_eremit4(@_eremit4) 's Twitter Profileg
_eremit4

@_eremit4

It's just another threat hunter.

ID:1491412754485465088

linkhttps://github.com/eremit4 calendar_today09-02-2022 14:04:57

42 Tweets

34 Followers

111 Following

Germán Fernández(@1ZRR4H) 's Twitter Profile Photo
Germán Fernández
@1ZRR4H

1 month ago

dirigido a empresas de México 🇲🇽
.ZIP > .HTML > .RAR > .CMD > .PS1

Los correos phishing son enviados desde dominios temporary[.]link y traen adjunto un archivo .HTML (comprimido en un .ZIP) que inicia la descarga maliciosa.

Los archivos .HTML incluyen el nombre de la…

#Horabot dirigido a empresas de México 🇲🇽 .ZIP > .HTML > .RAR > .CMD > .PS1 Los correos phishing son enviados desde dominios temporary[.]link y traen adjunto un archivo .HTML (comprimido en un .ZIP) que inicia la descarga maliciosa. Los archivos .HTML incluyen el nombre de la…
account_circle
Dark Web Intelligence(@DailyDarkWeb) 's Twitter Profile Photo
Dark Web Intelligence
@DailyDarkWeb

2 months ago

Lockbit 4.0 is Loading ... 🔐Lockbit released a lengthy response for the FBI and others

'The only thing that motivates me to work is strong competitors and the FBI' 🤡

You can read the full post here: samples.vx-underground.org/tmp/Lockbit_St… (via: vx-underground )

Lockbit 4.0 is Loading ... 🔐Lockbit released a lengthy response for the FBI and others 'The only thing that motivates me to work is strong competitors and the FBI' 🤡 You can read the full post here: samples.vx-underground.org/tmp/Lockbit_St… (via: @vxunderground ) #DarkWeb #LockBit
account_circle
Padawan(@johnk3r) 's Twitter Profile Photo
Padawan
@johnk3r

2 months ago

This threat documented by has occurred since July/2023.

Initial Access: Spearphishing Link
Delivery URL: ja2r7[.]app[.]goo[.]gl/
First IOC: 974c83e028c5adc3c79b8f99f24cfb5e2013f108fd7259bd6a2385c35f9d8a70



securelist.com/coyote-multi-s…

account_circle
Cyber Detective💙💛(@cyb_detective) 's Twitter Profile Photo
Cyber Detective💙💛
@cyb_detective

3 months ago

FAVIHUNTER

Generate search queries by URL for searching favicons in:

FOFA
ZoomEye
Shodan
Criminal IP
Censys
ODIN

github.com/eremit4/favihu…

Creators Padawan _eremit4

FAVIHUNTER Generate search queries by URL for searching favicons in: FOFA ZoomEye Shodan Criminal IP Censys ODIN github.com/eremit4/favihu… Creators @johnk3r @_eremit4
account_circle
Michael Koczwara(@MichalKoczwara) 's Twitter Profile Photo
Michael Koczwara
@MichalKoczwara

5 months ago

APT Kimsuky/Black Banshee infra setup 💁🏻‍♂️

/cloudown.store
/27.255.81.120
/27.255.81.82
/27.255.81.108
/27.255.75.154

Fake 404 Not Found page

APT Kimsuky/Black Banshee infra setup 💁🏻‍♂️ /cloudown.store /27.255.81.120 /27.255.81.82 /27.255.81.108 /27.255.75.154 Fake 404 Not Found page
account_circle
vx-underground(@vxunderground) 's Twitter Profile Photo
vx-underground
@vxunderground

10 months ago

Exposed, the forum designed to be the replacement to Breached, is for sale.

Meanwhile, Breached forum has returned. The previous owner who worked in conjunction with Pompompurin, Baphomet, is now working alongside the infamous ShinyHunters group.

Intel via Andrea (Drego) Draghetti 👨🏻‍💻 🎣

Exposed, the forum designed to be the replacement to Breached, is for sale. Meanwhile, Breached forum has returned. The previous owner who worked in conjunction with Pompompurin, Baphomet, is now working alongside the infamous ShinyHunters group. Intel via @AndreaDraghetti
account_circle
SentinelOne(@SentinelOne) 's Twitter Profile Photo
SentinelOne
@SentinelOne

11 months ago

🍎 New from the front lines! The development of a Go implementation of Cobalt Strike called ‘Geacon’ appears to be bringing Cobalt Strike capabilities to macOS threat actors. By Phil Stokes ⫍🐠⫎

Read our latest blog post: sentinelone.com/blog/geacon-br…

account_circle
Unit 42(@Unit42_Intel) 's Twitter Profile Photo
Unit 42
@Unit42_Intel

11 months ago

2023-05-10 (Wednesday): obama262 ( ) infection led to activity on 46.151.30[.]109:443 with . Also saw from this infection using HTTPS traffic to floatfil[.]com. IOCs available at bit.ly/3nWvIDo

2023-05-10 (Wednesday): obama262 #Qakbot (#Qbot) infection led to #BackConnect activity on 46.151.30[.]109:443 with #DarkCatVNC. Also saw #CobaltStrike from this infection using HTTPS traffic to floatfil[.]com. IOCs available at bit.ly/3nWvIDo
account_circle
Michael Koczwara(@MichalKoczwara) 's Twitter Profile Photo
Michael Koczwara
@MichalKoczwara

11 months ago

QackBot infra 🎯

Hunting rule 👇

http.html_hash:501510358 ssl.jarm:'21d14d00021d21d21c42d43d0000007abc6200da92c2a1b69c0a56366cbe21'

shodan.io/search?query=h…

Happy Hunting! 🎯

QackBot infra 🎯 Hunting rule 👇 http.html_hash:501510358 ssl.jarm:'21d14d00021d21d21c42d43d0000007abc6200da92c2a1b69c0a56366cbe21' shodan.io/search?query=h… Happy Hunting! 🎯
account_circle
_eremit4(@_eremit4) 's Twitter Profile Photo
_eremit4
@_eremit4

1 year ago

🤣

account_circle
vx-underground(@vxunderground) 's Twitter Profile Photo
vx-underground
@vxunderground

1 year ago

The Battle of BreachedForums, 2023, colorized

The Battle of BreachedForums, 2023, colorized
account_circle
Will(@BushidoToken) 's Twitter Profile Photo
Will
@BushidoToken

1 year ago

🔎 Check these sites for signs of data exfiltration by LockBit Ransomware affiliates (and others!):

File-sharing sites 🔥
premiumize[.]com
anonfiles[.]com
sendspace[.]com
fex[.]net
transfer[.]sh
send.exploit[.]in

account_circle
Out Of Context Football(@nocontextfooty) 's Twitter Profile Photo
Out Of Context Football
@nocontextfooty

1 year ago

account_circle