If you'be been dealing with these janky downloaders ("pdfs" if MiTM the TLS), these have been #darkcloud #stealer so far:
app.any.run/tasks/925ce6...
Look for:
vbs file
showip\.net
LoginData
WebData
keyDBPath.db
in the run and
StrFtpServer
DCS V
in the dmp file
app.any.run/tasks/925ce6...
Look for:
vbs file
showip\.net
LoginData
WebData
keyDBPath.db
in the run and
StrFtpServer
DCS V
in the dmp file
March 5, 2025 at 10:34 PM
If you'be been dealing with these janky downloaders ("pdfs" if MiTM the TLS), these have been #darkcloud #stealer so far:
app.any.run/tasks/925ce6...
Look for:
vbs file
showip\.net
LoginData
WebData
keyDBPath.db
in the run and
StrFtpServer
DCS V
in the dmp file
app.any.run/tasks/925ce6...
Look for:
vbs file
showip\.net
LoginData
WebData
keyDBPath.db
in the run and
StrFtpServer
DCS V
in the dmp file
A csv formatted list of #malspam campaigns that crossed my path in February to include #malware name, c2, hash, subject, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
gist.github.com/silence-is-b...
#retrohunt
March 3, 2025 at 8:31 PM
A csv formatted list of #malspam campaigns that crossed my path in February to include #malware name, c2, hash, subject, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
gist.github.com/silence-is-b...
#retrohunt
Huh...first time I've seen threat actor's using @ThinkstCanary :
https:// assistance-newton-adam-indiana.trycloudflare\.com
https:// assistance-newton-adam-indiana.trycloudflare\.com
February 26, 2025 at 3:17 PM
Huh...first time I've seen threat actor's using @ThinkstCanary :
https:// assistance-newton-adam-indiana.trycloudflare\.com
https:// assistance-newton-adam-indiana.trycloudflare\.com
Badness at:
144.91.79.54/10022025/
app.any.run/tasks/70b515...
Ultimately #darkcloud (the txt file); c2 juguly\.shop
144.91.79.54/10022025/
app.any.run/tasks/70b515...
Ultimately #darkcloud (the txt file); c2 juguly\.shop
February 26, 2025 at 3:03 PM
Badness at:
144.91.79.54/10022025/
app.any.run/tasks/70b515...
Ultimately #darkcloud (the txt file); c2 juguly\.shop
144.91.79.54/10022025/
app.any.run/tasks/70b515...
Ultimately #darkcloud (the txt file); c2 juguly\.shop
If you're not blocking trycloudflare\.com at the perimeter, now's the time: #opendir 's:
https:// em-ash-announcements-alpha.trycloudflare\.com/1DSAHJKSA/ ->
https:// did-efficiency-than-lenses.trycloudflare\.com ->
https:// reached-theoretical-regular-impact\.trycloudflare.com
https:// em-ash-announcements-alpha.trycloudflare\.com/1DSAHJKSA/ ->
https:// did-efficiency-than-lenses.trycloudflare\.com ->
https:// reached-theoretical-regular-impact\.trycloudflare.com
February 20, 2025 at 2:34 PM
If you're not blocking trycloudflare\.com at the perimeter, now's the time: #opendir 's:
https:// em-ash-announcements-alpha.trycloudflare\.com/1DSAHJKSA/ ->
https:// did-efficiency-than-lenses.trycloudflare\.com ->
https:// reached-theoretical-regular-impact\.trycloudflare.com
https:// em-ash-announcements-alpha.trycloudflare\.com/1DSAHJKSA/ ->
https:// did-efficiency-than-lenses.trycloudflare\.com ->
https:// reached-theoretical-regular-impact\.trycloudflare.com
February 17, 2025 at 5:51 PM
http:// account\.empireaccelerate.com:9200/empire_account/account/account.do 🤨
February 12, 2025 at 10:10 PM
http:// account\.empireaccelerate.com:9200/empire_account/account/account.do 🤨
February 7, 2025 at 2:23 PM
A csv formatted list of #malspam campaigns that crossed my path in January to include subjects, hashes, c2's, #malware type, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
gist.github.com/silence-is-b...
#retrohunt
February 3, 2025 at 4:36 PM
A csv formatted list of #malspam campaigns that crossed my path in January to include subjects, hashes, c2's, #malware type, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
gist.github.com/silence-is-b...
#retrohunt
A fairly sizable distributed port scan (all source port 19000) about 30 minutes ago; raw logs and sources here:
gist.github.com/silence-is-b...
gist.github.com/silence-is-b...
January 24, 2025 at 5:16 PM
A fairly sizable distributed port scan (all source port 19000) about 30 minutes ago; raw logs and sources here:
gist.github.com/silence-is-b...
gist.github.com/silence-is-b...
January 23, 2025 at 8:30 PM
#webshell #opendir #netsupport #rat at:
https:// appointedtimeagriculture\.com/wp-includes/blocks/post-content/
GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA
https:// appointedtimeagriculture\.com/wp-includes/blocks/post-content/
GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA
January 22, 2025 at 10:20 PM
#webshell #opendir #netsupport #rat at:
https:// appointedtimeagriculture\.com/wp-includes/blocks/post-content/
GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA
https:// appointedtimeagriculture\.com/wp-includes/blocks/post-content/
GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA
As much as I was excited about #telegram cooperating with LE...I haven't noticed much of a change:
app.any.run/tasks/694cb9...
app.any.run/tasks/694cb9...
January 16, 2025 at 2:34 PM
As much as I was excited about #telegram cooperating with LE...I haven't noticed much of a change:
app.any.run/tasks/694cb9...
app.any.run/tasks/694cb9...
January 9, 2025 at 2:52 PM
A late (due to holiday vacation) and sparse csv formatted list of #malspam campaigns that crossed my path in December to include subjects, #malware, hashes, c2's, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
gist.github.com/silence-is-b...
#retrohunt
January 6, 2025 at 5:25 PM
A late (due to holiday vacation) and sparse csv formatted list of #malspam campaigns that crossed my path in December to include subjects, #malware, hashes, c2's, and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt
gist.github.com/silence-is-b...
#retrohunt
Additional details:
December 10, 2024 at 5:11 PM
Additional details:
An unsurprisingly light csv formatted list of #malspam campaigns that crossed my path in November to included subjects, #malware type, hashes, c2's and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt #infosec #cybersecurity
gist.github.com/silence-is-b...
#retrohunt #infosec #cybersecurity
December 2, 2024 at 4:23 PM
An unsurprisingly light csv formatted list of #malspam campaigns that crossed my path in November to included subjects, #malware type, hashes, c2's and email exfil addresses:
gist.github.com/silence-is-b...
#retrohunt #infosec #cybersecurity
gist.github.com/silence-is-b...
#retrohunt #infosec #cybersecurity
A curious js file...
app.any.run/tasks/112848...
app.any.run/tasks/112848...
November 27, 2024 at 10:48 PM
A curious js file...
app.any.run/tasks/112848...
app.any.run/tasks/112848...