 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/25b7e641f8b6ae7f2c90520e00c2d0b9fccc0f12d2ec3065f8d3bd1a5915b1e0/detection/f-25b7e641f8b6ae7f2c90520e00c2d0b9fccc0f12d2ec3065f8d3bd1a5915b1e0-1652289318 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-21 01:35:03
101 TaWeststrate Domain: http://google.net - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/google.net 2022-05-21 00:20:16
102 phishunt_io #NewPhishing | #phishing #scam 🔗 /hotmailer.is/ 🚩 193.169.253.161 ☁ sprint S.A. 🔒 R3 https://twitter.com/phishunt_io/status/1527803423445372928/photo/1 2022-05-21 00:08:16
103 DidierStevens @GootLoaderSites This is the URL I extracted from that file: https://www.virustotal.com/gui/url/2e241e277de700ac551806d2855b34c8429cd8c1cd49f97e3cf9308fdf62ea6f 2022-05-20 23:02:48
104 GootLoaderSites @DidierStevens Here is most recent example https://www.virustotal.com/gui/file/10aeaaa563015ffbfb7cb69b5227a27a54986656c8e44b44f2d2492bfbcdb9f3?nocache= 1 2022-05-20 22:51:32
105 abel1ma 5月21日もEmotetへの感染を狙ったメールのばらまきが継続しています epoch4 .xls https://tria.ge/220520-1vhehaecf9 ModifyDate:2022-05-20 15:15:56 .lnk https://tria.ge/220520-15plkaefe7 epoch5 .xls https://tria.ge/220520-1d5tgahaaj 2022-05-20 15:34:57 https://tria.ge/220520-16n2esega9 2022-05-20 07:48:01 2022-05-20 22:27:55
106 h2jazi #Patchwork #APT save.xlsm a52e4eeb2bf7f1bfdac3e3c0673ece5f Template: "Federal Board of Revenue- Government of Pakistan" #Quasar: icon.db (Printer.dll) b4864ef86be2c148c18b1a960f3ca3fc Executes the payload as service using svchost.exe -knetsvcs related: https://twitter.com/__0XYC__/status/1517466726740512770 https://twitter.com/h2jazi/status/1527759554691334148/photo/1 2022-05-20 21:13:56
107 Cryptolaemus1 new Emotet E5 urls detected. DLL (1/2) hxxps://www.berekethaber.com/hatax/fovLaro/ hxxps://bosny.com/aspnet_client/ErI5F74cwiiOywe/ hxxp://www.cesasin.com.ar/administrator/HC46kHDUSYN305GglCP/ 2022-05-20 20:34:57
108 Cryptolaemus1 new Emotet E5 urls detected. DLL (2/2) hxxps://bencevendeghaz.hu/wp-includes/tXQBsglNOIsunk/ 2022-05-20 20:34:57
109 MrCl0wnLab REF: > https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux > https://www.virustotal.com/gui/file/137edba65b32868fbf557c07469888e7104d44911cd589190f53f6900d1f3dfb/details > https://www.virustotal.com/gui/file/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45/detection > https://pepy.tech/project/pymafka > https://pykafka.readthedocs.io/en/latest/ > https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike > https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-29th-2022-new-operations-emerge/ > https://pris.com.br/blog/cybersquatting-e-typosquatting-pirataria-no-meio-digital/ 2022-05-20 20:23:42
110 phishunt_io #NewPhishing | #phishing #scam 🔗 /office365.sydneyboatshow.com.au/ 🚩 175.45.129.5 ☁ IPNG 🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1527742421576163329/photo/1 2022-05-20 20:05:52
111 angel11VR @intel can you please confirm that this b8f8ddaba5754af65c9b7c762d69e1b2bd3702307c41589977759d813bf78635 pyinstaller exe is part of your legit software ? https://www.virustotal.com/gui/file/b8f8ddaba5754af65c9b7c762d69e1b2bd3702307c41589977759d813bf78635/details 2022-05-20 19:52:42
