Last 5 Entries

ID User Tweet Date
1 bad_packets Ongoing mass scanning activity detected from 185.191.32.178 (🇷🇺) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext. #threatintel https://twitter.com/bad_packets/status/1350559265631571974/photo/1 2021-01-16 21:43:15
2 bad_packets Mass scanning activity detected from 141.98.80.242 (🇳🇱) checking for Pulse Secure VPN servers vulnerable to CVE-2019-11510 ( https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2019-11510) and Citrix (NetScaler) Gateway servers vulnerable to CVE-2019-19781 ( https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2019-19781). #threatintel 2021-01-16 21:38:36
3 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/296c669b92f6032a2002e1f6ab7ae6a94812f91a4b14d2f0b828f0349c829e94/detection/f-296c669b92f6032a2002e1f6ab7ae6a94812f91a4b14d2f0b828f0349c829e94-1584798990 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 20:55:02
4 m0rb 2021-01-16T20:49:37 - Commented: https://www.virustotal.com/gui/file/4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7/community #malware #commandinjection 2021-01-16 20:49:37
5 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/59c7cf8afbb46f802800f0e706e80b90cab488604944d4405d866dcd706af857/detection/f-59c7cf8afbb46f802800f0e706e80b90cab488604944d4405d866dcd706af857-1595219450 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 20:20:02
6 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/c1df0bc532a2ffb6155e7ae97605f538a865c1fdb9b2bd06fe60b556779b5f28/detection/f-c1df0bc532a2ffb6155e7ae97605f538a865c1fdb9b2bd06fe60b556779b5f28-1603626506 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2021-01-16 19:40:02
7 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/f7a5371369cb3886a61589f9121697621bc3452d7c6b0d7952127ddd3194c0ef/detection/f-f7a5371369cb3886a61589f9121697621bc3452d7c6b0d7952127ddd3194c0ef-1603255536 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2021-01-16 19:20:02
8 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/b15ea7376fd469464971e286ddf55fcf906aaf0fad00cba2a1e66289822b974a/detection/f-b15ea7376fd469464971e286ddf55fcf906aaf0fad00cba2a1e66289822b974a-1543461238 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 19:20:02
9 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/a177e10ca69610c86846e09458e647cfa004ac50862768e84c5c9d87741466d4/detection/f-a177e10ca69610c86846e09458e647cfa004ac50862768e84c5c9d87741466d4-1587427260 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 19:10:02
10 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/b0bc5542880c2bd6556a7cc8a1b381e9d2dcd95399ef1775d5ed40e4751b4527/detection/f-b0bc5542880c2bd6556a7cc8a1b381e9d2dcd95399ef1775d5ed40e4751b4527-1603634740 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2021-01-16 18:55:02
11 dubstard 100/100 @anyrun_app 🔎 http://app.any.run/tasks/70fc1581-4672-4d74-8a29-32192ff8f75d/ 8/10 @hatching_io 🔎 http://tria.ge/210116-hv1h4ddt6j "verysilent" looks like it is a packaged teamviewer https://twitter.com/dubstard/status/1350515963612028931/photo/1 2021-01-16 18:51:11
12 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/ac1085399cc3c1107980ccb9e54097662eeea8a1397ffeef48df45371683524e/detection/f-ac1085399cc3c1107980ccb9e54097662eeea8a1397ffeef48df45371683524e-1594862374 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 18:50:02
13 BurpBounty @irsdl Hey! As you can see here: https://www.virustotal.com/gui/file/71966d3fd137dfa2bbb70bc7cd5a5ff6acb171a02f092e713d5dc6a78757d5f0/relations Is a "License4J HardwareID Viewer" the license product that I use for the extension :) https://www.license4j.com/ 2021-01-16 18:36:11
14 irsdl Hey @BurpBounty . why does the pro extension creates a temporary executable file in the c:\users\profilename\ and then deletes it? What's the purpose of this file as the free version does not do that? Sample Here: https://www.virustotal.com/gui/file/71966d3fd137dfa2bbb70bc7cd5a5ff6acb171a02f092e713d5dc6a78757d5f0/detection https://twitter.com/irsdl/status/1350510616356810753/photo/1 2021-01-16 18:29:56
