You might like
Important Message to All my Followers & Readers. Please keep in mind that: I am absolutely not connected with cybersecurity or IT, it is not my profession because I do not have a profession. And I do not have education. Do not trust what I do. Thank you for reading.
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day | Akamai akamai.com/blog/security-…
#специальнодлятупых A Special Secret Hint, for those who are fishing in a fish store -> f2c879bedd2257d131a87cd15d194174 Ref[1]: valhalla.nextron-systems.com/info/rule/SUSP…
![r3dbU7z's tweet image. #специальнодлятупых
A Special Secret Hint, for those who are fishing in a fish store ->
f2c879bedd2257d131a87cd15d194174
Ref[1]:
valhalla.nextron-systems.com/info/rule/SUSP…](https://pbs.twimg.com/media/GWAVZRzXgAA9zIG.png)
![r3dbU7z's tweet image. #специальнодлятупых
A Special Secret Hint, for those who are fishing in a fish store ->
f2c879bedd2257d131a87cd15d194174
Ref[1]:
valhalla.nextron-systems.com/info/rule/SUSP…](https://pbs.twimg.com/media/GWAVZ0YXAAAzsOO.png)
Очередного персонажа забанили в Твиттере: Когда за тебя уже все нашли, легко и удобно публиковать результаты чужой работы. Сообщество обязательно оценит твой труд в X. С другой стороны-если бы я не загрузил свой архив на VT-не было самого сообщения этого исследователя и охотника.
#письма_счастья NotificacaoAutuacao_023400E61936083-206920.pdf.[lnk] 6e4e582b51b73cd75345d6f8c585207d url: portalservicos-denatran-serpro-gov-br\.org 🇧🇷🚔 Ref[1]: virustotal.com/gui/file/a8cc6… See also -> url: computador\.run Ref[2]: virustotal.com/gui/file/de6df…
![r3dbU7z's tweet image. #письма_счастья
NotificacaoAutuacao_023400E61936083-206920.pdf.[lnk]
6e4e582b51b73cd75345d6f8c585207d
url: portalservicos-denatran-serpro-gov-br\.org 🇧🇷🚔
Ref[1]:
virustotal.com/gui/file/a8cc6…
See also ->
url: computador\.run
Ref[2]:
virustotal.com/gui/file/de6df…](https://pbs.twimg.com/media/GV7-JSvW4AAX3kZ.png)
#Cthulhu Stealer targeting #macOS spotted in the wild! 🦑 Similar to #AMOS Stealer but with key differences. Great breakdown by @CadoSecurity 👏 – stages data in /Users/Shared/NW/, compresses it for exfiltration, and uses OpenSSL for AES decryption.
MY SECURE #OPENDIR FOLDER !11 url: mysecureserveronlinefolder[.]com Stager-> tax_documents.[lnk] 93ce603aedbecf6e0946bba2674043ff -> Lumma-E tax_documents f2db0977b7c9377131ee5b7e5d9260c4 -> Remcos InnoPack\.exe 8359912322add7b9bb3cfa27253c448e Ref[1]: virustotal.com/gui/file/82956…
![r3dbU7z's tweet image. MY SECURE #OPENDIR FOLDER !11
url: mysecureserveronlinefolder[.]com
Stager->
tax_documents.[lnk]
93ce603aedbecf6e0946bba2674043ff
->
Lumma-E
tax_documents
f2db0977b7c9377131ee5b7e5d9260c4
->
Remcos
InnoPack\.exe
8359912322add7b9bb3cfa27253c448e
Ref[1]:
virustotal.com/gui/file/82956…](https://pbs.twimg.com/media/GVwI6K8XgAAu9ih.png)
![r3dbU7z's tweet image. MY SECURE #OPENDIR FOLDER !11
url: mysecureserveronlinefolder[.]com
Stager->
tax_documents.[lnk]
93ce603aedbecf6e0946bba2674043ff
->
Lumma-E
tax_documents
f2db0977b7c9377131ee5b7e5d9260c4
->
Remcos
InnoPack\.exe
8359912322add7b9bb3cfa27253c448e
Ref[1]:
virustotal.com/gui/file/82956…](https://pbs.twimg.com/media/GVwI6KwWcAAftxs.png)
Domain Impersonation url: loginsmoobu[.]com /Downloads/ Document.pdf\.lnk Original Domain -> [ smoobu.com ] "Smoobu ᐅ The Short-Term & Vacation Rental Software" Ref[1]: virustotal.com/gui/domain/log… Ref[2]: Document.pdf\.lnk virustotal.com/gui/file/76b3d…
![r3dbU7z's tweet image. Domain Impersonation
url: loginsmoobu[.]com /Downloads/ Document.pdf\.lnk
Original Domain -> [ smoobu.com ]
