lc4m
@luc4m
(っ◔◡◔)っ @[email protected]
ID:468672899
19-01-2012 19:53:06
6,9K Tweets
4,2K Followers
933 Following
Follow People
vx-underground
The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth
Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
MalwareHunterTeam
Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
JAMESWT
#Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW
Michael Koczwara
Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon), https://t.co/vixTz8xKuF https://t.co/VQWaze6gaF
cool finding Fox_threatintel ! Also reGeorg reverse proxy #tunnel .
🤨Cisco Talos Intelligence Group found similar one in #China ops. In a tunnel they have 165.154.227,192 which was related to #apt41 .. interesting to investigate 🧐🧐🧐
Michael Koczwara Kimberly Arda Büyükkaya Jazi
Samples related to #xz backdoor and #CVE_2024_3094 are uploaded to abuse.ch
bazaar.abuse.ch/browse/tag/CVE…
Thanks to RedDrip Team
#xz #backdoor
#ransomware found in a zip file that i have no idea where i got it.
see samples:
57ed772081790cd3c0993b754c9241660c640d52a3d2be86fc6e9981c7b577f1
8bb509402f8f41b53d83b77979a9f09085b8766021ee1918b1b8e86efc126cc4
2594c63e40c0f752386b7a066f1aa86a36568d40cffc7ab67a268f5e7b706167
Did you hear that?
Akamai researcher Ben Barnea has discovered two vulnerabilities within Windows.
Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.
Full write-up:
akamai.com/blog/security-…
Mentioned sample by JAMESWT and found by Artilllerie ☣ is #Zegost #malware #spyware as fake AnyDesk
✅Searches for sec-apps while performing system reconnaisance
✅High modular
✅Remote Command Execution
✅Keylogging
🔥c2 8.218.159.17
#CyberSecurity
x.com/Artilllerie/st…
![Potential new #DuckTail PHP #stealer campaign spotted. hxxps://videocallgirl[.]top/alb/ -> Auto Download .zip file -> .exe posing as images with DLL sideloading -> downloading real images and payloads, then stealing data. #IoC: github.com/Gi7w0rm/Malwar… via: @nobodydontknow4](https://pbs.twimg.com/media/GA--IhsX0AAJUDx.jpg "Gi7w0rm (@Gi7w0rm) on Twitter photo 2023-12-10 11:39:19 Potential new #DuckTail PHP #stealer campaign spotted. hxxps://videocallgirl[.]top/alb/ -> Auto Download .zip file -> .exe posing as images with DLL sideloading -> downloading real images and payloads, then stealing data. #IoC: github.com/Gi7w0rm/Malwar… via: @nobodydontknow4")
I don't care what the haters say; I managed to create some good detections and hunts for the activity reported by BlackBerry Cybersecurity. See the Sigma detection rule below. This is just one of many:
![#Lambda Ransomware 👺 C2: 79.133.51.208 (check-in) Live Support: krjv3wondknwdrlvzp6ktqcqkrlvpme2xjt3fu7ojqpaqgl3sm33bdqd[.]onion Some strings: LAMBDA_README.txt {'disk_name': '%hc', 'disk_type': '%s', 'free_size': '%llu', 'total_size': '%llu'} /c ping 127.0.0.1 -n 5 > nul &…](https://pbs.twimg.com/media/F_zqp6KWwAAmj0u.jpg "Germán Fernández (@1ZRR4H) on Twitter photo 2023-11-25 20:46:34 #Lambda Ransomware 👺 C2: 79.133.51.208 (check-in) Live Support: krjv3wondknwdrlvzp6ktqcqkrlvpme2xjt3fu7ojqpaqgl3sm33bdqd[.]onion Some strings: LAMBDA_README.txt {'disk_name': '%hc', 'disk_type': '%s', 'free_size': '%llu', 'total_size': '%llu'} /c ping 127.0.0.1 -n 5 > nul &…")
My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at #BSidesLondon2023 is live! pretalx.com/bsides-london-…
![🚨 Cybersecurity Alert 🚨 Phishing domains indirectly linked to #Snatch Ransomware detected! IP 51.250.13.110 located in Russia. Domains appear to target Canada Financial Services. · simplihl[.]help - Spoofing Simplii Financial · bmo-importantnotice[.]com - Spoofing Bank of…](https://pbs.twimg.com/media/F9SulrsWkAAGYFm.jpg "Chris Duggan (@TLP_R3D) on Twitter photo 2023-10-25 14:47:34 🚨 Cybersecurity Alert 🚨 Phishing domains indirectly linked to #Snatch Ransomware detected! IP 51.250.13.110 located in Russia. Domains appear to target Canada Financial Services. · simplihl[.]help - Spoofing Simplii Financial · bmo-importantnotice[.]com - Spoofing Bank of…")
