hazmalware (@hazmalware) 's Twitter Profile
hazmalware

@hazmalware

threat research and malware analysis

ID: 4302640359

linkhttp://hazmalware.wordpress.com calendar_today28-11-2015 02:54:11

2,2K Tweet

6,6K Followers

150 Following

lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

6 years ago

The Momentum #botnet uses 36 different methods to launch #DDoS. Nice summary GBHackers on Security ! @dvk01uk James @JAMESWT_M malware_traffic Racco42 @makflwana \_(ʘ_ʘ)_/ Antelox Bad Packets by Okta hazmalware Artsiom Holub

The Momentum #botnet uses 36 different methods to launch #DDoS. Nice summary <a href="/gbhackers_news/">GBHackers on Security</a> ! @dvk01uk <a href="/James_inthe_box/">James</a> @JAMESWT_M <a href="/malware_traffic/">malware_traffic</a> <a href="/Racco42/">Racco42</a> @makflwana <a href="/pollo290987/">\_(ʘ_ʘ)_/</a> <a href="/Antelox/">Antelox</a> <a href="/bad_packets/">Bad Packets by Okta</a> <a href="/HazMalware/">hazmalware</a> <a href="/Mesiagh/">Artsiom Holub</a>
Vitali Kremez (@vk_intel) 's Twitter Profile Photo
Vitali Kremez
@vk_intel

5 years ago

2021-04-06: 🕶️🆕Introducing #Hancitor Loader aka "#MASSLOADER" Internal Project Name⚙️ 📧Spam: DocuSign Theme➡️Google Doc 🤔Filling in King #Emotet Loader King Void in 2021 Fueling High-Value Target Ransomware? ↘️Still largely same (➕ new "&EXT=" URI) vkremez.com/2018/11/lets-l…

2021-04-06: 🕶️🆕Introducing #Hancitor Loader aka "#MASSLOADER" Internal Project Name⚙️ 📧Spam: DocuSign Theme➡️Google Doc 🤔Filling in King #Emotet Loader King Void in 2021 Fueling High-Value Target Ransomware? ↘️Still largely same (➕ new "&amp;EXT=" URI) vkremez.com/2018/11/lets-l…
lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

4 years ago

for tracking.. #ursnif #isfb version:2.50 build:196 group:8877 [May 5 2021][30218409ILPAJDUR][/greed/] MB:50a299d1e92d9205e123404c8e05904d Felix Vitali Kremez hazmalware Artsiom Holub abuse.ch malware_traffic ioc 👇

for tracking.. #ursnif #isfb version:2.50 build:196 group:8877 [May 5 2021][30218409ILPAJDUR][/greed/] MB:50a299d1e92d9205e123404c8e05904d <a href="/felixw3000/">Felix</a> <a href="/VK_Intel/">Vitali Kremez</a> <a href="/HazMalware/">hazmalware</a> <a href="/Mesiagh/">Artsiom Holub</a> <a href="/abuse_ch/">abuse.ch</a> <a href="/malware_traffic/">malware_traffic</a> ioc 👇
Vitali Kremez (@vk_intel) 's Twitter Profile Photo
Vitali Kremez
@vk_intel

4 years ago

🔥#Clop Ransomware (CryptoMix) Linked Operation Takedown: From unknown ransomware, only MalwareHunterTeam and I tracked early in 2019 as a signed malware - turned to be multimillion operation with ... Tesla car & lavish lifestyle github.com/k-vitali/crypt… youtube.com/watch?v=PqGaZg…

Drunk Binary (@drunkbinary) 's Twitter Profile Photo
Drunk Binary
@drunkbinary

4 years ago

Correction on sample: This is not an APT28 sample. Apologies This was written by a dev at Meresburg University. There is also several ransomware samples written by them on VT as well. APT28/FANCY BEAR Zekapab CSharp Implant bc388933d56e7a7d3e2b6c97c5819539 virustotal.com/gui/file/c25e5…

James (@james_inthe_box) 's Twitter Profile Photo
James
@james_inthe_box

4 years ago

An #unkown #keylogger and #stealer in vb6: app.any.run/tasks/f403243a…

An #unkown #keylogger and #stealer in vb6: app.any.run/tasks/f403243a…
lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

