| 1 |
executemalware |
I saw quite a lot of #ta505 emails today. Here are the IOCs: https://pastebin.com/tHRcC0iF
|
2020-08-12 23:58:30 |
| 2 |
XOR_Hex |
Suspected #RedDelta #PlugX cdd96490f230a7694c73b47e7e4d32215deea3ba4449a51aaef4de24513106da https://app.threatconnect.com/auth/incident/incident.xhtml?incident= 3607505828#/ … Encrypted Sample: https://www.virustotal.com/search?query= 776A7E29E3D1288FBBBC11057B800DC4559E4F2B77B827757779213B0D49C22B … XOR Key: 4c 53 78 47 6e 4b 48 72 78 5a #APT #ThreatIntel pic.twitter.com/EY0CjFZOyd
|
2020-08-12 23:14:44 |
| 3 |
tra1lerspark |
this is IP adress serving joe. https://www.virustotal.com/gui/ip-address/23.185.0.1/detection …
|
2020-08-12 23:10:33 |
| 4 |
James_inthe_box |
Actual c2: us-microsoft-store.com
|
2020-08-12 23:08:23 |
| 5 |
James_inthe_box |
And an updated #SDBot #yara rule to match in memory: https://gist.github.com/193315090f3f28b0ff448d4b971bb956 …
|
2020-08-12 23:04:38 |
| 6 |
HeliosCert |
Sample submitted 2020-08-12 20:40:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:200.91.226.13 0747eba9c367edd463dc4dbace708c8e9b657c28d46e5260c7ab847f2c1e6f82 #malware #cyber #security
|
2020-08-12 22:31:43 |
| 7 |
HeliosCert |
Sample submitted 2020-08-12 20:15:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:141.136.89.13 59a94320888f10f0c4897f49ddfda96a2f2a4d026d2db0a7d84d87accc4ed5d2 #malware #cyber #security
|
2020-08-12 22:06:43 |
| 8 |
ScarletSharkSec |
Another #Emotet sample: https://app.any.run/tasks/0a4c6780-43d1-4f2d-bc61-e2c74d604fc7 … URLs: hxxps://kontaci.com/cgi-bin/yp0n_7g_nz30p2j7/ hxxp://174.102.48.180/sAGVC2F9/ZFFfm53YKIi/Cu2DcSFD/fh3hJP/PcGZoZ3ctG7Kmfwx0a/ @Cryptolaemus1
|
2020-08-12 21:56:30 |
| 9 |
HeliosCert |
Sample submitted 2020-08-12 19:55:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:152.32.88.6 f91e5529cc138523910e2931ccc57d2af00aca9f2750b471c300f7be20b22fea #malware #cyber #security
|
2020-08-12 21:46:43 |
| 10 |
HeliosCert |
Sample submitted 2020-08-12 19:45:03 Dionaea Honeypot Protocol: smbd Sources: ::ffff:117.241.169.24 6d972f223d523f1b3e4eec209aaae3d18c5a48798d50569f890c97a5c58a2c64 #malware #cyber #security
|
2020-08-12 21:36:45 |
| 11 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/525f6e9ba803c86d778df20f562ba3e825eb165246c215ae17781ae9b9078e80/detection/f-525f6e9ba803c86d778df20f562ba3e825eb165246c215ae17781ae9b9078e80-1592180201 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 21:36:45 |
| 12 |
HeliosCert |
Sample submitted 2020-08-12 19:35:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:181.65.241.105 ac9bf39b0e8b0972876303364cb0fe3b1020945ad4cb12ce368b90a7f30b1513 #malware #cyber #security
|
2020-08-12 21:26:44 |
| 13 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/9b409419222595c1365f8f2d7470ce13ea3f4e8f02c5c02ef606ef1911933022/detection/f-9b409419222595c1365f8f2d7470ce13ea3f4e8f02c5c02ef606ef1911933022-1556038102 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 21:21:45 |
| 14 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 58 VirusTotal: https://www.virustotal.com/gui/file/f5a000b11a74ecaf0d3e83dfeb17caa07edd3ce0de9a61c876575ae905bc84dd/detection/f-f5a000b11a74ecaf0d3e83dfeb17caa07edd3ce0de9a61c876575ae905bc84dd-1533725420 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 21:11:45 |
