Last 5 Entries

ID User Tweet Date
1 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/file/f65ebe7ef4ceaaee0add3ddef4aa66586e883a707ef684aba2a73f891f403598/analysis/1536819627/ … Threat: Ransom:Win32/WannaCrypt.A!rsm (Microsoft) 2020-04-05 00:00:02
2 sniko_ A malware campaign targeting @idexio and KICK users - the same spam token everyone got sent 888.888 Bad guys: idex-claim.su Malware download hosted on testgosts.beget.tech - contacts C2 to download MIService.exe binary https://app.any.run/tasks/4a178e71-e613-4b1d-b738-1f36c91a5c5e … #malware #cryptocurrency pic.twitter.com/npzg3JiETR 2020-04-04 23:55:05
3 DynamicAnalysis adding jzfozxqe.site at 8.209.70.110 2020-04-04 23:40:08
4 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/file/7b656ed6f5bc5bddf5044597f33c533370106592c061639652cd1bf398079f8d/analysis/1537319588/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 23:40:02
5 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/file/3e76ad3cb9f9a448c94e97f57f5129224148191cdbbab633645b21e7fa6eb9e3/analysis/1566807159/ … Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2020-04-04 23:30:02
6 bad_packets Active DDoS malware payload detected: http://194.180.224.124/bins/mpsl https://www.virustotal.com/gui/url/efe855785c2b488ba88da1964c945bf8a3d61bb7afe1bbb6cdfa448c66c6afb6/details … http://194.180.224.124/bins/ #opendir Hosting provider: RebeccaHost (AS44685) Exploit target: Linksys router unauthenticated remote command injection vulnerability #threatintel pic.twitter.com/DwvloOp3NO 2020-04-04 23:27:53
7 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/file/45b6052f93d57c26ef141e57ec0d1547b4f47ebb2cf0a49f225de8f250aa87c9/analysis/1579181427/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 23:00:01
8 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/file/a83cdbc94b481534aca46c9263b15b7b9efc2f9445fd7e2a867c65775b65ec96/analysis/1567577525/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 22:00:02
9 ScumBots Diamondfox: https://www.virustotal.com/en/file/35b19ec9c7db9b6cadf53130151d2c13699cd77d97a3ad7941a65b8a43223e5a/analysis/ … C2: http://game-portal.su/bot/. 2020-04-04 21:46:51
10 ScumBots Infinity: https://www.virustotal.com/en/file/b1e2518cfaa0988b4d2c622e23038699325ee098a5b54dd2148e5c3f8b553de7/analysis/ … C2:tcp://dragongamer.ddns.net. 2020-04-04 21:44:19
11 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/file/c2dc6721e62298fee676fa04aefdfc8f77e2c58c9e68aa0c99b035b56264d70b/analysis/1569717703/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 21:30:02
12 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/file/c36bb279a49ddb5e8df9f2570472b900a6e2693cb55d2bdce2cc150282d11e22/analysis/1525300691/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 21:25:02
13 pmelson Python #pwntools script that loads #ConPtyShell reverse shell. C2: 178.128.146.183:1234 https://pastebin.com/Cqv2tnaH 2020-04-04 21:20:22
14 dustyfresh ncow2019.exe loading from Github https://www.virustotal.com/gui/file/e672a5b26916466428c3c9b19e5e9200c39ac6596efa438772cfe1722dcb2b58/detection … https://www.virustotal.com/gui/file/c7c2cba0b06fa1f4b303af72cb9653af81da245b7792bd7602bad43dfcd9abf9/detection … pic.twitter.com/Qd9cXi5W30 2020-04-04 20:55:13
15 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/file/eff8b5d77961f54d3652d01e5d5a7c0156307effa80fc3d10f3423b8dd50a023/analysis/1578661075/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 20:40:02
16 Max_Tutoriel Vérifier les archives et fichiers téléchargés avant de les exécuter. https://www.virustotal.com https://www.hybrid-analysis.com https://virusscan.jotti.org pic.twitter.com/WDQfe7skMi 2020-04-04 20:33:08
17 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/file/33ed051eaba71bedbf2e6fe52b6d47e43a679a0fe53c0893b1519ab30639f3e6/analysis/1561176127/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 20:15:02
18 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/file/2d923b098adf7494754bfda049fd2976bfbb585fbc513295983abab3403f31c5/analysis/1579177799/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 19:45:02
