Do you want to discover subdomains?

Knockpy, a modular #python #tool , allows you to do passive and dictionary scans.

github.com/guelfoweb/knock

Gianni Amato

#OSINT #reconnaissance #ThreatIntel #cli #BlueTeam #infosec #investigation #intelligence #cybersecurity

JAMESWT Gianni Amato James Jane Peter Kruse | Cybercrime Research MalwareHunterTeam Arkbird Karsten Hahn Germán Fernández C2:
netsecurez.]com
whofoxy.]com
mimemoa.]com
ntcgo.]com

Unpacked sample: bazaar.abuse.ch/sample/9a7b02d…

JAMESWT Germán Fernández MalwareHunterTeam Gianni Amato Tommy M (TheAnalyst) Igal Lytzki🇮🇱 proxylife reecDeep Karsten Hahn ExecuteMalware Who said what Maybe Powerdash ?? Looks like malspam campaign analyzed by CERT Polska
cert.pl/en/posts/2023/…

Mangusta Kelsey Cert AgID Gianni Amato JAMESWT reecDeep MalwareHunterTeam ExecuteMalware

JAMESWT Malware Searcher ICANN Samiran Gupta Ajay Khatwani FreeSupport.in Cloudflare L205306 MalwareHunterTeam MalwareTech Who said what Igal Lytzki🇮🇱 Kimberly __veronica__ sugimu reecDeep Tommy M (TheAnalyst) Frost TG Soft Gianni Amato

reecDeep MalwareHunterTeam Malware Patrol JAMESWT James Gianni Amato Mangusta proxylife Cryptolaemus Italy 🇮🇹 + France 🇫🇷

JAMESWT BancoBPM Cert AgID Gianni Amato illegalFawn MalwareHunterTeam Phish.Stats 🐟 DNS non importato per hostname, peccato, ero curiosa =)

JAMESWT MalwareHunterTeam Claudio illegalFawn Gianni Amato Che poi, nella benevolenza più totale, sul sito ufficiale si trova anche questo bel QR Code.. che cosa potrebbe andare storto con un fake url?

JAMESWT Cert AgID Gianni Amato Germán Fernández Claudia Igal Lytzki🇮🇱 James proxylife ExecuteMalware MalwareHunterTeam Tommy M (TheAnalyst) Same c2:
twitter.com/Cyberteam008/s…
cc: RussianPanda 🐼 🇺🇦

reecDeep James JAMESWT ExecuteMalware proxylife Gianni Amato Germán Fernández Mangusta Tommy M (TheAnalyst) MalwareHunterTeam Jane Also analyzed by Deutsche Telekom CERT

Peter Kruse | Cybercrime Research JAMESWT Adobe Gianni Amato reecDeep Igal Lytzki🇮🇱 MalwareHunterTeam proxylife to me both files seem to be legit, signature is valid, in overlay, the following bytes with JSON object are appended. Can it be some kind of 'Marketing Cloud Visitor ID' or sth like that?

JAMESWT Cert AgID Gianni Amato Francesco Bussoletti Mangusta Tommy M (TheAnalyst) proxylife MalwareHunterTeam Igal Lytzki🇮🇱 Germán Fernández seems some forked version of #AgentTesla #malware

JAMESWT Cert AgID Gianni Amato reecDeep Francesco Bussoletti MalwareHunterTeam Igal Lytzki🇮🇱 Frost Tommy M (TheAnalyst) proxylife sugimu hdstatusvideos .com? Again? 😂🤦‍♂️

urlhaus.abuse.ch/host/hdstatusv…

Cert AgID Gianni Amato JAMESWT reecDeep MalwareHunterTeam ExecuteMalware sample shared on abuse.ch

bazaar.abuse.ch/sample/4bc8c38…

GitHub - guelfoweb/knock: Knock Subdomain Scan github.com/guelfoweb/knock

Salvatore Lombardo Let's Encrypt Namecheap.com Cloudflare Francesco Bussoletti Gianni Amato JAMESWT MalwareHunterTeam Massinissa - マシニッサ Claudia ωєвмαякєтнιик questi #scam spopolano sui social da anni, target le compagnie nazionali di trasporto worldwide ( 🇮🇹🇨🇭🇧🇪🇳🇱🇨🇦..)

da una veloce ricerca 'nostrana':
/ddifc.info/omio-review-promo-code/
/roscommon.info/blog/review-trenitalia-executive-class/
Namecheap.com pls revoke the #scam domains

Cxy0rL reecDeep MalwareHunterTeam James JAMESWT TG Soft Gianni Amato Kostas proxylife Frost ExecuteMalware The configs are RC4 encrypted and stored in the RCData resource of the binary.
The first byte is the length of the key to follow up and the rest is the encrypted data.

#PDF : sempre più sfruttati gli allegati contenenti link a risorse malevole (RT Gianni Amato).I #trojan #Qakbot / #Qbot e #Ursnif tra i #malware diffusi con queste tecniche. I dati del Cert AgID con Salvatore Lombardo, su Matrice Digitale👉 matricedigitale.it/notizie/cert-a… #cybersecurity WIIT CHANNEL SERVICES #WCS

È online il report settimanale delle campagna malevole prodotto da Cert AgID 👇