15 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/3e5a307015fe66380fd95279f4b68130816564281a742e82c0b527ed09bf4317/detection/f-3e5a307015fe66380fd95279f4b68130816564281a742e82c0b527ed09bf4317-1587815719 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 18:25:02
16 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/16e3da99d0c51b91d0b4d3f3e9f3149b930dbfe529c7b95d5a5e785bb0e7635b/detection/f-16e3da99d0c51b91d0b4d3f3e9f3149b930dbfe529c7b95d5a5e785bb0e7635b-1606428318 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 18:15:03
17 phishunt_io More scams targeting spanish people with @Correos themes. The site is active from weeks ago: /sys-correos.es/es/resolve/solucion/Seleccione_medio_de_resolviendo.php cc @malwrhunterteam @JosepAlbors https://twitter.com/phishunt_io/status/1350503953142841348/photo/1 2021-01-16 18:03:28
18 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/f5537b45126a777856da43e83ec9327ea284cdf85bd7e1ac29d114444f2e8a80/detection/f-f5537b45126a777856da43e83ec9327ea284cdf85bd7e1ac29d114444f2e8a80-1605428123 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 18:00:02
19 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/dea6caee3c3d7250d649069ba620e6416a560a3b439652f563fe6b413b1cf205/detection/f-dea6caee3c3d7250d649069ba620e6416a560a3b439652f563fe6b413b1cf205-1597391485 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 18:00:02
20 luc4m #ursnif #isfb verison:2.50 build:171 group:1100 Q7rywHRSBFNfUtxCDec 21 2020/api1 c2:golang.feel500.at api10.laptok.at eel500.at h/t: @wato_dn https://twitter.com/wato_dn/status/1350002164060438531 https://bazaar.abuse.ch/sample/61774f16549fb39d6d28ea208634bb106294bb2e31e6847d804f74a08a4bc0e2/ @felixw3000 @Mesiagh @James_inthe_box @nao_sec @abuse_ch @malware_traffic https://twitter.com/bomccss/status/1349980970565292032 https://twitter.com/luc4m/status/1350495450865037312/photo/1 2021-01-16 17:29:41
21 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/b0edc0a48a243cc4618961bdb1677c0dd7aeaf545fe63e2c147b0e916151166c/detection/f-b0edc0a48a243cc4618961bdb1677c0dd7aeaf545fe63e2c147b0e916151166c-1587688585 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 17:20:02
22 LilithRainbows @juanito589657 @IamNotRomero @98LuftHB 0/68. ya deja de hacer el ridículo Rukawa ♥ https://www.virustotal.com/gui/file/b23aa639a4c1e89e345b491ac13637f2ecb69c38b160e62f6612fc1c755551f7/detection 2021-01-16 17:19:45
23 bl4ckh0l3z @malwrhunterteam #SMSThief #sms #stealer 📨 Monitor 🔎incoming SMS 📨 and forward them to the C2: 🖥️ http://nablism.xyz/melli/otp.php If C2 is down. it retrieves secondary from 🖥️ http://nablism.xyz/melli/MainDomain.txt and send stolen data to it: 🖥️ https://bamimelli.xyz 👇👇👇 https://twitter.com/bl4ckh0l3z/status/1350492882633895938/photo/1 2021-01-16 17:19:28
24 jjrruiz @Hostkey we have reported this #scam site on your servers since Dec. 22 in the way indicated on your page https://hostkey.com/about-us/legal/complaint-procedure/ However the #fraud is still active: https://ihrelieferinformationen.com/LIDL/?dom= track.click2win2day.com&geo= US&cep= O0oc2_aL4Uz_4sUjr-AiMoyDO5NvYa41L0q0Wp8EDrn541oCkbHIfZ2sJO9kdFlaMTLmFITBnvVYTxib-30q6GnnQBA1lk6VZZDD9zshKkpjtl0-a71h7AIAMRXTddyEib7P-4pQku4Uy8pDKXF2rT8ipd-t2ISoYkVtfqEwkhpISqL3JO5HZSJ4nQQnWFFWPKCL2Qe0k6LDb0bfsaOGqDc7UhYLkmfZx7l7Dwgvn13bDDjW9EgOrMFmgUFWbMa9kS925zRAzjrpeI3n8V-ZWPgQP_JW197LCUpTcz7c1SrK2a9Ot4P0arVp_jI7D7FwXHl_omDyt-HDNlhf3FUxSRsEyg13m5-wuFc8R6cjxsHJV1enzG64cHzo4rUz9DZ7NyfvkPd823wuoln102A30Qha1_3uj17qpczJLQCPe14&lptoken= 16ec072318dc91112315 Proofs: https://www.virustotal.com/gui/url/679c2077e74a5447bf9ef344666e1c62bdc0bc8fd4796f7f51b42bc0a19969e5/detection Would you mind helping us. please? 2021-01-16 17:14:24