19 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/file/e06eeaa35cc1b1625ac542d00e8a8954a82add72c9146d16808421068b632b0c/analysis/1568270518/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 19:20:02
20 0xCARNAGE If AAR isn't wrong. there's a #gootkit driveby at medicinecomplete.com. website gives a cert error and if you push forward. it eventually prompts you to download a blank file. Looks like the drop is before any of that even happens. https://app.any.run/tasks/137d26a0-a94a-414b-a953-711647b4093b … 2020-04-04 19:10:17
21 James_inthe_box Might help: https://malwareindepth.com/defeating-nanocore-and-cypherit/ … 2020-04-04 18:56:44
22 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/file/e65c7096053e9ed00ab565b270c1e38ec01b4c7137f24d2e35aeba4dd98fada3/analysis/1579177680/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 18:55:03
23 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/file/a212d92a79bf4f22bf48d7bcb32167992fa64657ee87746790c32292948eb315/analysis/1579051572/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 18:55:02
24 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/file/6724445ed9d3e8198aa25d8e59a85bef74b50ce2def764bec3005cca0a99743d/analysis/1536422690/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 18:15:02
25 IpNigh #PhishingKit found on #Phishing site. Threat Actor emails found in dump: visionoffice2020@yandex.com For more information on kits contact me. 2020-04-04 18:03:59
26 IpNigh #Phishing | #PhishKit | #PhishingKit Found and downloaded. URL:hxxp://54654sqd465qsd.044bcc2.netsolhost.com/wp-content/plugins/jetpack/css/min.css/style/morfo135/myaccount/signin/ Threat Actor Emails are attached below. Bot Generated pic.twitter.com/tmuo2uzLZu 2020-04-04 18:03:59
27 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/file/c100fab37a4dfcf66512043ef165d292dc025c11e4bdd4137e4db5afbb4143ba/analysis/1579191960/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 17:45:02
28 ContagionOnline https://www.kickstarter.com/projects/5765934/506294270?ref= bypewl&token= 7c3ec983 … https://www.kickstarter.com/projects/5765934/1289914545?ref= 7sd1t7&token= 0adefd48 … https://www.kickstarter.com/projects/5765934/893057880?ref= ev6ykm&token= f570bb4d … https://www.hybrid-analysis.com/sample/2eada1f0d3034a91505d27d94ef6099b5cf17bc9d0d621bf8c973b000caf9640 … https://www.hybrid-analysis.com/sample/8695c7badc571dabd834d05e9e5936b449023f67d6a20716a3d305f83ea67cf4 … https://www.hybrid-analysis.com/sample/6faf31ca0e137ddfa1fbe16de5f92e450bf5a226fa7d783a40d4d7cb86b3bd14 … 2020-04-04 16:49:45
29 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/file/aeaaa9dbca56ada0e9c10ca9fb9a8b2b1609ec48ebb702d63dba88fa15065f6e/analysis/1571543125/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 16:30:03
30 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/file/5d7fa45d2fcb10893ee5bdbfc4b16bdeeffd34aa5791331332a8bbb1015cb63b/analysis/1580892918/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 16:30:02
31 MalwareWisperer Another related maldoc https://www.virustotal.com/gui/file/2cd5f1852ac6d3ed481394ea0abc49f16789c12fb81bcdf9988762730fb0aa8f/details … 코로나바이러스 대응.doc - Coronavirus correspondence.doc C2 - http://vnext.mireene.com/theme/basic/skin/member/basic/upload/search.hta … 2020-04-04 16:27:19
32 MalwareWisperer seems to be related https://www.virustotal.com/gui/file/27d04bdb74736f9041ba89306747399e0a149439acf1048e82e4acdfa24677de/detection … the original sample C2 has an historical SSL Thumbprint related to http://complit.yonsei.ac.kr when you pivot on that you can see related subdomains http://nhpurumy.mireene.com to the original sample C2 where one of them is related 2020-04-04 16:12:26
33 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/file/370e47fad9a33a5d8a81cd0e3c59c738be9b4249792c27b913b7938fd8985a13/analysis/1571543171/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 15:35:02
34 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/file/0b4e88fc1c9432ae79d167598aa1e26669698d7579c0e7d2e54555c953b19540/analysis/1579345218/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 15:25:02
