Dee (@viriback) 's Twitter Profile
Dee

@viriback

#Malware C2 hunter #infosec passionate. Tweets are my own.

ID: 3101795085

linkhttps://viriback.com calendar_today21-03-2015 13:41:00

1,1K Tweet

9,9K Followers

1,1K Following

Dee (@viriback) 's Twitter Profile Photo
Dee
@viriback

3 months ago

What in the AdapatixC2 this is ? ;)

What in the AdapatixC2 this is ? ;)
Coral Jasmine (@fact_finder03) 's Twitter Profile Photo
Coral Jasmine
@fact_finder03

3 months ago

#365Stealer #Panel http[://51.210.1.239[:8443/365-Stealer/yourVictims/login[.php Mikhail Kasimov Dee

#365Stealer #Panel http[://51.210.1.239[:8443/365-Stealer/yourVictims/login[.php <a href="/500mk500/">Mikhail Kasimov</a> <a href="/ViriBack/">Dee</a>
Germán Fernández (@1zrr4h) 's Twitter Profile Photo
Germán Fernández
@1zrr4h

2 months ago

🚩 Website impersonating AnyDesk on anydeske[.]icu, downloads a .NET loader which then launches a stealer, both unknown to me 🤔 Nexts stages: - https://pastebin[.]com/raw/YwvHhwUk - https://pastebin[.]com/raw/WrgrtxSu - http://45.145.7[.]134/hook/upgrade.php -

🚩 Website impersonating AnyDesk on anydeske[.]icu, downloads a .NET loader which then launches a stealer, both unknown to me 🤔 Nexts stages: - https://pastebin[.]com/raw/YwvHhwUk - https://pastebin[.]com/raw/WrgrtxSu - http://45.145.7[.]134/hook/upgrade.php -
Germán Fernández (@1zrr4h) 's Twitter Profile Photo
Germán Fernández
@1zrr4h

2 months ago

+ Panel: http://45.145.7[.]134/login.php Dee

+ Panel: http://45.145.7[.]134/login.php <a href="/ViriBack/">Dee</a>
Coral Jasmine (@fact_finder03) 's Twitter Profile Photo
Coral Jasmine
@fact_finder03

2 months ago

C2 panel of Mave Stealer https[://web.]maveproj3ct[.lol/ #MAVESTEALER #PANEL #CTI #STEALER Who said what? Mikhail Kasimov Dee

C2 panel of Mave Stealer https[://web.]maveproj3ct[.lol/ #MAVESTEALER #PANEL #CTI #STEALER <a href="/g0njxa/">Who said what?</a> <a href="/500mk500/">Mikhail Kasimov</a> <a href="/ViriBack/">Dee</a>
NexusFuzzy 💩 (@nexusfuzzy) 's Twitter Profile Photo
NexusFuzzy 💩
@nexusfuzzy

2 months ago

I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command & Control servers with the help of left behind .DS_Store files. Blog, tool and Lumma files can be found here nexusfuzzy.medium.com/lumma-stealer-…

I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command &amp; Control servers with the help of left behind .DS_Store files. Blog, tool and Lumma files can be found here nexusfuzzy.medium.com/lumma-stealer-…
Censys (@censysio) 's Twitter Profile Photo
Censys
@censysio

2 months ago

🔍We looked at the C2 server associated with the #Flodrix #botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts! 👀 hubs.ly/Q03sTqVc0 #CVE20253248 #Malware #InfoSec #Cybersecurity #CyberAttack #exploit

🔍We looked at the C2 server associated with the #Flodrix #botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts! 👀 hubs.ly/Q03sTqVc0 #CVE20253248 #Malware #InfoSec #Cybersecurity #CyberAttack #exploit
Coral Jasmine (@fact_finder03) 's Twitter Profile Photo
Coral Jasmine
@fact_finder03

2 months ago

new BOFAMET Panel 217[.144.189.8[:8000 Mikhail Kasimov Dee #CTI

new BOFAMET Panel 217[.144.189.8[:8000 <a href="/500mk500/">Mikhail Kasimov</a> <a href="/ViriBack/">Dee</a> #CTI
Xanderux (@xanderuxsf5) 's Twitter Profile Photo
Xanderux
@xanderuxsf5

2 months ago

AIRAVAT RAT web panel url : https://rat.riyajchowdhury[.]xyz/ Not detected on VirusTotal more AIRAVAT RAT web panels detected by #C2Watcher on github.com/Xanderux/C2wat…

