| 1 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 28
VirusTotal: https://www.virustotal.com/gui/file/1d3c123ef4b613990472a80a8c6471a0f7dd825f8bed27b1fd8c92ba87c82014/detection/f-1d3c123ef4b613990472a80a8c6471a0f7dd825f8bed27b1fd8c92ba87c82014-1638627673
Threat: Possible_HAJIME.SMLB1 (TrendMicro)
|
2021-12-04 23:35:03 |
| 2 |
kienbigmummy |
@monriver630 Thank you for your attention. Here:
Maldoc: https://tria.ge/211203-qhs1csbfh7
Emotet DLL Loader: https://www.virustotal.com/gui/file/cd9419510c772ddf117334f1b3b2f987fe3d795351d2dcedfb76af765ddf17bb/details
|
2021-12-04 23:27:47 |
| 3 |
kienbigmummy |
@BaglaiVlad @fr0s7_ Yup. here you are:
Maldoc: https://tria.ge/211203-qhs1csbfh7
Emotet DLL Loader: https://www.virustotal.com/gui/file/cd9419510c772ddf117334f1b3b2f987fe3d795351d2dcedfb76af765ddf17bb/details
|
2021-12-04 23:25:41 |
| 4 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 8
VirusTotal: https://www.virustotal.com/gui/file/1fa16aa1aaebe7a28ce893329d06d34b243ecafd34afd4c8d0a17aa4cc3f3563/detection/f-1fa16aa1aaebe7a28ce893329d06d34b243ecafd34afd4c8d0a17aa4cc3f3563-1638156321
Threat:
|
2021-12-04 21:50:02 |
| 5 |
phishunt_io |
#NewPhishing | #phishing #scam
🔗 /homesinterbankperu.cubmesd.com/
🚩 70.32.23.109
☁ A2HOSTING
🔒 cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1467245179614732300/photo/1
|
2021-12-04 21:31:25 |
| 6 |
bad_packets |
Mass scanning activity detected from 185.156.72.51 (🇳🇱/🇺🇦/🇷🇺*) targeting Microsoft Exchange servers vulnerable to #ProxyShell (CVE-2021-34473).
First seen:
2021-12-04T06:55:14Z
Last seen:
2021-12-04T20:35:46Z
#threatintel
___________
*Geolocation vendors don't agree on location
|
2021-12-04 20:55:09 |
| 7 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/018a5306e7ef6dc5a400c2dbbb8b2402850c7f8185f40f3dab15eaa4b17140ef/detection/f-018a5306e7ef6dc5a400c2dbbb8b2402850c7f8185f40f3dab15eaa4b17140ef-1638478294
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 19:55:02 |
| 8 |
dubstard |
🎯@Metamask
⚠ /bot-validate.net
☢ AS22612 199.188.201.128 🇺🇸
🌐 @Namecheap
🖧 Namecheap
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404 @MetaMaskSupport
#scam #phishing https://twitter.com/dubstard/status/1467214579839258627/photo/1
|
2021-12-04 19:29:50 |
| 9 |
dubstard |
🎯 @Polkadot
⚠ /fixapp.site
☢ AS22612 199.188.201.128 🇺🇸
🌐 @Namecheap
🖧 Namecheap
h/t @idclickthat
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404
#scam #phishing https://twitter.com/dubstard/status/1467209273570729987/photo/1
|
2021-12-04 19:08:44 |
| 10 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 62
VirusTotal: https://www.virustotal.com/gui/file/a0415419892d4322dbb267ac3c9828a603dd7ed609b5f8856e6851c363806a19/detection/f-a0415419892d4322dbb267ac3c9828a603dd7ed609b5f8856e6851c363806a19-1585412512
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 18:00:02 |
| 11 |
dubstard |
🎯 @Metamask
⚠ /walletsprotocols.online
☢ AS22612 192.64.118.78 🇺🇸
🌐 @Namecheap
🖧 ColoCrossing
h/t @idclickthat
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404
#scam https://twitter.com/dubstard/status/1467191549540945926/photo/1
|
2021-12-04 17:58:19 |
| 12 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 62
VirusTotal: https://www.virustotal.com/gui/file/da6bef5eed66dd0e349477d1656b5eddaa93e6a309e74a43ce75a58ba7103b13/detection/f-da6bef5eed66dd0e349477d1656b5eddaa93e6a309e74a43ce75a58ba7103b13-1598955665
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 17:45:02 |
| 13 |
xiatianguo |
Day 4 #AdventofCyber done!
