#cutwail start to spread #maldoc #ursnif Subject: Rimborso Riferimento PR50419U28Y0755 Payload from : checking ... C2 : checking ... pastebin.com/raw/dkRch5U7 sugimu sample : app.any.run/tasks/efd061f9… virustotal.com/gui/file/ecbba… (3/63) tria.ge/210420-ttdlnmp…

#TA551 (#Shathak) domains registered yesterday: raycrypto1[.]com tooldunlap[.]com netoutsourcing2007[.]com mckenzienation[.]com ivorytaxi2004[.]com clogphan[.]com

#cutwail start to spread #maldoc Subject: Subject: Rimessa contrassegni a mezzo bonifico bancario (ID0755158) payload from : checking.. C2 : checking ... sample : app.any.run/tasks/ab6b2bb3… virustotal.com/gui/file/acdb2… (1/63) tria.ge/210504-ljaeb29…

New pot. #TA551/#Shathak domains: malware_traffic JAMESWT_MHT Tommy M (TheAnalyst) @tbarabosch purposerentals2001a[.]com shufflepugha[.]com spinbtc2010a[.]com cardvanga[.]com burnsrentalsa[.]com garciatva[.]com dejesusmarketa[.]com leafingrama[.]com colontaxia[.]com gatherdavilaa[.]com

Well, I put my soul on that one. blog.fox-it.com/2021/05/04/rm3…

Do you want to unsubscribe from Flubot? :D (The layer providing service)

#cutwail preapare to spread #maldoc #ursnif Subject : Fattura BRT S.p.A. n. ***** del 11/05/21 MD5 : 392763f30bb23fd59109e1c70df61888 payload from : checking.. C2 : checking ... sample : app.any.run/tasks/2e2325c9… virustotal.com/gui/file/05ed6… (4/61) FirstPost tria.ge/210511-h2dtzwb…

DarkSide ransomware gang: "Closed because pressure from US gov." REvil gang: "Work in the social sector (health care, educational institutions) is prohibited" Meanwhile Conti RW gang be like: "What's up guys? If you didn't heard, we're just ransoming the Irish healthcare system."

#cutwail preapare to spread #maldoc #ursnif ? Subject : Fattura BRT S.p.A. n.**** del 31/05/21 MD5 : a6c5c792ec49d81824d176a164b9d46c payload from : checking... C2 : checking... sample : app.any.run/tasks/127ff5cc… virustotal.com/gui/file/44c87… (6/63) tria.ge/210531-1ephctk…

#cutwail preapare to spread #maldoc #ursnif ? Subject : Rimessa contrassegni a mezzo bonifico bancario * MD5 : aff547f0a7675ff435486fad59a0bd7d payload from : checking... C2 : checking... Sample : app.any.run/tasks/9e182615… virustotal.com/gui/file/e3dab… (3/63) tria.ge/210622-gz6dpzm…

#cutwail preapare to spread #maldoc #ursnif ? Subject : BRT S.P.A. - fatture scadute * BRT S.P.A. - Sollecito pagamento fatture * MD5 : faf276a7f7aabafa22ff9f8fd92dc9c2 payload/C2: checking... Sample : app.any.run/tasks/cc790040… virustotal.com/gui/file/51eff… (6/63) tria.ge/210629-f562amm…

#cutwail start to spread #maldoc #ursnif ? Subject : Sollecito di pagamento MD5 : 40253c4885c52237755e64dc8ca6e423 payload/C2: checking... sample : virustotal.com/gui/file/00946… app.any.run/tasks/c9e4af38… tria.ge/210706-nlemx52…

#cutwail start to spread #maldoc #ursnif ? Subject : EnelEnergia - Emissione Bolletta PEC MD5 : be08be775737dbd2ef07cd65b3c95d7e payload/C2: checking... sample : virustotal.com/gui/file/c99d2… (7/63) app.any.run/tasks/51ca14da… tria.ge/210713-g9hlvpd…

#cutwail start to spread #maldoc #ursnif ? Subject : Rimborso Riferimento PR44095U72Y8823 MD5 : 1bd9f81020febf162aab0a71ca339da7 payload/C2: checking... sample : app.any.run/tasks/efe4bea5… virustotal.com/gui/file/1a186… (8/63) tria.ge/210728-hz3921c…

#dridex DropUrl 08/23/2021 pastebin.com/qGUG5Lsc

Dridex botnet 22201 / 22202 / 22203 incoming, using weaponized XLSB documents 🔥💣 22201: 📄bazaar.abuse.ch/sample/9526c19… 22202: 📄bazaar.abuse.ch/sample/945de16… 22203: 📄bazaar.abuse.ch/sample/19d58cd… Dridex C2s: 👉feodotracker.abuse.ch/browse/host/51… 👉feodotracker.abuse.ch/browse/host/13… 👉feodotracker.abuse.ch/browse/host/22…

Heads up! Weaponized Microsoft Excel files spreading Cobalt Strike via files.slack[.]com Matt Slack 🔥 XLSB: 📊 bazaar.abuse.ch/sample/b2146ce… EXE: 📄 bazaar.abuse.ch/sample/dae9e20… Payload URL: 🌍 urlhaus.abuse.ch/url/1563535/ CobaltStrike C2: threatfox.abuse.ch/ioc/194136/

PayPal has blocked our business account and is holding $1.3M for more than 2 months without explaining what exactly they are not happy with. Even PayPal support doesn't know what's going on. ⚠️This endangers the production of Flipper Zero in general. More details in thread 1/5

1/3 Se non avete capito bene l'attacco ad #ASL1, io e Claudio ci siamo impegnati nelle ultime 72 ore per poter portare alla luce uno dei più grandi leak italiani. Il nostro compito è quello di non far cadere nel buio, questa brutta vicenda.

🚀 Hi #InfoSec community! I'm excited to introduce Segugio, my latest tool to help #cybersecurity pros build custom malware analysis labs. Track malware across the kill chain, from infection to final-stage configuration! 🔗 Check it out: github.com/reecdeep/segug… #Malware