112 HenkPoley @Namecheap Could you investigate this? https://urlscan.io/search/#domain%3Amulti-chat-platform.com That domain is the central hub for a large romance scamnetwork. And the domain is hosted by you 🙏 Lots more here. some also on Namecheap: https://www.virustotal.com/gui/collection/50a498f00563ed35c620a3774c806e61c76882f0e8c9062cc54c249c20f6f82b Gets spammed by generated Gmail/Hotmail accounts. 2022-05-20 16:14:07
113 phishunt_io #NewPhishing | #phishing #scam 🔗 /amazonzyw36.vip/ 🚩 23.224.25.234 ☁ CNSERVERS 🔒 R3 https://twitter.com/phishunt_io/status/1527680384615448578/photo/1 2022-05-20 15:59:21
114 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/ 2022-05-20 15:55:47
115 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxp://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ hxxp://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/ hxxps://airliftlimo.com/wp-admin/iMc/ 2022-05-20 15:55:47
116 phishunt_io #NewPhishing | #phishing #scam 🔗 /microsoftrussia.com/ 🚩 37.140.192.170 ☁ Domain names registrar http://REG.RU. Ltd 🔒 R3 https://twitter.com/phishunt_io/status/1527671894626926592/photo/1 2022-05-20 15:25:37
117 TaWeststrate Hostname: http://a.root-servers.net - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/hostname/a.root-servers.net 2022-05-20 15:16:05
118 Cryptolaemus1 new Emotet E5 urls detected. DLL (2/2) hxxp://www.pjesacac.com/components/O93XXhMN3tOtTlV/ 2022-05-20 14:47:51
119 Cryptolaemus1 new Emotet E5 urls detected. DLL (1/2) hxxp://www.clasite.com/blogs/IEEsyn/ hxxps://oncrete-egy.com/wp-content/V6Igzw8/ hxxp://opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/ 2022-05-20 14:47:51
120 infosec_jcp @NerdShinobi Dig In: 👇 https://play.google.com/store/apps/details?id= com.sprint.ms.smf.services 😲😲😲😲👍🤷‍♂️👇👇👇👇 #CarrierHub https://www.virustotal.com/graph/embed/g49710ca169254d56a53d6129cf550d7018108a59b14e4e61ab271611a6c1e4dd 2022-05-20 14:29:39
121 Malwar3Ninja http://Threatview.io🌀🎣Proactive hunter identified 1667 potential #Phishing / #malicious domain between 01 April - 19 May added in our feeds & on #virustotal collection👇 #scam #cybersecurity #ThreatIntel h/t: @James_inthe_box @malwrhunterteam https://www.virustotal.com/gui/collection/60b0843cebfcd4df6ade69e8bc30508059ed2476a9c9633b1ef7d7122dd2792b https://twitter.com/Malwar3Ninja/status/1527643998910676993/photo/1 2022-05-20 13:34:46
122 500mk500 C2: allapks.online Samples: 1 https://www.virustotal.com/gui/file/642b8bd970d0c035f6b861c0251fc8d0cc941c30fddb93b67f61fa540593b470/detection 2 https://www.virustotal.com/gui/file/dee63434b13911450a54cb6df057f45589cdfaecea2cf30fd3ab06620c0132af/detection 3 https://www.virustotal.com/gui/file/5092fb08941f45b11df3147ca9f16c15339271e91e717244d5158952ce9fa669/detection */aus_888a/api/api.php */green_888a/api/api.php */pink_888a/api/api.php #Android #Bankbot https://twitter.com/malwrhunterteam/status/1527637165827579904 2022-05-20 13:28:09
123 500mk500 Despite on being from 2019. very modestly detected #Ursnif domains busemedgan.com hutorescag.com vorimusesa.com 1 https://www.virustotal.com/gui/domain/busemedgan.com/detection 2 https://www.virustotal.com/gui/domain/hutorescag.com/detection 3 https://www.virustotal.com/gui/domain/vorimusesa.com/detection Samples: 1 https://www.virustotal.com/gui/file/36c13521e2c5ac68d729ac2030bbfc1fd48d3e16df660d495e161dd506b9a821/detection 2 https://www.virustotal.com/gui/file/056d2b0241aeae0dc3c58ef6a742775c5da75b9bbeb4c196d3c6e0e3d3838de9/detection https://twitter.com/500mk500/status/1527636142782308352/photo/1 2022-05-20 13:03:33
