lc4m
@luc4m
(っ◔◡◔)っ @[email protected]
ID: 468672899
19-01-2012 19:53:06
6,6K Tweet
4,4K Followers
961 Following
#phishing m365 🇮🇹 targeting energy & renewable companies - 🚹landing on onenote of compromised m365 account of 850 employees oil&gas (dm for url) - 🐟s://mangotech.cloud/me/ JAMESWT illegalFawn phishunt.io PhishingKitTracker IPAE!
![[1/3] multi stage #stego campaign vs #italy 🇮🇹 leads to #xworm rat via #andeloader (h/t <a href="/abuse/">hi</a> tag: spam-ita <a href="/JAMESWT_WT/">JAMESWT</a> )
mail > 7z > js > ps1 > ande loader from #stego image from archive[.org > b64 #xworm payload from paste[.ee > msbuild.exe
possible #BlindEagle apt-c-36 ? 🤔](https://pbs.twimg.com/media/GpXMsgjWMAAmWZW.png "Simplicio Sam L. (@marsomx_) on Twitter photo [1/3] multi stage #stego campaign vs #italy 🇮🇹 leads to #xworm rat via #andeloader (h/t <a href=\"/abuse/\">hi</a> tag: spam-ita <a href=\"/JAMESWT_WT/\">JAMESWT</a> )
mail > 7z > js > ps1 > ande loader from #stego image from archive[.org > b64 #xworm payload from paste[.ee > msbuild.exe
possible #BlindEagle apt-c-36 ? 🤔")
![#MintsLoader > #PEC #Italy
👇
brettesxes.]com/1.php?s=flibabc12
abckdkfkgdjnkhe.]top/zeqvk8x13ghtr.php
Samples👇 <a href="/luc4m/">lc4m</a>
bazaar.abuse.ch/browse/tag/abc…
#MintsLoader #Spain
geronimo.]website/1.php?s=flibabc12
glmhhdcmgcfddbk.]top/upow4fi5hvhtr.php
❇️Summary
bazaar.abuse.ch/browse/tag/185…](https://pbs.twimg.com/media/GsllgJRW0AAg8_G.jpg "JAMESWT (@jameswt_wt) on Twitter photo #MintsLoader > #PEC #Italy
👇
brettesxes.]com/1.php?s=flibabc12
abckdkfkgdjnkhe.]top/zeqvk8x13ghtr.php
Samples👇 <a href=\"/luc4m/\">lc4m</a>
bazaar.abuse.ch/browse/tag/abc…
#MintsLoader #Spain
geronimo.]website/1.php?s=flibabc12
glmhhdcmgcfddbk.]top/upow4fi5hvhtr.php
❇️Summary
bazaar.abuse.ch/browse/tag/185…")
#pxastealer 🇻🇳 targeting 🇮🇹 Cisco Talos Intelligence Group malware_traffic cert_lu Cert AgID Gianni Amato JAMESWT MalwareHunterTeam H/t: ܛܔܔܔܛܔܛܔܛ
!["RE: TOURS BOOKING"
#booking spam email spread
#RemCosRat
⛔️C2 178.215.236.]251:2727
#AgentTesla
⛔️ExFil Smtp > sendxambro@educt.]shop
Sample👇
bazaar.abuse.ch/sample/41d9c5a…
<a href="/k3dg3/">Kelsey</a> <a href="/500mk500/">Mikhail Kasimov</a> <a href="/skocherhan/">ܛܔܔܔܛܔܛܔܛ</a>](https://pbs.twimg.com/media/GtxH0XOXYAA7TlQ.jpg "JAMESWT (@jameswt_wt) on Twitter photo \"RE: TOURS BOOKING\"
#booking spam email spread
#RemCosRat
⛔️C2 178.215.236.]251:2727
#AgentTesla
⛔️ExFil Smtp > sendxambro@educt.]shop
Sample👇
bazaar.abuse.ch/sample/41d9c5a…
<a href=\"/k3dg3/\">Kelsey</a> <a href=\"/500mk500/\">Mikhail Kasimov</a> <a href=\"/skocherhan/\">ܛܔܔܔܛܔܛܔܛ</a>")
3/ Sandy Nguyen (Bullish Gopher) a DPRK ITW from this cluster was spotted via OSINT next to the North Korea flag at an event in Russia. A small group of people still believe North Korean devs are just a conspiracy despite all of the IOCs, research, etc widely available.
not #MalwareChallenge but #DLLsideloading abuse of signed EXE 😎 📷 Cryptolaemus ExecuteMalware hazmalware James JAMESWT_MHT Joe Roosen James Quinn lc4m MalwareHunterTeam Microsoft Threat Intelligence John Lambert neonprimetime ps66uk Racco42 Nilanjana Hugo Rifflet Hash Miser
Reminder everyone that time and time again its individual/crowdsourced effort that safes our internet. Individual People like those behind: abuse.ch Malpedia Squiblydoo vx-underground Use their hobby, free time, money and much more just to make our world safer.
