JAMESWT
@JAMESWT_MHT
#Independent #Malware #Hunter
#CyberSecurity #InfoSec
https://t.co/KCFBJcHHcW
ID:3433210978
20-08-2015 19:05:01
49,7K تغريدات
35,3K متابعون
419 التالية
⚠️ In data odierna Cert AgID ha rilevato un sofisticato tentativo di frode che coinvolge una pagina falsa dell’ #AgenziaEntrate , ospitata su un dominio italiano precedentemente compromesso, finalizzato a infettare le vittime con un malware di tipo #keylogger .
🇮🇹 Diffusione di malware #Keylogger tramite falsa pagina di #AgenziaEntrate – #PuntoFisco
🔬 Malware VB6, dominio italiano come dropurl e C2 su Altervista lasciano presagire che gli autori della campagna siano probabilmente di nazionalità italiana 👇
🔗 cert-agid.gov.it/news/malware/d…
#phishing targeting Italians 🇮🇹
Cosmotown pls revoke the domain
/aruba-spa.id65200315104.com
geoblock restriction from Italy 🇮🇹
Aruba S.p.A.
ICANN MalwareHunterTeam JAMESWT Mich Anonymous🐾🐈⬛🍵☕ andsyn1 mRr3b00t BeeHive Malcore Douglas Mun
#Latrodectus - .pdf > url > .js > .msi > .dll
wscript.exe Document.js
msiexec.exe /V
MSIBE26.tmp rundll32.exe C:\Users\Admin\AppData\Local\glosar\beta.dll, homq
rundll32.exe C:\Users\Admin\AppData\Roaming\Custom_update\Update.dll, homq
(1/3) 👇
IOC's
github.com/pr0xylife/Latr…
#netsupport #config and #LIC
TomU | I'm still here... til the end 🕊️🇨🇭
rewilivak13.]com:443
greekpool.]com:443
38.180.62[.49
Samples zipped
bazaar.abuse.ch/sample/34724a9…
#Ransomware #SCATTEREDSPIDER TTPs
1/2🧵
🔥ADExplorer1➡️ view and export Active Directory (AD) data
🔥smbpasswd.py2 ➡️Impacket script to change passwords remotely over Server Message Block (SMB)
🔥Ngrok3 ➡️reverse proxy tool used to create a TCP tunnel to a remote RDP port
Top 10 last week's threats by uploads 🌐
⬆️ #Phishing 1285 (1192)
⬆️ #Agenttesla 226 (208)
⬆️ #Remcos 164 (127)
⬆️ #Asyncrat 116 (80)
⬆️ #Snake 83 (24)
⬆️ #Hijackloader 72 (51)
⬇️ #Xworm 61 (93)
⬆️ #Njrat 50 (49)
⬆️ #Redline 50 (39)
⬇️ #Dbatloader 45 (53)
Track them all at 🔽…
#APT44 #SHARPIVORY and #ARGUEPATCH samples are uploaded abuse.ch
bazaar.abuse.ch/sample/9ca85bb…
bazaar.abuse.ch/sample/1cdca97…
Mandiant Report: services.google.com/fh/files/misc/…
UA-CERT Rep: cert.gov.ua/article/6278706
Yara hit: M_Hunting_Dropper_SHARPIVORY_Strings_1 and M_APT_Launcher_ARGUEPATCH_3
MalwareHunterTeam Who said what Igal Lytzki🇮🇱 JAMESWT ➕ 'Book_PDF_5435435435.zip': 801c4e8cac66458a94a57e023576bf8c2b92ecf2da6180497700a621830b8ffc
Next stages:
1.- https://amazoniasaude[.]com[.]br/tet/become.txt
2.- https://amazoniasaude[.]com[.]br/tet/amazonia.ttt
Same C2 as above and also mentioned here twitter.com/g0njxa/status/……