| 15 |
BenEdic23684571 |
https://www.virustotal.com/gui/file/968e8bce3f56a34790b5a80ba22345c1ab6f7810c7435126a9cf576ed1c4df77/detection …
|
2020-08-12 21:02:38 |
| 16 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/15a22a5a379fdf762455c2c2d9d997ee70698809e877c091e44454cc783fc823/detection/f-15a22a5a379fdf762455c2c2d9d997ee70698809e877c091e44454cc783fc823-1565394299 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 21:01:46 |
| 17 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/07b102a0fdc0814098556669ece175d78907bb2ca16a32a19d2d471bd4648bc3/detection/f-07b102a0fdc0814098556669ece175d78907bb2ca16a32a19d2d471bd4648bc3-1539578191 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 21:01:45 |
| 18 |
yungmay0 |
Today's #phish #bec Like holy shit. if you're going to make half an effort to phish my Org. at least make the OWA page look good.. https://app.any.run/tasks/fcf5656c-e4ad-408f-9e72-b1a6ecc7f8bd … 295588802d60578354b408ce7000d174 pic.twitter.com/ksZcd1mU3X
|
2020-08-12 20:39:46 |
| 19 |
HeliosCert |
Sample submitted 2020-08-12 18:15:03 Dionaea Honeypot Protocol: smbd Sources: ::ffff:212.36.201.197 0020c35704d37a73debf83ed692f567e363a9aa4f1a9b0e705ee3c8e46821f6a #malware #cyber #security
|
2020-08-12 20:06:47 |
| 20 |
HeliosCert |
Sample submitted 2020-08-12 18:15:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:183.82.100.169 ed4239728df8dc6d90612bcfcf41dc40e4b633f8be4d668657ae39340f920b0a #malware #cyber #security
|
2020-08-12 20:06:46 |
| 21 |
malware_traffic |
2020-08-12 - It looks like #ZLoader ( #SilentNight) is the follow-up malware DLL in this case. Assocaited DLL sample available at: https://bazaar.abuse.ch/sample/deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2/ … pic.twitter.com/mHh70D3ieM
|
2020-08-12 20:03:17 |
| 22 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/db3a03e633d6594bd87ac40e60bc032b764e8cb37ea3d7d6699c089c592fdaee/detection/f-db3a03e633d6594bd87ac40e60bc032b764e8cb37ea3d7d6699c089c592fdaee-1594346222 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 20:01:47 |
| 23 |
HeliosCert |
Sample submitted 2020-08-12 18:10:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:113.161.24.8 f5a000b11a74ecaf0d3e83dfeb17caa07edd3ce0de9a61c876575ae905bc84dd #malware #cyber #security
|
2020-08-12 20:01:47 |
| 24 |
HeliosCert |
Sample submitted 2020-08-12 18:10:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:189.90.20.1 9b409419222595c1365f8f2d7470ce13ea3f4e8f02c5c02ef606ef1911933022 #malware #cyber #security
|
2020-08-12 20:01:46 |
| 25 |
ushadrons |
https://www.virustotal.com/gui/file/75ff4eda38285ddc341e2878be91d1ae8f24e78748a63906b8d36ce3d9eeb02a/relations …
|
2020-08-12 19:44:53 |
| 26 |
HeliosCert |
Sample submitted 2020-08-12 17:50:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:103.140.105.62 caa758d028a84e856c1797b73819bed3c0fc3a7943d3882d7c2379e76b4284fe #malware #cyber #security
|
2020-08-12 19:41:48 |
| 27 |
reecdeep |
#Maldoc password encrypted XLSB downloads DLL using custom UA "klmems" from: hxxps://billboardonline.live/view.php and calls it using regsvr32 psw:787 https://app.any.run/tasks/ef5bd545-7404-440e-a86a-f00e2e89bc42 … @malware_traffic @James_inthe_box @jcarndt @executemalware #infosec #CyberSecurity #Malware pic.twitter.com/AUYFIGAE7w