124 JAMESWT_MHT @ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @500mk500 @ni_fi_70 Mentioned #Joker #Android Sample VT https://www.virustotal.com/gui/file/f280014426edf49d760864029f678cb53760029d02ce8b2965976258c8ece919?nocache= 1 Bazaar https://bazaar.abuse.ch/sample/f280014426edf49d760864029f678cb53760029d02ce8b2965976258c8ece919/ 2022-05-20 12:47:27
125 chesh_be_ra @roshankei @Ziya_Sadr https://www.virustotal.com/gui/url/cd6633a141741bae819747919937b71002932da9d6113ef7c651d10f19411db3 این هم نتیجه تست این برنامه که 30از30 انتی ویروس پاک تشخیصش دادند 2022-05-20 11:11:52
126 Certego_Intel #Malware #SMSspy #Blocklist Domain: omidkhan.herokuapp.com VirusTotal: https://www.virustotal.com/gui/domain/omidkhan.herokuapp.com #CyberSecurity #ThreatIntel (bot generated) 2022-05-20 10:25:27
127 cyberwar_15 #북한 #NorthKorea https://www.boannews.com/media/view.asp?idx= 106924 b12a75528991e03b61e0bd1ea4688ddd https://twitter.com/cyberwar_15/status/1527596225205514240/photo/1 2022-05-20 10:24:56
128 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxp://yamada-shoshi.main.jp/yamada-shoshi/V61hH/ hxxps://bpsjambi.id/about/VPe69A9Tk/ hxxp://pacemaker.cd/images/Xc/ 2022-05-20 09:09:13
129 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://marmaris.com.br/wp-admin/2cfpSuAH/ hxxp://masidiomas.com/D4WStats/GAhmgvhLgUn6/ hxxp://mandom.co.id/assets/TpIIt7SmNBsWCECLoHrS/ 2022-05-20 09:09:13
130 Lvanoel https://www.security.nl/posting/754236/Belgische+ziekenhuizen+annuleren+operaties+wegens+ransomware-aanval Triest. 2022-05-20 08:58:50
131 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxps://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/ hxxp://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/ hxxp://masyuk.com/581voyze/MlX/ 2022-05-20 08:26:47
132 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/ 2022-05-20 08:26:47
133 500mk500 @ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @JAMESWT_MHT @ni_fi_70 B: https://bazaar.abuse.ch/sample/ffb1ed3b567996567a76e5d640bfddcdea8c659addc3d656da05bf5350fecfac/ V: https://www.virustotal.com/gui/file/ffb1ed3b567996567a76e5d640bfddcdea8c659addc3d656da05bf5350fecfac/detection 2022-05-20 08:23:24
134 500mk500 @ReBensk @malwrhunterteam @cryptax @LukasStefanko @bl4ckh0l3z @JAMESWT_MHT @ni_fi_70 B: https://bazaar.abuse.ch/sample/c679455265d1632f6a2665ec5fd644db47a3d633abadc3c63b1097c096affaf6/ V: https://www.virustotal.com/gui/file/c679455265d1632f6a2665ec5fd644db47a3d633abadc3c63b1097c096affaf6/detection 2022-05-20 08:20:33
135 JAMESWT_MHT IP 154.56.0.221 Relation #Aenjaris samples👇👇👇 https://bazaar.abuse.ch/browse/tag/Aenjaris/ ⚡️ https://analyze.intezer.com/analyses/2eb889a5-82fa-46c3-a6b9-d7bd5a8deb78 https://twitter.com/pr0xylife/status/1527356211053547529 https://twitter.com/JAMESWT_MHT/status/1527559451196149765/photo/1 2022-05-20 07:58:48
136 Slvlombardo idem🔎 https://bazaar.abuse.ch/sample/d642109e621c6758027c2fc0e5ea3d1126963a001ab1858b95f82e09403943bd https://twitter.com/Slvlombardo/status/1527553261926076417/photo/1 2022-05-20 07:34:12
137 exia_han This site which fraud user to allow it to send notifications has been exist for a long time but it seems only a few sec vendor's mark it as malicious/Adware. https://www.virustotal.com/gui/url/d2ce8356281c170d7b020739f10672dd30a5f6b4f2687fee6a8021509834d4a3 https://twitter.com/exia_han/status/1527552658151596035/photo/1 2022-05-20 07:31:48
