NULL
@Mr_4zure
Cyber Security Analyst, Threat Researcher #InfoSec #CyberSecurity #CyberDefence
You might like
#Spyware — and the "mercenary" groups behind these tools — is still popping up and, in some cases, growing. We have a new blog post about why these groups are dangerous and what other steps the security community should be taking to combat these threats. cs.co/6016Py6uI
#Lokibot #Malware from #malspam MD5: 87D96F1D67CB3142621BF58A527A3A06 🔥hxxp://sempersim.su/gk10/fre.php #infosec #malware #CyberSecurity
multiple #AgentTesla #malware by #GuLoader targeting #italy too 🇮🇹 🔥exfiltration via FTP: fxp://ftp[.onogost[.com/ infoo[@[onogost[.com fxp://ftp[.overviewsupplies[.com/ wrk1[@[wiprorealstate[.com #infosec #CyberSecurity #infosecurity #Security
🇮🇹#GuLoader is delivering #AgentTesla #malware in #italy too from massive #malspam thanks to @AgidCert ➡️urls: hxxp://asblp.tk/bvvc/MAHrNVsQLYBv140.csv /lJrJtbe135.dsp hxxp://asblp[.tk/scrtt/pcqPOYCq163.hhp /eemnWjnxSePvDyq91.csv #CyberSec #infosec #CyberAttack
🇮🇹#GuLoader is delivering #AgentTesla #malware in #italy too from massive #malspam thanks to @AgidCert ➡️urls: hxxp://asblp.tk/bvvc/MAHrNVsQLYBv140.csv /lJrJtbe135.dsp hxxp://asblp[.tk/scrtt/pcqPOYCq163.hhp /eemnWjnxSePvDyq91.csv #CyberSec #infosec #CyberAttack
"Richiesta Preventivo" spread #guloader #italy Gz bazaar.abuse.ch/sample/c879d04… Zip password protected not write in email (pw 1) bazaar.abuse.ch/sample/a6603d5… Exe bazaar.abuse.ch/sample/c690e22… C2 config hXXps://andreameixueiro.com/build_EXjhnftQHX181.bin bazaar.abuse.ch/sample/4b64d0d… cc @Arkbird_SOLG
Malspam with weaponized word document distributing TrickBot (rob96) 🔥 docx -> dot -> exe 🪲 Domains: micrsoft365 .live download3 .xyz docx: 📄 bazaar.abuse.ch/sample/4835f6d… dot: 📃bazaar.abuse.ch/sample/fd05481… exe: 📁 bazaar.abuse.ch/sample/24dd0b8… Payload URLs: 🌍 urlhaus.abuse.ch/browse/tag/rob…
"Re: New order of goods" spred #FormBook too in #italy Revised_Order PDF .zip bazaar.abuse.ch/sample/355af5b… Revised_Order PDF.exe bazaar.abuse.ch/sample/bfc5459… C2 hXXp://www.kalptarucentrino.com/owws/ cc @58_158_177_102 @felixw3000
"Re:FW: PROFORMA INVOICE2" #spread #Formbook too today in #italy Zip bazaar.abuse.ch/sample/20958a9… PROFORMA INVOICE PDF.exe bazaar.abuse.ch/sample/98acba3… C2 hXXp://www.kalptarucentrino.com/owws/ cc @58_158_177_102 @felixw3000
Individuata nuova variante delle campagna #sLoad veicolata via #PEC ⚠️Disponibili gli #ioc 🔗 cert-agid.gov.it/news/individua…
Collections of #signed "1.A Connect GmbH" Samples including #CobaltStrike #signed Samples 🔽🔽🔽 bazaar.abuse.ch/browse/tag/1.A… H/T @malwrhunterteam
⚠️Nuova ondata #Flubot solita modalità #smishing/#phishing "Il pacco è pronto per la consegna. Richiedilo ora..." #DHL🎣https://corgamacfi[.com/3tosyn.php?ucqr9ljistwb campione #apk ⤵️ virustotal.com/gui/file/a34c1…
Mentioned #Flubot #apk #android #malware 🔽🔽🔽 bazaar.abuse.ch/sample/a34c1e3…
Probabile campagna di #Phishing ai danni dei rivenditori di #Sky veicolato con dominio creato Ad Hoc lo scorso 22 Maggio. IoC: - assistenzapdv[.]com Invitiamo gli utenti a prestare la massima attenzione!