|
2020-08-12 19:34:21 |
| 28 |
HeliosCert |
Sample submitted 2020-08-12 17:25:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:190.203.236.35 0aca6fbecf85a4170f661c8313112d65248c8d143dc5a362a9900dbef7aefeb9 #malware #cyber #security
|
2020-08-12 19:16:48 |
| 29 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/32c308d847c7ac84adb394f4a6676750b06990422d582cbb84f06673ad0b12ff/detection/f-32c308d847c7ac84adb394f4a6676750b06990422d582cbb84f06673ad0b12ff-1579198414 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 19:16:47 |
| 30 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/6cb50a2fd68c17a4bd74baa45aa806903eababf769d60e7b453a0c53ea1fbfc1/detection/f-6cb50a2fd68c17a4bd74baa45aa806903eababf769d60e7b453a0c53ea1fbfc1-1590908118 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 19:06:48 |
| 31 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/f1534eb25ff86747d92718c3545980f4804ccb7eebe4dc7ae30bac93f587d97d/detection/f-f1534eb25ff86747d92718c3545980f4804ccb7eebe4dc7ae30bac93f587d97d-1579017745 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:56:48 |
| 32 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/d511a9386de85a01cc5f0ad7d055af386b128e8c41d1976db74d33a87e449d4c/detection/f-d511a9386de85a01cc5f0ad7d055af386b128e8c41d1976db74d33a87e449d4c-1554690536 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:41:48 |
| 33 |
ystvns |
Just uploaded the .doc file I received into this malware & url scanner: https://www.virustotal.com/gui/home/upload and indeed. malware has been detected: https://www.virustotal.com/gui/file/769fdcbb9c76ec8717df97f8ef25652a090e9a258c87f715f28b8c87fb921e35/detection …. Yikes! Pinging maybe interested folks @naregeff @macho_ph @nyx__o @malwrhunterteam @marc_etienne_ @meta_lab @NorthSec_io
|
2020-08-12 18:38:49 |
| 34 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/638fbf7f0f3da58e9c1b06e0581a0c72704b8a808b81c481964f7e47851e8a3e/detection/f-638fbf7f0f3da58e9c1b06e0581a0c72704b8a808b81c481964f7e47851e8a3e-1595312418 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:36:49 |
| 35 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/ba48823efa78dd49ec109fda3922f242626d12cd87cc65c209782a1d934ff980/detection/f-ba48823efa78dd49ec109fda3922f242626d12cd87cc65c209782a1d934ff980-1537105126 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:36:49 |
| 36 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/e5501f34f7ed83a7b158e7cc31ed819cf7aa9f1ae44e9f4b014a5010c6596a48/detection/f-e5501f34f7ed83a7b158e7cc31ed819cf7aa9f1ae44e9f4b014a5010c6596a48-1595832675 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:31:49 |
| 37 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/6df4fc8396a0a69a7ee0d921896cb294ccd0347e8ea64f10a96df5edb176b9d5/detection/f-6df4fc8396a0a69a7ee0d921896cb294ccd0347e8ea64f10a96df5edb176b9d5-1594082945 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:31:49 |
| 38 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/91e1fc6d32fa14701b193b6525beb838987c795e17193c781d45c963b754b9d6/detection/f-91e1fc6d32fa14701b193b6525beb838987c795e17193c781d45c963b754b9d6-1590711880 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:26:49 |