https://tryhackme.com/room/adventofcyber3 #tryhackme @RealTryHackMe https://twitter.com/xiatianguo/status/1467171509299216384/photo/1
|
2021-12-04 16:38:41 |
| 14 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/5a17f1fb9d5719ab712c5d3f76676f9a19df32f078146e43826f209b8ae6dfc8/detection/f-5a17f1fb9d5719ab712c5d3f76676f9a19df32f078146e43826f209b8ae6dfc8-1617581024
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 16:15:02 |
| 15 |
w0mbat5eoul |
@luketaylorgo @virustotal AV detection: https://www.virustotal.com/gui/url/6fb180e9f360accc0f44a8a8ece6d328ff8c64891f3549068688459820b77028/detection
Detected as malicious and phishing
|
2021-12-04 16:10:26 |
| 16 |
oulusoyum |
#RedLine #Stealer
Samples:
https://app.any.run/tasks/b72de800-ab49-4fed-996a-4482d261d316
hxxps://codeload.github.com/shtempsoft/soft/zip/refs/heads/main
@github username shtempsoft
C2: 185.215.113.121
Sha256: f1eb035c8e23d03b366ff3b7dae385e0807d5f26867f8810c122cfc31843a90d https://twitter.com/oulusoyum/status/1467156857156517891/photo/1
|
2021-12-04 15:40:27 |
| 17 |
petrovic082 |
#Ransomware #Argos
https://app.any.run/tasks/74867f5c-d18b-4ac4-8e92-e38d0ce7566b/
https://www.virustotal.com/gui/file/7bb72f6d4ea8c4008bf51cc0817db28cbf18bdaa3862509d6aa0f842d7822daf/detection
|
2021-12-04 15:23:18 |
| 18 |
dubstard |
🎯@Metamask
⚠ /webwalletsverification.com
🌐 @Namecheap
🖧 Cloudflare
h/t @idclickthat
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404 @MetaMaskSupport
#scam https://twitter.com/dubstard/status/1467143315770552335/photo/1
|
2021-12-04 14:46:39 |
| 19 |
dubstard |
🎯@Polkadot
⚠ /nftserverpad.com
☢ AS14061 178.62.108.214 🇺🇸
🌐 @Namecheap
🖧 DigitalOcean
h/t @idclickthat
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404
#scam #Phishing https://twitter.com/dubstard/status/1467142085128200203/photo/1
|
2021-12-04 14:41:45 |
| 20 |
dubstard |
🎯@Polkadot
⚠ /connectdapps.io
☣ AS22612 68.65.123.168 🇺🇸
🌐 @Namecheap
🖧 Namecheap
h/t @idclickthat
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404
#scam #Phishing https://twitter.com/dubstard/status/1467141459358928900/photo/1
|
2021-12-04 14:39:16 |
| 21 |
dubstard |
🎯@WalletConnect
⚠ /livewalletguide.com
☣ AS48254 185.151.30.168 🇬🇧
🌐@Namecheap
🖧 20i Limited
h/t @idclickthat
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404
#scam #phishing https://twitter.com/dubstard/status/1467141222095593483/photo/1
|
2021-12-04 14:38:20 |
| 22 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 56
VirusTotal: https://www.virustotal.com/gui/file/a62393faa942970ee2d53f7f1b503ea4827bc89eec9e7186cf9dba2f39f82dd4/detection/f-a62393faa942970ee2d53f7f1b503ea4827bc89eec9e7186cf9dba2f39f82dd4-1540428513
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 14:20:02 |
| 23 |
benkow_ |
GCleaner loader b44c9ee4e0b17e6ecc0cd60cebc14d710e15af7da15321cb677f41c5e30b44e6
R:\vsrepos\sukalogger\Release\sukalogger.pdb
https://www.virustotal.com/gui/file/b44c9ee4e0b17e6ecc0cd60cebc14d710e15af7da15321cb677f41c5e30b44e6/detection
|
2021-12-04 14:11:41 |
| 24 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/12fd092dc365f4754f33412eac7732950925603775660561aecb203a7bb792ee/detection/f-12fd092dc365f4754f33412eac7732950925603775660561aecb203a7bb792ee-1638477831
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 14:05:03 |
| 25 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/8b51945ada866301cd583744f4363bbeac1b7ec84ee78c0135824a2dc57f7244/detection/f-8b51945ada866301cd583744f4363bbeac1b7ec84ee78c0135824a2dc57f7244-1638477543
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 13:40:02 |
| 26 |
ozuma5119 |
#malware #covid19 #phishing ⚠️
🦠 hxxps://iabnc.com/Excel.exe
IP: 103.93.76.204 (AS61414 EDGENAP)
Registrar: Dynadot
Brand: 厚生労働省 The Government of Japan 🇯🇵
IoC: https://otx.alienvault.com/pulse/61ab6d7559109b47da3a91f7