25 JAMESWT_MHT @MikeLierman @malwrhunterteam @VK_Intel @digicert @websecpartner Relations https://www.virustotal.com/gui/url/f42c062f6b9fc9c6b9c678ce5ea487c7db349eb140bb530e54ac168f80569899/relations Sample https://bazaar.abuse.ch/sample/bc63d028bf26ba58a05892074492caa759f9840476a4744d325d4fda1d1ed814/ Detected as MSIL/UwS.FShareManger.A by Eset maybe @jiriatvirlab @marc_etienne_ can give us more info about it 2021-01-16 16:59:37
26 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/e51bb1d98e0c207c103d98ce3469c2d1b3899d5124c47076e0ac043594c71da2/detection/f-e51bb1d98e0c207c103d98ce3469c2d1b3899d5124c47076e0ac043594c71da2-1586997455 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 16:55:03
27 cocaman VirusTotal detections https://www.virustotal.com/gui/file/bd1315238673ae1eb5a79c6c835c5100eec2f38a86809e0f44303f5348c93eaa/detection 2021-01-16 16:27:07
28 micham #Phish with horns😂 Stay dressed/safe! https://www.phishtank.com/phish_detail.php?phish_id= 6924236 https://www.virustotal.com/gui/url/afb2cc05153420b9cd9820abea82afbb0671eacba34eb8df55cf3f2497d232d3/detection https://twitter.com/micham/status/1350472952215609346/photo/1 2021-01-16 16:00:17
29 r3dbU7z #Tsunami #docker #DDoS ip: 34.66.229.152 url: hxxp://34.66.229\.152:80/wp-content/themes/twentyseventeen/d -- dropper ip: 193.46.199.8 8b13ce9b843a5e9ee63d2df42eebd74b -- dk86 Sample on VT -> https://www.virustotal.com/gui/file/72b86cf168181480d745b27f57ef574c8d6208daf36c898eddd0700f41f8a03d/detection Sample on bazaar -> https://bazaar.abuse.ch/sample/72b86cf168181480d745b27f57ef574c8d6208daf36c898eddd0700f41f8a03d/ https://twitter.com/r3dbU7z/status/1350470527928971264/photo/1 2021-01-16 15:50:39
30 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/3513d84ebf2f30a547273d2504720cb30ef6fa847cd70625db1cc042360ed4b0/detection/f-3513d84ebf2f30a547273d2504720cb30ef6fa847cd70625db1cc042360ed4b0-1553593082 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 15:25:02
31 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/2e160d0692693ef9163762cd8012694413ab27eb2809c12ea852874ce35e14c1/detection/f-2e160d0692693ef9163762cd8012694413ab27eb2809c12ea852874ce35e14c1-1594335847 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 15:20:02
32 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/37ec9bc73bcce18572c8a934aa6426dc78f399ccbf48df735eb0a04005da7da0/detection/f-37ec9bc73bcce18572c8a934aa6426dc78f399ccbf48df735eb0a04005da7da0-1567498321 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 15:10:02
33 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/4e9b78efec58890df17d09240fadb2016d50443885ddb1c2c71ad9d91af1af67/detection/f-4e9b78efec58890df17d09240fadb2016d50443885ddb1c2c71ad9d91af1af67-1586997536 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 15:00:02
34 dubstard 🎯@Fibank 📨Refund ID:125-510-11 📥102.157.125.17 ⚠ /refactory-antiques.jp ☣ AS7506 157.7.107.102 🇯🇵 🖧 @GMOGroup 🌐@muumuu_domain 🔐@letsencrypt @58_158_177_102 @bunnymaid @ninoseki @tomoaxe @tiketiketikeke @JAMESWT_MHT @jpcert_en @jpcert @Spam404 #Phishing #spam https://twitter.com/dubstard/status/1350457120093835266/photo/1 2021-01-16 14:57:22
35 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/4e17ea5e6841389bd0d77122a9825ab15c1958af89dc491f41940f8e2d876f96/detection/f-4e17ea5e6841389bd0d77122a9825ab15c1958af89dc491f41940f8e2d876f96-1599716685 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 14:40:02
36 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/c3203b0dd36ce480a9ffd75146283186458a987629b9d251882300efdf8a3953/detection/f-c3203b0dd36ce480a9ffd75146283186458a987629b9d251882300efdf8a3953-1591661786 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 14:35:03
37 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/fc4db7da69601a53d7154cb33cf7c9d112f348fc27dbc24dc7449d66e8261430/detection/f-fc4db7da69601a53d7154cb33cf7c9d112f348fc27dbc24dc7449d66e8261430-1610214061 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 14:00:02