138 Cryptolaemus1 new Emotet E5 urls detected. DLL (2/2) hxxp://milanstaffing.com/images/D4TRnDubF/ 2022-05-20 07:07:55
139 Cryptolaemus1 new Emotet E5 urls detected. DLL (1/2) hxxp://learnviaonline.com/wp-admin/qGb/ hxxp://kolejleri.com/wp-admin/REvup/ hxxp://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/ 2022-05-20 07:07:55
140 pcrisk ZareuS Ransomware; Extension: .ZareuS; Ransom note: HELP_DECRYPT_YOUR_FILES.txt https://www.virustotal.com/gui/file/0efd6b49298d740f611298d8b0091dd1b6673b0e25cc1e968c049e1d72514261/detection @Amigo_A_ @LawrenceAbrams @demonslay335 @struppigel @JakubKroustek 2022-05-20 06:41:26
141 bad_packets Mass scanning activity detected from 2.56.11.65 (🇩🇪) targeting F5 BIG-IP iControl REST endpoints vulnerable to unauthenticated remote code execution (CVE-2022-1388). #threatintel 2022-05-20 02:33:41
142 bomccss 2022/05/20(金) 引き続き #Emotet E4/E5からメール送信されています。 E4 返信型、偽装返信型 パスワード付きzip->lnk添付 パスワード付きzip->xls . xls の添付 https://tria.ge/220519-3nd5lsfgcj E5 返信型、定形型 パスワード付きzip->lnk パスワード付きzip->xls . xls の添付 https://tria.ge/220519-3l24nadaf4 https://twitter.com/bomccss/status/1527436023139287041/photo/1 2022-05-19 23:48:20
143 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/1fa15eed4a393e57285fafed8bb058fb3982fc9cf8f1d4897e81fbed60b09d4e/detection/f-1fa15eed4a393e57285fafed8bb058fb3982fc9cf8f1d4897e81fbed60b09d4e-1527580027 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 22:55:02
144 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/fafbd3cda44ffbab47c7b9c18922cf5e7800b9649f7f26a0d732bb2cbb132723/detection/f-fafbd3cda44ffbab47c7b9c18922cf5e7800b9649f7f26a0d732bb2cbb132723-1639561878 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 22:40:02
145 abel1ma 5月20日もEmotetへの感染を狙ったメールがばらまかれています epoch4 lnk https://tria.ge/220519-yqcbksebel https://tria.ge/220519-2ck84sfcan xls https://tria.ge/220519-ypm2paebdq ModifyDate:2022:05:19 13:28:48 https://tria.ge/220519-13f7eafahq 2022:05:19 21:08:10 epoch5 xls https://tria.ge/220519-yqx82sebfn 2022:05:19 16:58:23 2022-05-19 22:31:11
146 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 22 VirusTotal: https://www.virustotal.com/gui/file/b89b7700cb4013353dcddb27c59e4e8faaea7dc6bea54c654129aec416098841/detection/f-b89b7700cb4013353dcddb27c59e4e8faaea7dc6bea54c654129aec416098841-1652974167 Threat: ELF_MIRAILOD.SM (TrendMicro) 2022-05-19 22:05:02
147 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/ef9653c4e35f603477d39da1f1dd7333ad82c0ff0f869b86022fe45a6d333ece/detection/f-ef9653c4e35f603477d39da1f1dd7333ad82c0ff0f869b86022fe45a6d333ece-1567604628 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 21:55:03
148 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://ncia.dothome.co.kr/wp-includes/lu7JbjX8XL1KaD/ hxxp://piffl.com/piffl.com/a/ hxxp://digitalkitchen.jp/images/PVn/ 2022-05-19 21:36:38
149 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxp://www.jsonsintl.com/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/ hxxp://cmentarz.5v.pl/themes/zalMkTb/ hxxps://nakharinitwebhosting.com/HSDYKN1X5GLF/ 2022-05-19 21:36:37
150 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxps://microlent.com/admin/3/ hxxp://kuluckaci.com/yarisma/cgi-bin/aIuI4Ukdtl730sP1F/ hxxp://mcapublicschool.com/Achievements/r4psv/ 2022-05-19 21:24:47