bazaar https://bazaar.abuse.ch/sample/f86988844cd1f04c326a1760c47336963d8b96d87ef8be140ebf6c3eb77086bd/
anyrun https://app.any.run/tasks/6b47b965-2160-4aef-87a0-035f22288b55/ https://twitter.com/ozuma5119/status/1467125363512082443/photo/1
|
2021-12-04 13:35:19 |
| 27 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 0
VirusTotal: https://www.virustotal.com/gui/file/1053666acf04eb1f578b41a0a9b96e75a910b15d68bc470161dcabc4c541b223/detection/f-1053666acf04eb1f578b41a0a9b96e75a910b15d68bc470161dcabc4c541b223-1582951287
Threat:
|
2021-12-04 12:35:02 |
| 28 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 57
VirusTotal: https://www.virustotal.com/gui/file/4a03ba800f020c6f2a24a909d06df251723ea8f0b5effa0d1ced21b8f2c7e313/detection/f-4a03ba800f020c6f2a24a909d06df251723ea8f0b5effa0d1ced21b8f2c7e313-1638482130
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 12:25:02 |
| 29 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 51
VirusTotal: https://www.virustotal.com/gui/file/9a76f62fed6269c81c2bef7c7bb4254bcdc648ae17ce89fbe2dea20ceb2f066c/detection/f-9a76f62fed6269c81c2bef7c7bb4254bcdc648ae17ce89fbe2dea20ceb2f066c-1556700597
Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)
|
2021-12-04 12:10:02 |
| 30 |
dms1899 |
@hey_wallet https://discord.com/invite/MalwareTech
It is the only one I know of
|
2021-12-04 11:54:13 |
| 31 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 62
VirusTotal: https://www.virustotal.com/gui/file/74d96340bf82866669b726cd2b79d1d52f1911c4922b7c08b3835767917ca1a6/detection/f-74d96340bf82866669b726cd2b79d1d52f1911c4922b7c08b3835767917ca1a6-1602929053
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 10:55:02 |
| 32 |
paskur |
Graphviz 2.49.3のWindows版のバイナリがVirusTotalでマルウェア判定なの気持ち悪いなぁ。
https://www.virustotal.com/gui/file/63a7eff47f8ab94fd89127a005c123d05bc817bf0709aaa85fee133d66aa9ff0
|
2021-12-04 09:58:02 |
| 33 |
petrovic082 |
#vbs #dropper
https://app.any.run/tasks/d724a055-b419-4343-9435-3d8a84bed66d/
drop
https://www.virustotal.com/gui/file/ee460a2480d718ff40e391a7418249ec88927dd59ba31bca9be2999c21768f7d/detection
|
2021-12-04 09:18:03 |
| 34 |
adl_bdh |
لهواتف الأندرويد الحق المر الجزء الثالث
رابط إثبات خلو الملف من الفيروسات
https://www.virustotal.com/gui/file/405fd539098565b7094b53709b0f339a7b458d74f3197e54754bbed135f8d2bb?nocache= 1
محمد الغزالي
هذه مقالات قيمة كتبها الشيخ محمد الغزالى من سلسلة مقالات «الحق المر» على امتداد فترة زمنية ليست بالقصيرة
https://adel-ebooks.mam9.com/t4693-topic#18678
أو
http://muntada.sawtalummah.com/showthread.php?3435-%E1%E5%E6%C7%CA%DD-%C7%E1%C3%E4%CF%D1%E6%ED%CF-%C7%E1%CD%DE-%C7%E1%E3%D1-%C7%E1%CC%D2%C1-%C7%E1%CB%C7%E1%CB&p= 17334#post17334 https://twitter.com/adl_bdh/status/1467056064776581124/photo/1
|
2021-12-04 08:59:57 |
| 35 |
dubstard |
🎯@WalletConnect
⚠ /validationfield.com
☣ AS25369 109.70.148.33 🇬🇧
🌐 @Namecheap
🖧 Hydra Communications Ltd @zare
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404 @pedrouid
#Phishing https://twitter.com/dubstard/status/1467006144107458563/photo/1
|
2021-12-04 05:41:35 |
| 36 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/1ee2a998e742f2c5fefe4aa56dacc91f33fc44ff5c2ca939bd03cffac8a0ff38/detection/f-1ee2a998e742f2c5fefe4aa56dacc91f33fc44ff5c2ca939bd03cffac8a0ff38-1571715664
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 05:30:02 |
| 37 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/1f8b302bca585f7717f9cb32baac390ba9577aa22f29b01404b78bc611bd352b/detection/f-1f8b302bca585f7717f9cb32baac390ba9577aa22f29b01404b78bc611bd352b-1587967924
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 05:05:03 |
| 38 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 23