![D3LabIT's tweet image. Probabile campagna di #Phishing ai danni dei rivenditori di #Sky veicolato con dominio creato Ad Hoc lo scorso 22 Maggio.
IoC:
- assistenzapdv[.]com
Invitiamo gli utenti a prestare la massima attenzione!](https://pbs.twimg.com/media/E2I4MabWEAIVaoP.jpg)
Researchers disclose details on several critical vulnerabilities affecting Nagios IT monitoring #software that could let attackers hijack corporate networks. Read: thehackernews.com/2021/05/detail… #infosec #cybersecurity #hacking
#oletools 0.60 / olevba: I am integrating XLMMacroDeobfuscator from @DissectMalware to extract and deobfuscate Excel 4 / XLM macros (work in progress - bugs expected) If you want to test it, install the latest dev version of oletools: github.com/decalage2/olet…
#Lokibot #Malware targets #Italy 🇮🇹 from #malspam "Copia di pagamento dell'Ordine" 🔥c2: hxxp://mbyi.]xyz/five/fre.php #infosec #CyberSecurity #cybercrime #Security @guelfoweb @VirITeXplorer @58_158_177_102 @matte_lodi @D3LabIT
![reecdeep's tweet image. #Lokibot #Malware targets #Italy 🇮🇹 from #malspam
"Copia di pagamento dell'Ordine"
🔥c2:
hxxp://mbyi.]xyz/five/fre.php
#infosec #CyberSecurity #cybercrime #Security
@guelfoweb @VirITeXplorer @58_158_177_102 @matte_lodi @D3LabIT](https://pbs.twimg.com/media/E15L0JcXoAMl49j.png)
![reecdeep's tweet image. #Lokibot #Malware targets #Italy 🇮🇹 from #malspam
"Copia di pagamento dell'Ordine"
🔥c2:
hxxp://mbyi.]xyz/five/fre.php
#infosec #CyberSecurity #cybercrime #Security
@guelfoweb @VirITeXplorer @58_158_177_102 @matte_lodi @D3LabIT](https://pbs.twimg.com/media/E15NBE-XMAIAyNv.jpg)
Mentioned Msi sample bazaar.abuse.ch/sample/844f891… + Exe bazaar.abuse.ch/sample/a03cc84… + 47.96.251.184_8083/3Wdo #CobaltStrike bazaar.abuse.ch/sample/87d63a4…
In a new blog post @teamcymru share some of their finding on the IcedID/Bokbot infrastructure. team-cymru.com/blog/2021/05/1…
"Bank Payment Copy Attached" spread #nanocore #rat too in #italy Ace bazaar.abuse.ch/sample/9ee0828… Exe bazaar.abuse.ch/sample/f2dcc47… >>> joetrump2022.ddns[.net cc @felixw3000 @58_158_177_102 @verovaleros
United States Trends
- 1. Veterans Day 442K posts
- 2. Woody 19.8K posts
- 3. Jeezy 2,218 posts
- 4. Tangle and Whisper 5,183 posts
- 5. State of Play 35.5K posts
- 6. Pat Murphy 1,318 posts
- 7. Jaire Alexander 1,948 posts
- 8. Toy Story 5 26.3K posts
- 9. Dame Sarr N/A
- 10. Aday Mara N/A
- 11. College Football Playoff 2,828 posts
- 12. Errtime N/A
- 13. McAvoy N/A
- 14. Antifa 215K posts
- 15. #jeopardyblindguess N/A
- 16. #ShootingStar N/A
- 17. Wanda 34.2K posts
- 18. NiGHTS 60.5K posts
- 19. Nico 152K posts
- 20. Bill Murray N/A
Something went wrong.
Something went wrong.