151 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://moorworld.com/aspnet_client/fTDJOdTa1USKl43wFtnb/ 2022-05-19 21:24:47
152 TaWeststrate Domain: http://paypalcorp.com - AlienVault - Open Threat Exchange https://otx.alienvault.com/indicator/domain/paypalcorp.com 2022-05-19 21:21:56
153 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/e59a71ee7be3f49136ad564b3d8efcb2b4496df65e12b12973c213523bbabada/detection/f-e59a71ee7be3f49136ad564b3d8efcb2b4496df65e12b12973c213523bbabada-1650556383 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 20:50:02
154 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/2dedd1eaac27cf0fbe315bafffa8ee7600185a57b463db9f3846c7200d40b6de/detection/f-2dedd1eaac27cf0fbe315bafffa8ee7600185a57b463db9f3846c7200d40b6de-1622418097 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 20:30:02
155 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/b6c08aff47a8949e77b05eb6485678d070c49ed8f3c12f8af568d855c954fd37/detection/f-b6c08aff47a8949e77b05eb6485678d070c49ed8f3c12f8af568d855c954fd37-1650556984 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 19:25:02
156 Cryptolaemus1 new Emotet E5 urls detected. DLL (1/2) hxxps://www.megakonferans.com/wp-admin/Xzz08i514NBrg/ hxxps://noronhalanches.com.br/cgi-bin/xixssuML9NOJO9/ hxxp://myqservice.com.ar/wp-includes/UamQky9H9rSyN7CWdue/ 2022-05-19 19:01:51
157 Cryptolaemus1 new Emotet E5 urls detected. DLL (2/2) hxxp://nerz.net/stats/TXGRpKb/ 2022-05-19 19:01:51
158 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/3523eaea635d4f782c31bddf9faa325b926c7cd6248ba5472c3742c8d136d99c/detection/f-3523eaea635d4f782c31bddf9faa325b926c7cd6248ba5472c3742c8d136d99c-1628661317 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 18:35:02
159 pr0xylife #Bumblebee - url > .iso > .lnk > .dll rundll32.exe tamirlan.dll.EdHVntqdWt https://bazaar.abuse.ch/sample/11bce4f2dcdc2c1992fddefb109e3ddad384b5171786a1daaddadc83be25f355/ https://bazaar.abuse.ch/sample/123f96ff0a583d507439f79033ba4f5aa28cf43c5f2c093ac2445aaebdcfd31b/ c2's 154.56.0.221:443 64.44.101.250:443 103.175.16.117:443 https://twitter.com/pr0xylife/status/1527356211053547529/photo/1 2022-05-19 18:31:12
160 k3dg3 This #Bumblebee was more fun. Email -> 1drv link -> OneDrive hosted ISO. The DLL is compressed and pass-protected inside of the ISO. instead of the iso being pass-protected. Uses #PowerShell to pass the pass (: https://bazaar.abuse.ch/sample/5fa56c3c2cc2b06792ce65be87efd3930d66d8d80791ddc76204f841ac261f43/ https://twitter.com/k3dg3/status/1527348294833565696/photo/1 2022-05-19 17:59:44
161 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 53 VirusTotal: https://www.virustotal.com/gui/file/9df4c8ab9148e3896eb8404f8ffc66db8dbee6cd1f9e57903928c5ae5dd56afb/detection/f-9df4c8ab9148e3896eb8404f8ffc66db8dbee6cd1f9e57903928c5ae5dd56afb-1620067802 Threat: TROJ_WEBDOWN.THEOIAH (TrendMicro) 2022-05-19 17:45:02
162 amitaiz 2. לדעתי לפתוח במובייל זה סוג של (סוג של!) סנד בוקס. או נאמר אחרת. הסיכוי לנזק יותר קטן מאשר ב-PC. 3. אפשר לגגל את האתר ולראות אם הוא נראה לג'יט. 4. אפשר להשתמש בהרבה אתרים של URL ריפוטיישן. כמו וירוס טוטאל או במקרה שלנו הנה הסריקה: https://www.virustotal.com/gui/url/9be3d833dd033871763f889d07e62e35e1ca95aefdc8707489bd98b5055323fe 2022-05-19 17:27:58