4 years ago

tracking.. #ursnif #isfb version:2.50 build:207 group:8877 [30218409ILPAJDUR][Jul 5 2021][/images/] MB:0d68d238d713f63ff02be916ae633466 MalwareHunterTeam James JAMESWT_MHT malware_traffic Racco42 @makflwana \_(ʘ_ʘ)_/ Bad Packets by Okta hazmalware Artsiom Holub ioc 👇

tracking.. #ursnif #isfb version:2.50 build:207 group:8877 [30218409ILPAJDUR][Jul 5 2021][/images/] MB:0d68d238d713f63ff02be916ae633466 <a href="/malwrhunterteam/">MalwareHunterTeam</a> <a href="/James_inthe_box/">James</a> <a href="/JAMESWT_MHT/">JAMESWT_MHT</a> <a href="/malware_traffic/">malware_traffic</a> <a href="/Racco42/">Racco42</a> @makflwana <a href="/pollo290987/">\_(ʘ_ʘ)_/</a> <a href="/bad_packets/">Bad Packets by Okta</a> <a href="/HazMalware/">hazmalware</a> <a href="/Mesiagh/">Artsiom Holub</a> ioc 👇
hasherezade (@hasherezade) 's Twitter Profile Photo
hasherezade
@hasherezade

4 years ago

New releases: #PESieve/#HollowsHunter 0.3.0: github.com/hasherezade/pe… & github.com/hasherezade/ho… - among the new features: i.e. the support for the scan on inaccessible pages

abuse.ch (@abuse_ch) 's Twitter Profile Photo
abuse.ch
@abuse_ch

4 years ago

QakBot + FeodoTracker = 💥 Feodo Tracker is now tracking #QakBot botnet C2s 🥳 👉 feodotracker.abuse.ch/browse/qakbot/ If you are already using Feodo Tracker's blocklist you automatically receive protection against QakBot botnet C2 traffic 🐸🔥 👉 feodotracker.abuse.ch/downloads/ipbl…

QakBot + FeodoTracker = 💥 Feodo Tracker is now tracking #QakBot botnet C2s 🥳 👉 feodotracker.abuse.ch/browse/qakbot/ If you are already using Feodo Tracker's blocklist you automatically receive protection against QakBot botnet C2 traffic 🐸🔥 👉 feodotracker.abuse.ch/downloads/ipbl…
KevTheHermit (@kevthehermit) 's Twitter Profile Photo
KevTheHermit
@kevthehermit

4 years ago

Lots going in with logj4 but don't forget to look at the new patch Tuesday from Microsoft Threat Intelligence Includes CVE-2021-43890 Windows AppX being exploited in the wild.

Lots going in with logj4 but don't forget to look at the new patch Tuesday from <a href="/MsftSecIntel/">Microsoft Threat Intelligence</a> Includes CVE-2021-43890 Windows AppX being exploited in the wild.
lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

4 years ago

tracking.. #ursnif #isfb version:2.60 build:222 group:8899 [56473871MNTYAIDA][Dec 6 2021] ac57d694b86d8532b38d3d62f6de3afc Felix Vitali Kremez hazmalware Artsiom Holub abuse.ch malware_traffic

tracking.. #ursnif #isfb version:2.60 build:222 group:8899 [56473871MNTYAIDA][Dec 6 2021] ac57d694b86d8532b38d3d62f6de3afc <a href="/felixw3000/">Felix</a> <a href="/VK_Intel/">Vitali Kremez</a> <a href="/HazMalware/">hazmalware</a> <a href="/Mesiagh/">Artsiom Holub</a> <a href="/abuse_ch/">abuse.ch</a> <a href="/malware_traffic/">malware_traffic</a>
Paul Melson (@pmelson) 's Twitter Profile Photo
Paul Melson
@pmelson

4 years ago

I don’t have a SoundCloud, but if you want to click on something, it would be pretty great if you decided to help out some fellow Americans in dire need right now: secure.kentucky.gov/formservices/F…

lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

4 years ago

tracking.. #ursnif #isfb version:2.60 build:224 group:20000 [gs0W1Y167ccgpQOG][Dec 26 2021][/drew/] #⃣b6f0fc5638a110abac1a54805f77e786 Felix Vitali Kremez hazmalware Artsiom Holub abuse.ch malware_traffic

tracking.. #ursnif #isfb version:2.60 build:224 group:20000 [gs0W1Y167ccgpQOG][Dec 26 2021][/drew/] #⃣b6f0fc5638a110abac1a54805f77e786 <a href="/felixw3000/">Felix</a> <a href="/VK_Intel/">Vitali Kremez</a> <a href="/HazMalware/">hazmalware</a> <a href="/Mesiagh/">Artsiom Holub</a> <a href="/abuse_ch/">abuse.ch</a> <a href="/malware_traffic/">malware_traffic</a>
lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