38 Arq_MauTavaresS Além disso. para desencargo de consciência. verifiquei o link de download no VirusTotal. que. como previsto. detectou phishing! (a verificação pode ser consultada por este link: https://www.virustotal.com/gui/url/095d1b2516df954a2d0f03eee5ba0bcd76d90ab8b94a83c651d64e1d641d2ea8/detection) https://twitter.com/Arq_MauTavaresS/status/1350440111520022528/photo/1 2021-01-16 13:49:47
39 bl4ckh0l3z @malwrhunterteam @Nutstore3 @TencentCEO (qq.com) your help in fighting fraudsters is appreciated! (see the thread 👆) 2021-01-16 13:38:37
40 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/9fdb47842dd705907b54472630d7513e1008e259a9a8bfbea59ccf4c6c79beb6/detection/f-9fdb47842dd705907b54472630d7513e1008e259a9a8bfbea59ccf4c6c79beb6-1599423158 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 13:35:02
41 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/970f9f41685c3ef83005980af78db369663152461a7d5cf79d4b998c5d17ca12/detection/f-970f9f41685c3ef83005980af78db369663152461a7d5cf79d4b998c5d17ca12-1579176635 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 13:30:03
42 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/4e5a5a0637ef36b16c81ced8329840e2e68160cd48b279123056532d34f0fbf7/detection/f-4e5a5a0637ef36b16c81ced8329840e2e68160cd48b279123056532d34f0fbf7-1583960722 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 13:30:03
43 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 57 VirusTotal: https://www.virustotal.com/gui/file/a417fc5810f35e15e8848f0679cd003dbb0aa5756e6c9efa393a8a2535d41cb1/detection/f-a417fc5810f35e15e8848f0679cd003dbb0aa5756e6c9efa393a8a2535d41cb1-1578674121 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 13:30:02
44 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/4888489624781e994b300868e6da58eca3c1c8e43b21f51b38f040835d44ac87/detection/f-4888489624781e994b300868e6da58eca3c1c8e43b21f51b38f040835d44ac87-1557878109 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2021-01-16 12:40:02
45 dubstard Confirmed #Phishing domains 16-JAN-2021 http://pastebin.com/BHADHmL5 via @pastebin 2021-01-16 12:39:27
46 dubstard #Phishing 💳🎣 🎯 @fbsecurity @Facebook @FBBusiness @techatfacebook ⚠ /faceboook.page1545810254­.com ☣ AS22612 198.54.115.89 🇺🇸 🌐@Namecheap 🖧 Namecheap 🔐@SectigoHQ @sectigostore cc @ActorExpose @Bank_Security @dave_daves @JAMESWT_MHT @JCyberSec_ @nullcookies #scam https://twitter.com/dubstard/status/1350418784725704705/photo/1 2021-01-16 12:25:02
47 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/a3e22c5439a5ba6d7065f5458aaaf190c2f7bc9673adb1a1f6f87ab27380e5e0/detection/f-a3e22c5439a5ba6d7065f5458aaaf190c2f7bc9673adb1a1f6f87ab27380e5e0-1598163918 Threat: Ransom_WCRY.SMALYM (TrendMicro) 2021-01-16 12:15:03
48 bl4ckh0l3z @malwrhunterteam #SMSThief #sms #stealer Attempt to exfil over #webdav srvs offered by @Nutstore3: https://dav.jianguoyun.com/dav/ Credentials (no more valid): 2353455185@qq.com acjdqfbz6q5gr2ef Updates from (if available): http://xguglsb.cn/YT9-11.apk made in #china.for #china.with love! https://twitter.com/bl4ckh0l3z/status/1350414598780956672/photo/1 2021-01-16 12:08:24
49 cocaman This is one interesting method to name your malicious ZIP attachment :) #AgentTesla "PO-JAN16-2021-KMML-.ASW.image.jpeg.eml.png.zip" Sample: https://bazaar.abuse.ch/sample/6b57606a8f83f14922099d09423c3ddee012057085b5ccc2a80ba73498e23432/ https://twitter.com/cocaman/status/1350407737327439872/photo/1 2021-01-16 11:41:08
50 HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 53 VirusTotal: https://www.virustotal.com/gui/file/f52d945433eed1f2c55065d4bad393bf040d810c1e8df85e69c5dfe55ccf830b/detection/f-f52d945433eed1f2c55065d4bad393bf040d810c1e8df85e69c5dfe55ccf830b-1552643031 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2021-01-16 11:40:03