163 f1rstm4tter hxxp://23.95.52.191/onye/ hxxps://gg-l.xyz/BlZch 198.199.122.148 https://app.any.run/tasks/de4404e7-fee8-4ad6-9bd0-2b3911b4eda3 @ColoCrossing malware hosted @digitalocean ns for domain @GoDaddyHelp registrar 2022-05-19 17:11:38
164 h2jazi An old sample of #TransparentTribe has submitted to VT today: 7f3d3a055ecb5a6f787b0afbd373af88 Paper for Review.doc millitarytocorp.com It seems they got bored and did some artworks in their macro :) https://twitter.com/h2jazi/status/1527331543206617101/photo/1 2022-05-19 16:53:11
165 Nihilisme10 My new fav tweet: ℹ️ New functionality added to #Colibri Loader: Hypervisor Detection Technique: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/feature-discovery Sample: https://www.virustotal.com/gui/file/45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e https://twitter.com/MBThreatIntel/status/1511414110394613760 https://twitter.com/MBThreatIntel/status/1527317885143592962/photo/1 — Malwarebytes Threat Intelligence (@MBThreatIntel) May 19. 2022 ℹ️ Ne… 2022-05-19 16:50:37
166 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/7819a4c18580491fa1806b3969064f809afda15426bb2046e2a02dbb440c55d0/detection/f-7819a4c18580491fa1806b3969064f809afda15426bb2046e2a02dbb440c55d0-1578305084 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 16:40:04
167 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/5554c10bcf7bcbeeea4df84e59c5df6375fdbebd5a7de64fb7fa80608cd1d6a3/detection/f-5554c10bcf7bcbeeea4df84e59c5df6375fdbebd5a7de64fb7fa80608cd1d6a3-1583740421 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 16:10:02
168 elfdigest Active IoT #botnet URL: 194.31.98.232/notabotnet domains: http://urlhaus.abuse.ch Port Scanning: 2323.23.60001.5500.5501.443.80.8081.37215 arch: arm AvClass2: linux|10.mirai|7.server|2.backdoor|2 analysis: https://bit.ly/3lsKZai 2022-05-19 16:04:03
169 MBThreatIntel ℹ️ New functionality added to #Colibri Loader: Hypervisor Detection Technique: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/feature-discovery Sample: https://www.virustotal.com/gui/file/45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e https://twitter.com/MBThreatIntel/status/1511414110394613760 https://twitter.com/MBThreatIntel/status/1527317885143592962/photo/1 2022-05-19 15:58:54
170 Cryptolaemus1 new Emotet E5 urls detected. DLL (2/2) hxxp://muhsinsirim.com/cgi-bin/Vt2umvq3ufyBZZWR2HZ/ 2022-05-19 15:39:17
171 Cryptolaemus1 new Emotet E5 urls detected. DLL (1/2) hxxps://neoexc.com/cgi-bin/gOTeFmMuXhfsGqDl/ hxxp://mythicpeak.com/wp-includes/zGWQ9q3QsWU/ hxxp://demo-re-usables.inertiasoft.net/cgi-bin/z1CD/ 2022-05-19 15:39:17
172 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 68 VirusTotal: https://www.virustotal.com/gui/file/ee6512a174783fa2aeebc807b0f13e2297bbc667e4cba6bc4c84e787a1b787be/detection/f-ee6512a174783fa2aeebc807b0f13e2297bbc667e4cba6bc4c84e787a1b787be-1588570733 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 15:30:03
173 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxp://natdemo.natrixsoftware.com/wp-admin/B1bA/ hxxp://norbealun.id.au/images/ZL8/ hxxp://napolilovemark.com/Re9e27V3Kd/PQFv/ 2022-05-19 15:06:23
174 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxps://nordicbysight.se/wp-admin/kdFrWJ4/ hxxp://p236119.webspaceconfig.de/wordpress/7/ 2022-05-19 15:06:23
175 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://omeryener.com.tr/wp-admin/oakwcoWufii0JR89G/ 2022-05-19 14:56:35