4 years ago

tracking.. #ursnif #isfb version:2.50 build:225 group:7579 [IL2ue0q04g35Es2C][/drew/][Feb 1 2022] #⃣1fb95166dda235cb6e5279db1b72722a Felix Vitali Kremez hazmalware Artsiom Holub abuse.ch malware_traffic

lc4m (@luc4m) 's Twitter Profile Photo
lc4m
@luc4m

3 years ago

nice catch! tracking #ursnif #isfb version:2.50 build:239 group:3000 [Jun 22 2022][WJWoBDOsnmP2wric][/drew/] 5382ef90ef9a33baca2ed2119059154f ioc down here 👇🧐 Felix avman hazmalware Artsiom Holub abuse.ch malware_traffic

nice catch! tracking #ursnif #isfb version:2.50 build:239 group:3000 [Jun 22 2022][WJWoBDOsnmP2wric][/drew/] 5382ef90ef9a33baca2ed2119059154f ioc down here 👇🧐 <a href="/felixw3000/">Felix</a> <a href="/avman1995/">avman</a> <a href="/HazMalware/">hazmalware</a> <a href="/Mesiagh/">Artsiom Holub</a> <a href="/abuse_ch/">abuse.ch</a> <a href="/malware_traffic/">malware_traffic</a>
JAMESWT (@jameswt_wt) 's Twitter Profile Photo
JAMESWT
@jameswt_wt

3 years ago

Mentioned Samples + ⚠️extra 👇 bazaar.abuse.ch/browse/tag/116… #opendir 💠116.203.19.]97/1/ + ⚠️https://raw.githubusercontent.]com/alibaba2044/hauL2/main/wininfo64.zip 🆘https://github].com/alibaba2044?tab=repositories 👇 bazaar.abuse.ch/browse/tag/git… cc reecDeep James

Mentioned Samples + ⚠️extra 👇 bazaar.abuse.ch/browse/tag/116… #opendir 💠116.203.19.]97/1/ + ⚠️https://raw.githubusercontent.]com/alibaba2044/hauL2/main/wininfo64.zip 🆘https://github].com/alibaba2044?tab=repositories 👇 bazaar.abuse.ch/browse/tag/git… cc <a href="/reecdeep/">reecDeep</a> <a href="/James_inthe_box/">James</a>
JAMESWT (@jameswt_wt) 's Twitter Profile Photo
JAMESWT
@jameswt_wt

3 years ago

TomU | I'm still here... til the end 🕊️🇨🇭 is not new is a VBS that load AgentTesla and use telegram as C2

Florian Roth ⚡️ (@cyb3rops) 's Twitter Profile Photo
Florian Roth ⚡️
@cyb3rops

3 years ago

👀

Max_Malyutin (@max_mal_) 's Twitter Profile Photo
Max_Malyutin
@max_mal_

3 years ago

#Bumblebee Infection Flow TTPs🐝 [+] Mark-of-the-Web Bypass: IMG (T1553.005) [+] Malicious File: LNK (T1204.002) [+] Windows Command Shell: BAT (T1059.003) [+] Rename System Utilities: copy & rename (T1036.003) [+] Scheduled Task: schtasks.exe (T1053.005) [+] Rundll32(T1218.011)

#Bumblebee Infection Flow TTPs🐝 [+] Mark-of-the-Web Bypass: IMG (T1553.005) [+] Malicious File: LNK (T1204.002) [+] Windows Command Shell: BAT (T1059.003) [+] Rename System Utilities: copy &amp; rename (T1036.003) [+] Scheduled Task: schtasks.exe (T1053.005) [+] Rundll32(T1218.011)
herrcore (@herrcore) 's Twitter Profile Photo
herrcore
@herrcore

3 years ago

🔴We are live rn! Join us with special guest Duncan Ogilvie 🍍 for a deep dive into hacking #ChatGPT Let’s see far off the rails we can push this thing! twitch.tv/oalabslive

🔴We are live rn! Join us with special guest <a href="/mrexodia/">Duncan Ogilvie 🍍</a> for a deep dive into hacking #ChatGPT Let’s see far off the rails we can push this thing! twitch.tv/oalabslive