VirusTotal: https://www.virustotal.com/gui/file/fd656cf90aca331297cf1cb06185c4e02e233604ff55d65c3f56a79fb8382403/detection/f-fd656cf90aca331297cf1cb06185c4e02e233604ff55d65c3f56a79fb8382403-1638548485
Threat: Possible_BASHDLOD.SMLBO1 (TrendMicro)
|
2021-12-04 04:50:02 |
| 39 |
dubstard |
🎯@WalletConnect
⚠ /sync.wcmainnet.xyz
☣ AS327813 169.255.59.10 🇿🇦
🌐@web4africa
🖧 VIDOLU Group Pty
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404 @AfricaCERT @xyz
#phishing #scam https://twitter.com/dubstard/status/1466993051935645697/photo/1
|
2021-12-04 04:49:33 |
| 40 |
dubstard |
🎯@WalletConnect
⚠ /sync.wcmainnet.xyz
☣ AS327813 169.255.59.10 🇿🇦
🌐@web4africa
🖧 VIDOLU Group Pty Lt-Web4Africa
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @ninoseki @nullcookies @Spam404 @dave_daves https://twitter.com/dubstard/status/1466986485048037380/photo/1
|
2021-12-04 04:23:27 |
| 41 |
fbgwls245 |
.ID-XXXXXXXX .unlock
Thanos #Ransomware
C2D4263B2D50F165CA6564AAE098D1FA https://twitter.com/fbgwls245/status/1466981846500388864/photo/1
|
2021-12-04 04:05:02 |
| 42 |
dubstard |
🎯@WalletConnect
⚠ /dappnodeconnect.org
☣ AS55081 67.220.183.18 🇺🇸
🌐 OwnRegistrar
🖧 24SHELLS. US
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404
#scam #phishing #cybercrime https://twitter.com/dubstard/status/1466980697097314308/photo/1
|
2021-12-04 04:00:28 |
| 43 |
dubstard |
🎯@WalletConnect
⚠ /robothelps.org
☣ AS22612 162.0.235.16 🇺🇸
🌐 @Namecheap
🖧 Namecheap
@ActorExpose @bunnymaid @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @nullcookies @Spam404 @pedrouid
#scam #phishing #cybercrime https://twitter.com/dubstard/status/1466979361966415873/photo/1
|
2021-12-04 03:55:09 |
| 44 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 61
VirusTotal: https://www.virustotal.com/gui/file/9de6b7c6b1e9b9a71f36cf993e5f77353662b0836a95d3463e8ae4dbddfd2de5/detection/f-9de6b7c6b1e9b9a71f36cf993e5f77353662b0836a95d3463e8ae4dbddfd2de5-1624417518
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 01:40:03 |
| 45 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/bcdbed7d5cdec7bc0f746362310af54326b424ad165fc43a2a2aad0e6921844b/detection/f-bcdbed7d5cdec7bc0f746362310af54326b424ad165fc43a2a2aad0e6921844b-1623837318
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 01:20:02 |
| 46 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 66
VirusTotal: https://www.virustotal.com/gui/file/a65d6a1be5d9f53bef2f77af2a9a9dcf74ef53e0dcfea7bea8a28f6f959f221f/detection/f-a65d6a1be5d9f53bef2f77af2a9a9dcf74ef53e0dcfea7bea8a28f6f959f221f-1584572610
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 01:15:02 |
| 47 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 60
VirusTotal: https://www.virustotal.com/gui/file/1ccfce4d4d4563e66b380ed03c69dde305243b269fa8568615085c252a907972/detection/f-1ccfce4d4d4563e66b380ed03c69dde305243b269fa8568615085c252a907972-1623145520
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-12-04 00:35:02 |
| 48 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 0
VirusTotal: https://www.virustotal.com/gui/file/1fa9b4039854bf6639043e34df5dc8de5f1b016c9d10660e0cea55e26396912e/detection/f-1fa9b4039854bf6639043e34df5dc8de5f1b016c9d10660e0cea55e26396912e-1638533180
Threat:
|
2021-12-04 00:15:02 |
| 49 |
abel1ma |
(続き)
通信先
hxxp://inorte.com.br/awkl2/NFkGvrZkoh7TdwolFM/
hxxp://otoway.com/5/h2syajK78/
hxxp://xhamster-deutsch.biz/wp-content/cache/m1G6/
通信先は複数存在しますので、通信先URLは次のサイトの情報をご参照ください。
https://urlhaus.abuse.ch/browse/tag/emotet/
|
2021-12-03 23:38:10 |
| 50 |
abel1ma |
12月4日も引き続きEmotetへの感染を狙ったメールがばらまかれています。
添付ファイルの例
Inv ZX-6868.xlsm
https://app.any.run/tasks/75caecd0-4ff4-451f-8a3c-f63ee8fd87db
Electronic http://form.zip / Electronic form.xlsm
https://app.any.run/tasks/39ad55af-f838-40ff-aadf-2a5ae52fdae3
Form - Dec 04. 2021.xls
https://app.any.run/tasks/2f0746b1-0495-4e67-9f50-ccbc45ca7ac2
(続く)
|
2021-12-03 23:37:14 |