Shanholo(@ShanHolo) 's Twitter Profileg
Shanholo

@ShanHolo

Another blue team member…..#DFIR #Malware #C2C #ShooterGames #Crossfit #Snowboarding #Motorbikes #FoodPorn and following the white rabbit...

ID:1191676939053993985

calendar_today05-11-2019 11:21:51

1,6K Tweets

381 Followers

456 Following

Follow People
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

4 days ago

🚨Security Response Last month domain registered🚨

🔥atdhomesecured[.com
🔥azureservices[.space
🔥azurestacksupport[.com
🔥ms-azure-updates[.com
🔥myaccount-azure[.us
🔥ssi-azure-billing-automation[.com

account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

4 days ago

🚨 registered:🚨

🔥ransomware-support-192642[.info
🔥ransomware-support-jp-5283908[.world
🔥ransomware-support-jp-ja-2228756[.xyz
🔥ransomware-support-jp-ja-5781740[.fyi

account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

5 days ago

🚨 🚨

https://85.203.4[.146/

🔥svchosts.exe➡️MD5:b002c2c760ab312565f5fde96b536f16

➡️MAL_XWorm_RAT_Dec22_RID2DA6
➡️85.203.4.146:7000

🚨#opendir #Xworm #Rat #Trojan🚨 https://85.203.4[.146/ 🔥svchosts.exe➡️MD5:b002c2c760ab312565f5fde96b536f16 #Yara ➡️MAL_XWorm_RAT_Dec22_RID2DA6 #c2➡️85.203.4.146:7000
account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

5 days ago

A new dimension in Reverse engineering. tool release by Mandiant

Opinions? Thoughts?

cloud.google.com/blog/topics/th…

account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

6 days ago

🚨 🚨 everywhere 🤦‍♂️

http://198.12.81[.139/2020/

🔥CLC.exe ➡️ MD5:977177ff7930860f4f208ebe1fc68675
41/71 VT

🚨#Opendir #AgentTesla 🚨 everywhere 🤦‍♂️ http://198.12.81[.139/2020/ 🔥CLC.exe ➡️ MD5:977177ff7930860f4f208ebe1fc68675 41/71 VT
account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago

Working in on the following guide is a must😉⬇️

AmCache
Browser Forensics
Link Files
Prefetch
ShellBacks
Shimcache
UserAssit

🛜shorturl.at/hwyP1🛜

Working in #Incident #Response on #Windows the following #Microsoft guide is a must😉⬇️ AmCache Browser Forensics Link Files Prefetch ShellBacks Shimcache UserAssit 🛜shorturl.at/hwyP1🛜
account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago

🚨 🚨

http://77.221[.151.32/server/ww16/AppGate2103v01_16.exe
http://193.233[.132.175/server/ww16/AppGate2103v01_16.exe

🔥MD5:cb4118382e3f97f0db04938a4e31e3e1

account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago



https://dowlosutr[.click/


🔥Authenticator_release_x86_64_2.exe MD5:26674a4865f364f2e3b7155da5fb4817
5/71 VT

🔥Notion.dmg
MD5:50ea75b971ec961867377b45b29bf356
2/61VT

#Opendir #typosquatting https://dowlosutr[.click/ #MarioLoader 🔥Authenticator_release_x86_64_2.exe MD5:26674a4865f364f2e3b7155da5fb4817 5/71 VT #Malware #Downloader 🔥Notion.dmg MD5:50ea75b971ec961867377b45b29bf356 2/61VT
account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago

writers develop 64bits on two main areas in

1⃣Browser Helper Objects (BHOs) (Internet Explorer)
2⃣Sys Drivers

Do you agree? 🤔😉

account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago



API function call CreateMutexA always gives you a chance to get IOCs

In this case ➡️ '_MICROSOFT_LOADER_MUTEX_'

#Reversing #tip API function call CreateMutexA always gives you a chance to get IOCs In this case ➡️ '_MICROSOFT_LOADER_MUTEX_'
account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago

🚨

http://103.198.26[.173/360/HJC.exe


HJC.exe➡️MD5:2cc30d206669699e58870623365fef82

Dropped file ⬇️

🔥

🛜ANY.RUN Sandbox analysis: app.any.run/tasks/d9438bb9…

account_circle
Shanholo(@ShanHolo) 's Twitter Profile Photo
Shanholo
@ShanHolo

1 week ago

is one of my favorite arsenal forensic tools for memory research. The tool has a lot of cool features. Take a look!! 😉

account_circle