176 Cryptolaemus1 new Emotet E4 urls detected. DLL (1/2) hxxps://nandonikwebdesign.com/OWs/ hxxps://gelish.com/email-hog/YXaPiWbFMKT/ hxxp://nutensport-wezep.nl/wp-includes/QyezZmBmTL8AulMVv0oh/ 2022-05-19 14:56:35
177 JAMESWT_MHT "Rv: POSTA CERTIFICATA: avviso ai fornitori - ordini via NSO" spam email from stolen conversation spread #emotet #heodo #epoch4 Xls https://bazaar.abuse.ch/sample/67d84182f4307c392d4e7c55156211d5fc456b4d3ff86e99b86eb4e21c68b976 Dll https://bazaar.abuse.ch/sample/95d0519cec69e64ac5cc72d2b1e9f57bbf67606a90eacc451ec63d6e841e48d4/ Dll Urls https://urlhaus.abuse.ch/browse/tag/emotet https://twitter.com/JAMESWT_MHT/status/1527288531390910465/photo/1 2022-05-19 14:02:16
178 500mk500 Currently very modest detection for domains powerdust.digital restoreuseroffers-api.com (rather rich for various doc-downloaders' connections). E.g.: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/behavior/C2AE https://twitter.com/500mk500/status/1527286864066932738/photo/1 2022-05-19 13:55:38
179 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/464e7eba3b108d5e2345dba64a301cae607ade4f3854bb067a506166706794d8/detection/f-464e7eba3b108d5e2345dba64a301cae607ade4f3854bb067a506166706794d8-1650556720 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 13:55:02
180 podalirius_ #thread 🧵(3/4) For 'CVE-2022-24500': This CVE is supposed to be a Windows SMB Remote Code Execution Vulnerability. But instead this .exe drops a beacon and connects back to a command and control server. https://www.virustotal.com/gui/file/6c676773700c1de750c3f8767dbce9106317396d66a004aabbdd29882435d5e0/community https://twitter.com/podalirius_/status/1527286349090414592/photo/1 2022-05-19 13:53:35
181 podalirius_ #thread 🧵(2/4) For 'CVE-2022-26809': This CVE is supposed to be a Remote Procedure Call Runtime Remote Code Execution Vulnerability. But instead this .exe drops a beacon and connects back to a command and control server. https://www.virustotal.com/gui/file/fa78d114e4dfff90a3e4ba8c0a60f8aa95745c26cc4681340e4fda79234026fd/community https://twitter.com/podalirius_/status/1527286344329834496/photo/1 2022-05-19 13:53:34
182 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/292a32c26effedb1eaff4d00ffa2c242b36224c0c7674b6c245d1a657632dffb/detection/f-292a32c26effedb1eaff4d00ffa2c242b36224c0c7674b6c245d1a657632dffb-1618820681 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 13:40:02
183 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/142715871796254e17f1ec8e66b4d00e175ed6d28b56f77859d4c54d8175a916/detection/f-142715871796254e17f1ec8e66b4d00e175ed6d28b56f77859d4c54d8175a916-1579584618 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 13:30:02
184 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/e55ff68c216152b45e9e2a900cc584907c16bfcfdeb5ed6cc83ec227af907661/detection/f-e55ff68c216152b45e9e2a900cc584907c16bfcfdeb5ed6cc83ec227af907661-1650891018 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 13:25:02
185 petrovic082 #Magniber https://www.virustotal.com/gui/file/b3bc117f0242c26f453ca5ebe5ed4ef61ff1e5be9b2f6942ea805464fb8acdcc/ 2022-05-19 13:23:34
186 petrovic082 #Ransomware #pxj https://app.any.run/tasks/3373f768-5440-41e2-87bd-cf9a3fc5817a/ notes: LOOK.txt http://paste.awesom.eu/TruX @Amigo_A_ 2022-05-19 13:19:05
