Do you want to discover subdomains?
Knockpy, a modular #python #tool , allows you to do passive and dictionary scans.
github.com/guelfoweb/knock
Gianni Amato
#OSINT #reconnaissance #ThreatIntel #cli #BlueTeam #infosec #investigation #intelligence #cybersecurity
JAMESWT Gianni Amato James Jane Peter Kruse | Cybercrime Research MalwareHunterTeam Arkbird Karsten Hahn Germán Fernández C2:
netsecurez.]com
whofoxy.]com
mimemoa.]com
ntcgo.]com
Unpacked sample: bazaar.abuse.ch/sample/9a7b02d…
JAMESWT Germán Fernández MalwareHunterTeam Gianni Amato Tommy M (TheAnalyst) Igal Lytzki🇮🇱 proxylife reecDeep Karsten Hahn ExecuteMalware Who said what Maybe Powerdash ?? Looks like malspam campaign analyzed by CERT Polska
cert.pl/en/posts/2023/…
JAMESWT BancoBPM Cert AgID Gianni Amato illegalFawn MalwareHunterTeam Phish.Stats 🐟 DNS non importato per hostname, peccato, ero curiosa =)
JAMESWT MalwareHunterTeam Claudio illegalFawn Gianni Amato Che poi, nella benevolenza più totale, sul sito ufficiale si trova anche questo bel QR Code.. che cosa potrebbe andare storto con un fake url?
JAMESWT Cert AgID Gianni Amato Germán Fernández Claudia Igal Lytzki🇮🇱 James proxylife ExecuteMalware MalwareHunterTeam Tommy M (TheAnalyst) Same c2:
twitter.com/Cyberteam008/s…
cc: RussianPanda 🐼 🇺🇦
Peter Kruse | Cybercrime Research JAMESWT Adobe Gianni Amato reecDeep Igal Lytzki🇮🇱 MalwareHunterTeam proxylife to me both files seem to be legit, signature is valid, in overlay, the following bytes with JSON object are appended. Can it be some kind of 'Marketing Cloud Visitor ID' or sth like that?
JAMESWT Cert AgID Gianni Amato reecDeep Francesco Bussoletti MalwareHunterTeam Igal Lytzki🇮🇱 Frost Tommy M (TheAnalyst) proxylife sugimu hdstatusvideos .com? Again? 😂🤦♂️
urlhaus.abuse.ch/host/hdstatusv…
Cert AgID Gianni Amato JAMESWT reecDeep MalwareHunterTeam ExecuteMalware sample shared on abuse.ch
bazaar.abuse.ch/sample/4bc8c38…
Salvatore Lombardo Let's Encrypt Namecheap.com Cloudflare Francesco Bussoletti Gianni Amato JAMESWT MalwareHunterTeam Massinissa - マシニッサ Claudia ωєвмαякєтнιик questi #scam spopolano sui social da anni, target le compagnie nazionali di trasporto worldwide ( 🇮🇹🇨🇭🇧🇪🇳🇱🇨🇦..)
da una veloce ricerca 'nostrana':
/ddifc.info/omio-review-promo-code/
/roscommon.info/blog/review-trenitalia-executive-class/
Namecheap.com pls revoke the #scam domains
Cxy0rL reecDeep MalwareHunterTeam James JAMESWT TG Soft Gianni Amato Kostas proxylife Frost ExecuteMalware The configs are RC4 encrypted and stored in the RCData resource of the binary.
The first byte is the length of the key to follow up and the rest is the encrypted data.
#PDF : sempre più sfruttati gli allegati contenenti link a risorse malevole (RT Gianni Amato).I #trojan #Qakbot / #Qbot e #Ursnif tra i #malware diffusi con queste tecniche. I dati del Cert AgID con Salvatore Lombardo, su Matrice Digitale👉 matricedigitale.it/notizie/cert-a… #cybersecurity WIIT CHANNEL SERVICES #WCS