James (@james_inthe_box) Twitter Tweets • TwiCopy

James

a month ago

Another #malicious #gotoresolve / #logmeinrescue at: https://fbsi\ .org/Receipt_Copy.msi Company ID: 9119452146254695709 app.any.run/tasks/2b763be2…

thumb_up_off_alt14

chat_bubble_outline1

repeat4

shareShare

RussianPanda 🐼 🇺🇦

@russianpanda9xx

a month ago

Good morning! ☀️ #GootLoader woke up and chose violence (again) Grab your coffee, this one's JUICY 💣 huntress.com/blog/gootloade…

thumb_up_off_alt188

chat_bubble_outline7

repeat51

shareShare

#malware #opendir #xloader (small one works, big one not so much) at: https://royfils\.com/encrypt/ 2cd9b8fb88e7cbbc5c049441fb61e0aea7be23dc7aa2c109c13abefe7a2ac943 4733feaca04e871d4e0bb052f2437a2f46f10852602ea4f8b2f0170f4838dd87

$#malware #opendir #xloader (small one works, big one not so much) at: https://royfils\.com/encrypt/ 2cd9b8fb88e7cbbc5c049441fb61e0aea7be23dc7aa2c109c13abefe7a2ac943 4733feaca04e871d4e0bb052f2437a2f46f10852602ea4f8b2f0170f4838dd87$

thumb_up_off_alt9

chat_bubble_outline1

repeat5

shareShare

Jamie Levy🦉

@gleeda

25 days ago

Details can be found here: job-boards.greenhouse.io/huntress/jobs/… 🤔Reach out if you have questions.

thumb_up_off_alt20

chat_bubble_outline3

repeat2

shareShare

Br3akp0int

@tccontre18

15 days ago

Happy to share the latest #STRT blog covering the updated version of the .NET Steganography Loader being used by several RATs and Trojan stealers, including #Lokibot. The blog includes the analysis, simple tooling, TTPs, and Splunk detections. 🙂 splunk.com/en_us/blog/sec…

thumb_up_off_alt49

chat_bubble_outline1

repeat16

shareShare

The DFIR Report

@thedfirreport

15 days ago

🐈 Cat’s Got Your Files: Lynx Ransomware 🎉New report out by Friff, Daniel Casenove & Mattie Schuch!🎉 Attackers used stolen creds to access RDP, quickly pivoted to a DC with a second compromised admin, created impersonation accounts, mapped the environment, and more.

🐈 Cat’s Got Your Files: Lynx Ransomware

🎉New report out by <a href="/Friffnz/">Friff</a>, Daniel Casenove & <a href="/MittenSec/">Mattie Schuch</a>!🎉

Attackers used stolen creds to access RDP, quickly pivoted to a DC with a second compromised admin, created impersonation accounts, mapped the environment, and more.

thumb_up_off_alt87

chat_bubble_outline3

repeat26

shareShare

James

@james_inthe_box

15 days ago

#evil #logmeinrescue at: https://www.filemail\.com/d/hxuvtnorqdzqppi Company ID: 172104807361994773

thumb_up_off_alt3

chat_bubble_outline0

repeat1

shareShare

James

@james_inthe_box

10 days ago

Evil #logmeinrescue at: https:// connectme-1ke.pages. dev/LogMeInResolve_Unattended.msi e56e5f1f37b6c2ae9f4f1b2e7ab2f7aee9ca91c4c84334dd5bb49675de619736 Company ID: 8400521075231559185

thumb_up_off_alt5

chat_bubble_outline1

repeat2

shareShare

James

@james_inthe_box

10 days ago

A new one on me... #mercury32 #loader (but still kinda #darkcloud) app.any.run/tasks/67c44d06…

thumb_up_off_alt9

chat_bubble_outline1

repeat3

shareShare

James

@james_inthe_box

6 days ago

"ALFV" cybersecuritytoday.libsyn.com/major-us-bank-…

thumb_up_off_alt1

chat_bubble_outline1

repeat0

shareShare

James

@james_inthe_box

5 days ago

Maybe I'm crazy, but I always thought explorer.exe ran at boot regardless?

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

James

@james_inthe_box

5 days ago

Way to go Opera forums.opera.com/topic/87290/op…

thumb_up_off_alt1

chat_bubble_outline0

repeat0

shareShare

James

@james_inthe_box

4 days ago

An unusually large, moments ago #botnet scan all from source port 19000 (not the "usual" Amazon sourced scans that I see every morning like clockwork at 06:45). Raw logs and source IP's: gist.github.com/silence-is-bes…

thumb_up_off_alt15

chat_bubble_outline0

repeat2

shareShare

James

@james_inthe_box

11 hours ago

A csv formatted list of #malspam campaigns that crossed my path in November to include #malware type, c2, hash, subject, and some email exfil addresses: gist.github.com/silence-is-bes… #retrohunt

thumb_up_off_alt8

chat_bubble_outline0

repeat3

shareShare