| 39 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/3a8e4654eedad36861275ccb6ffa6ff6d4857cbb4bd77d58afb6086827a7f4da/detection/f-3a8e4654eedad36861275ccb6ffa6ff6d4857cbb4bd77d58afb6086827a7f4da-1540654130 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:21:48 |
| 40 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/1e7236c6e4d64cb49801d6fe16780254dd9a7e7d5e6cc784ad194072213e93d9/detection/f-1e7236c6e4d64cb49801d6fe16780254dd9a7e7d5e6cc784ad194072213e93d9-1589261601 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:16:49 |
| 41 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/5088b63e7e8a91c6ad01cb9ab1eb50585a06fd48300b8efd3e95959ac45d8897/detection/f-5088b63e7e8a91c6ad01cb9ab1eb50585a06fd48300b8efd3e95959ac45d8897-1592025676 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 18:06:50 |
| 42 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/89e2fe64862594dd1f3f3f7f5ce4a4e3f20189ad74bfa4a04e94c0e46973a7b0/detection/f-89e2fe64862594dd1f3f3f7f5ce4a4e3f20189ad74bfa4a04e94c0e46973a7b0-1539925507 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 17:41:51 |
| 43 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 60 VirusTotal: https://www.virustotal.com/gui/file/1a01c38ba83e10a006f41d975f7cd29b78f43b4a3a5229afa3f1ef092427ead2/detection/f-1a01c38ba83e10a006f41d975f7cd29b78f43b4a3a5229afa3f1ef092427ead2-1596323226 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 17:36:50 |
| 44 |
ps66uk |
fake quotation #agenttesla eec7acdb5a5870ec577da4b8a3505694 smtp exfil hr @lettu. us https://app.any.run/tasks/8b9e0883-bf33-4dab-96a2-434ec0c4e75b … pic.twitter.com/bqEfXVweZy
|
2020-08-12 17:34:19 |
| 45 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/fb42daad7e1db8622562b1eee91550690f87ccc01e386281de5918fcb3674132/detection/f-fb42daad7e1db8622562b1eee91550690f87ccc01e386281de5918fcb3674132-1568828041 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 17:16:52 |
| 46 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/3b622ad73a4d3996bec3f59411a2e1fbf55cfe8ac017c7f39c3229b4dc9cd75e/detection/f-3b622ad73a4d3996bec3f59411a2e1fbf55cfe8ac017c7f39c3229b4dc9cd75e-1591230094 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 17:16:51 |
| 47 |
HeliosCert |
Sample submitted 2020-08-12 15:25:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:110.39.188.99 d833fe282b1e263047428433c6f33f41feaa9ef7a58ed184298749f7ede4691d #malware #cyber #security
|
2020-08-12 17:16:51 |
| 48 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 62 VirusTotal: https://www.virustotal.com/gui/file/4940b9fa0c02eb417bdcddf5431e7c6e16a17b678d464ca58b44c5162a1dbd08/detection/f-4940b9fa0c02eb417bdcddf5431e7c6e16a17b678d464ca58b44c5162a1dbd08-1568522258 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-08-12 17:11:51 |
| 49 |
0x4143 |
Another #Phobos #ransomware variant using EJECT file extension: http://file.doc.id XXXXXXXX-XXXX .datawarehouse@inbox.ru .eject Contact emails: datawarehouse@inbox.ru dataware.house@mail.ru 22/71 on VT. https://www.virustotal.com/gui/file/3564bec0d23a718751c89d7ea5f8f120cd744aa80cc568fc52b24f885f5f19dc/detection … pic.twitter.com/jo8U48Ko0Q
|
2020-08-12 17:09:58 |
| 50 |
ps66uk |
fake quotation #formbook ://bit.ly/31IbldX s://u.teknik.io/1TEks.txt https://app.any.run/tasks/60d821e5-4221-4f92-9871-2f34d4493704/ … pic.twitter.com/7fTfiWX9db
|
2020-08-12 17:05:14 |