187 kyleehmke Highly likely Parscale/Trump domains that may be set up soon: freedompledge.org greatagain45.com https://twitter.com/kyleehmke/status/1527267123772506114/photo/1 2022-05-19 12:37:12
188 kyleehmke Suspicious domain systemapplicationcertification.com was registered on 5/5 through MonoVM using 9bb97f52@protonmail.com. Currently set to loopback. https://twitter.com/kyleehmke/status/1527264764543520768/photo/1 2022-05-19 12:27:49
189 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/4a1794cc3744912327736d111931c735908839663c49524ca3eb015ca58114aa/detection/f-4a1794cc3744912327736d111931c735908839663c49524ca3eb015ca58114aa-1650554427 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 12:20:02
190 Slvlombardo 🔴#Malspam wave #Emotet #Epoch5 via #SilentBuilder ⚠️#malicious Excel 4.0 Macro 🔎Other sample zip->xls->dll⤵️ https://bazaar.abuse.ch/sample/18e6aa0dd7e7cdfd3f937dac0d917ee9dec0e6a20a4d5ef24c47a45cf53c9862 https://bazaar.abuse.ch/sample/d20690f352b36dac34d6cff24f7e83c496eb6ea6e2a61ab037839dad64fa7bea https://twitter.com/Slvlombardo/status/1527256065385308160/photo/1 2022-05-19 11:53:15
191 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/97df26af59eb3281d408e663ad03a4b035d355b5a61180fc1f56ffad6fa3cb46/detection/f-97df26af59eb3281d408e663ad03a4b035d355b5a61180fc1f56ffad6fa3cb46-1595563544 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 11:50:02
192 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/494604466e33955244c595a8e159b098496645900399d7cb1541adab0458264d/detection/f-494604466e33955244c595a8e159b098496645900399d7cb1541adab0458264d-1639403833 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 11:15:02
193 pr0xylife #Qakbot - AA - url > .zip > .xlsb > .dll CreateDirectory C:\Uduw regsvr32 C:\Uduw\soam1.OCX https://bazaar.abuse.ch/sample/ba11f475804d86f4c7313d87cd962016bdc7b78068c3ac946af4fd62d2403521/ IOC's https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_19.05.2022.txt https://twitter.com/pr0xylife/status/1527237097924485120/photo/1 2022-05-19 10:37:53
194 Certego_Intel #Covid19 #Spam #Suspicious Domain: jordanairfinity.click VirusTotal: https://www.virustotal.com/gui/domain/jordanairfinity.click #CyberSecurity #ThreatIntel (bot generated) 2022-05-19 10:25:26
195 Cryptolaemus1 new Emotet E5 urls detected. DLL (1/2) hxxps://myphamcuatui.com/assets/z1b9YfHoX7Fp/ hxxp://myramark.com/mail/rdhEPylXD8BuTA/ hxxps://myechoproject.com/pitterpatter/bNx/ 2022-05-19 10:21:15
196 Cryptolaemus1 new Emotet E5 urls detected. DLL (2/2) hxxp://mybiscotto.com/images/BDcjQT/ 2022-05-19 10:21:15
197 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/558aa6dc4a8edc327ac35d8cd7a6a63550e94ed2d21670edebfe947bbf8e1552/detection/f-558aa6dc4a8edc327ac35d8cd7a6a63550e94ed2d21670edebfe947bbf8e1552-1650556324 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2022-05-19 10:10:02
198 HoneygainHelp @sevens_heaven Hi. it's a false positive. AS you can see this page is only marked by one antivirus program: https://www.virustotal.com/gui/url/c741eb923723ee21aa50819622cb934d2756efc3aeb6a2a031c54d1a4b715488 2022-05-19 09:56:11
199 yvesago #Phishing s://sites.google.com/view/628woihj/zlmbra-web-client-sign-in post to @TallyForms s://tally.so/r/3EkKd2 ping @malwrhunterteam @PhishStats https://twitter.com/yvesago/status/1527225858087428096/photo/1 2022-05-19 09:53:13
200 Cryptolaemus1 new Emotet E4 urls detected. DLL (2/2) hxxp://oshop.es/test/yLT3Xjra352ky/ 2022-05-19 09:51:21