35 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/file/8c659ca9d737013ffa282c81ea199ad38b03b6c9d88a1f22becd8c801dee7465/analysis/1578923472/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 15:15:02
36 micham This seems weird. #phishi domain points to @FIFCLUB website for some reason. https://www.virustotal.com/gui/url/dba5d28c839c018798e59a422a9d688ba1918573bb7fdf83848dde7c6f9ae785/detection … pic.twitter.com/sh66vHH8E8 2020-04-04 15:14:20
37 malwaretracekr #Malware #스미싱 #Smishing h**p://bit.ly/3bHDgOu @bitly -> h**p://www.bros10.co.kr/upload/bbsData/index.html Download app : PinkTv.apk (PinkTv) https://www.virustotal.com/gui/file/bef7feb59638331f2191b152cd14af05ad025c108ca0036a40da9ea72d01d1b5/detection … @kisa118 @ZeroCERT @malwrhunterteam pic.twitter.com/TW5Dhxm2PY 2020-04-04 15:08:52
38 IpNigh #PhishingKit found on #Phishing site. Threat Actor emails found in dump: mo7amedsaber611@gmail.com For more information on kits contact me. 2020-04-04 15:01:23
39 IpNigh #Phishing | #PhishKit | #PhishingKit Found and downloaded. URL:hxxps://securityviacam.com/login/dashboard.php Threat Actor Emails are attached below. Bot Generated pic.twitter.com/J8YPDgwssG 2020-04-04 15:01:23
40 malwaretracekr #택배 #스미싱 #Smishing #RoamingMantis #MoqHao h**p://vo.la/EF16?inlinl -> h**p://psuge.top/ (128.14.24.76) @zenlayer iOS : None Download app : app.apk (CJ 대한통운) https://www.virustotal.com/gui/file/d837a6e6c83ba85c0d1323580797d8975b482515ce27ac85f8467aaac3e5f8eb/detection … @kisa118 @ZeroCERT @papa_anniekey @58_158_177_102 @ActorExpose @malwrhunterteam pic.twitter.com/MCxpqQsBzs 2020-04-04 15:00:10
41 0xCARNAGE #wshrat - probably also #revengerat from last week mht>a6p.vbs and MICROSOFT.vbs talks to: aba23564.ngrok.io and pluginsrv2.duckdns.org https://app.any.run/tasks/a25d886d-bec7-43d4-9015-302f051844de/ … pic.twitter.com/watQbvHtsd 2020-04-04 14:59:30
42 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/file/5e1119b9b40e066c8120bfd6e096fceb0b9f8e88e5f1f3d6c46f5ea98b18d455/analysis/1571542328/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 14:55:02
43 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/file/2582074ea495283a43101a7476c0328bba92079a9f53ab3ceb7698297139a06e/analysis/1540424048/ … Threat: Ransom_WCRY.SMALYM (TrendMicro) 2020-04-04 14:30:02
44 HeliosCert Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/file/2cc0865c632fe16078ae17b2ccf29945665286520bb1f67fa9be644335ba2a58/analysis/1551395762/ … Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft) 2020-04-04 14:20:02
45 IpNigh #PhishingKit found on #Phishing site. Threat Actor emails found in dump: info@hotmail.com. cuentaspam20193@outlook.com. robertspam@yahoo.com. cuenta00001mm@gmail.com For more information on kits contact me. 2020-04-04 14:13:03
46 IpNigh #Phishing | #PhishKit | #PhishingKit Found and downloaded. URL:hxxps://www.missemisterbrasil.com.br/hxxps/177.254.4.1931203/sucursalpersonas.transaccionesbancolombia.com/mua/index.html Threat Actor Emails are attached below. Bot Generated pic.twitter.com/o5YZvTufFz 2020-04-04 14:13:03
47 IpNigh #PhishingKit found on #Phishing site. Threat Actor emails found in dump: user_maintanance912566@outlook.com. erykhugo231@gmail.com. craftbot@yahoo.com For more information on kits contact me. 2020-04-04 13:55:35
48 IpNigh #Phishing | #PhishKit | #PhishingKit Found and downloaded. URL:hxxps://dal-shared-13.hostwindsdns.com/~xyezuuhs/wp-includes/js/swfupload/plugins/t/customer_center/customer-IDPP00C473/myaccount/signin/ Threat Actor Emails are attached below. Bot Generated pic.twitter.com/tM6ZqYCQko 2020-04-04 13:55:35
49 TechnothepigYT Microsoft i found malware in FireZilla https://www.virustotal.com/gui/file/da2f1a0ee94f0cd1cd5367718fb9292a7b6eeb5567388540b7444f611dbc7983/detection … 2020-04-04 13:07:15
50 TechnothepigYT @leotpsc MY FRIEND AND ME FOUND MALWARE IN FireZilla! https://www.virustotal.com/gui/file/da2f1a0ee94f0cd1cd5367718fb9292a7b6eeb5567388540b7444f611dbc7983/detection … 2020-04-04 13:03:38