AIRAVAT RAT web panel url : https://rat.riyajchowdhury[.]xyz/ Not detected on <a href="/virustotal/">VirusTotal</a> more AIRAVAT RAT web panels detected by #C2Watcher on github.com/Xanderux/C2wat…
Coral Jasmine (@fact_finder03) 's Twitter Profile Photo
Coral Jasmine
@fact_finder03

a month ago

66[.78.40.36 #StealeCRM Mikhail Kasimov Dee #CTI #Stealer

66[.78.40.36 #StealeCRM <a href="/500mk500/">Mikhail Kasimov</a> <a href="/ViriBack/">Dee</a> #CTI #Stealer
Dee (@viriback) 's Twitter Profile Photo
Dee
@viriback

a month ago

#Matanbuchus 3.0 C2 Panel ? #malware 5.252.155[.81/auth/login/ 193.105.134[.245/auth/login/ 179.60.149[.213/auth/login/ 185.39.19[.164/auth/login/

#Matanbuchus 3.0 C2 Panel ? #malware 5.252.155[.81/auth/login/ 193.105.134[.245/auth/login/ 179.60.149[.213/auth/login/ 185.39.19[.164/auth/login/
Coral Jasmine (@fact_finder03) 's Twitter Profile Photo
Coral Jasmine
@fact_finder03

a month ago

Cyber Stealer Panel - synproxy[.live Mikhail Kasimov Dee #CTI #Panel #stealer

Cyber Stealer Panel - synproxy[.live <a href="/500mk500/">Mikhail Kasimov</a> <a href="/ViriBack/">Dee</a> #CTI #Panel #stealer
Merl (@merlax_) 's Twitter Profile Photo
Merl
@merlax_

a month ago

#Opendir 🇧🇷 Relacionado a investigación de Padawan Expone: - Credenciales - user+pass(cifrada) - Sites - Headers / Tokens de sesión + 12000 jsons + 1800 txt Dee Panels: hxxps://servidor2025.com/control/admin2/ hxxps://servidor2025.com/gpt.php

#Opendir 🇧🇷 Relacionado a investigación de <a href="/johnk3r/">Padawan</a> Expone: - Credenciales - user+pass(cifrada) - Sites - Headers / Tokens de sesión + 12000 jsons + 1800 txt <a href="/ViriBack/">Dee</a> Panels: hxxps://servidor2025.com/control/admin2/ hxxps://servidor2025.com/gpt.php
Coral Jasmine (@fact_finder03) 's Twitter Profile Photo
Coral Jasmine
@fact_finder03

25 days ago

Odyssey Stealer C2 Panel http[://185.93.89[.63/login http[://sdojifsfiudgigfiv[.to/login #Threathunting #Odyssey #Stealer #ThreatIntel #Panel MalwareHunterTeam Dee Who said what? RussianPanda 🐼 🇺🇦 Mikhail Kasimov

Odyssey Stealer C2 Panel http[://185.93.89[.63/login http[://sdojifsfiudgigfiv[.to/login #Threathunting #Odyssey #Stealer #ThreatIntel #Panel <a href="/malwrhunterteam/">MalwareHunterTeam</a> <a href="/ViriBack/">Dee</a> <a href="/g0njxa/">Who said what?</a> <a href="/RussianPanda9xx/">RussianPanda 🐼 🇺🇦</a> <a href="/500mk500/">Mikhail Kasimov</a>
abuse.ch (@abuse_ch) 's Twitter Profile Photo
abuse.ch
@abuse_ch

22 days ago

SalatStealer (aka WEB_RAT) is on the rise 📈, heavily dropped by Amadey 📥 Malware sample: 📄bazaar.abuse.ch/sample/8b94f5f… Admin Panel: 📡https://salat .cn/login/ (Cloudflare 🇺🇸) Gihub repository ➡️"importantfiles": 🗜️github.com/webr-at/import…

SalatStealer (aka WEB_RAT) is on the rise 📈, heavily dropped by Amadey 📥 Malware sample: 📄bazaar.abuse.ch/sample/8b94f5f… Admin Panel: 📡https://salat .cn/login/ (Cloudflare 🇺🇸) Gihub repository ➡️"importantfiles": 🗜️github.com/webr-at/import…
Dee (@viriback) 's Twitter Profile Photo
Dee
@viriback

21 days ago

#malware #TinyLoader C2 Panel 176.46.152[.]46/zyxic/login.php See: app.any.run/tasks/e2dbfe51… cc: ET Labs

#malware #TinyLoader C2 Panel 176.46.152[.]46/zyxic/login.php See: app.any.run/tasks/e2dbfe51… cc: <a href="/ET_Labs/">ET Labs</a>
ET Labs (@et_labs) 's Twitter Profile Photo
ET Labs
@et_labs

19 days ago

ANY.RUN Dee 3 SIDs into #ETOpen, thanks Dee ! 2063946 - ET MALWARE Win32/TinyLoader CnC Activity (POST) 2063947 - ET MALWARE TinyLoader CnC Response M1 2063948 - ET MALWARE TinyLoader CnC Response M2