"Smoobu ᐅ The Short-Term & Vacation Rental Software"
Ref[1]:
virustotal.com/gui/domain/log…
Ref[2]:
Document.pdf\.lnk
virustotal.com/gui/file/76b3d…](https://pbs.twimg.com/media/GVrWV_JWsAA_x3h.png)
![r3dbU7z's tweet image. Domain Impersonation
url: loginsmoobu[.]com /Downloads/ Document.pdf\.lnk
Original Domain -> [ smoobu.com ]
"Smoobu ᐅ The Short-Term & Vacation Rental Software"
Ref[1]:
virustotal.com/gui/domain/log…
Ref[2]:
Document.pdf\.lnk
virustotal.com/gui/file/76b3d…](https://pbs.twimg.com/media/GVrWV9IXAAAxthT.png)
![r3dbU7z's tweet image. Domain Impersonation
url: loginsmoobu[.]com /Downloads/ Document.pdf\.lnk
Original Domain -> [ smoobu.com ]
"Smoobu ᐅ The Short-Term & Vacation Rental Software"
Ref[1]:
virustotal.com/gui/domain/log…
Ref[2]:
Document.pdf\.lnk
virustotal.com/gui/file/76b3d…](https://pbs.twimg.com/media/GVrWV9CXQAAp7u0.jpg)
![r3dbU7z's tweet image. #nocomments
Ref[1]:
62.133.61.56_Downloads.zip
virustotal.com/gui/file/f809d…](https://pbs.twimg.com/media/GVlejAEWgAAlo_z.jpg)
#opendir `undetectable` #metasploit url: keylifeofenzyme\.com Ref[1]: virustotal.com/gui/domain/key…
![r3dbU7z's tweet image. #opendir `undetectable` #metasploit
url: keylifeofenzyme\.com
Ref[1]:
virustotal.com/gui/domain/key…](https://pbs.twimg.com/media/GVhPVooXUAAo5PL.png)
![r3dbU7z's tweet image. #opendir `undetectable` #metasploit
url: keylifeofenzyme\.com
Ref[1]:
virustotal.com/gui/domain/key…](https://pbs.twimg.com/media/GVhPVomW8AACdWD.png)
Found 3 domains masquerading as #fake #telegram websites delivering #RAT with surprisingly low detections on VT for the .msi installers that they drop 1. hxxps://47.236.48.41 resolves to www.telegram-in.]com 2. www.telegramkd.]com 3. www.telegram-apk.]com file link below
![raghav127001's tweet image. Found 3 domains masquerading as #fake #telegram websites delivering #RAT with surprisingly low detections on VT for the .msi installers that they drop
1. hxxps://47.236.48.41 resolves to www.telegram-in.]com
2. www.telegramkd.]com
3. www.telegram-apk.]com
file link below](https://pbs.twimg.com/media/GVZl3Bob0AAHSfo.jpg)
![raghav127001's tweet image. Found 3 domains masquerading as #fake #telegram websites delivering #RAT with surprisingly low detections on VT for the .msi installers that they drop
1. hxxps://47.236.48.41 resolves to www.telegram-in.]com
2. www.telegramkd.]com
3. www.telegram-apk.]com
file link below](https://pbs.twimg.com/media/GVZl3BpbsAAUfGW.jpg)
![raghav127001's tweet image. Found 3 domains masquerading as #fake #telegram websites delivering #RAT with surprisingly low detections on VT for the .msi installers that they drop
1. hxxps://47.236.48.41 resolves to www.telegram-in.]com
2. www.telegramkd.]com
3. www.telegram-apk.]com
file link below](https://pbs.twimg.com/media/GVZl3BnbQAAPdDS.jpg)
#суровыйибеспощадныйэстонскийбюджет🇪🇪 Lumma Stealer(?) url: ✅gregoryshuman\.com /Downloads/ Estonia_Consolidated_annual_report_of_the_state2024\.lnk 95c380b57b24829d79ca4087018f500b -> Ref[1]: Estonia3 virustotal.com/gui/file/2812b…
![r3dbU7z's tweet image. #суровыйибеспощадныйэстонскийбюджет🇪🇪
Lumma Stealer(?)
url: ✅gregoryshuman\.com /Downloads/
Estonia_Consolidated_annual_report_of_the_state2024\.lnk
95c380b57b24829d79ca4087018f500b ->
Ref[1]:
Estonia3
virustotal.com/gui/file/2812b…](https://pbs.twimg.com/media/GVHVdonXAAA1BfV.png)
![r3dbU7z's tweet image. #суровыйибеспощадныйэстонскийбюджет🇪🇪
Lumma Stealer(?)
url: ✅gregoryshuman\.com /Downloads/
Estonia_Consolidated_annual_report_of_the_state2024\.lnk
95c380b57b24829d79ca4087018f500b ->
Ref[1]:
Estonia3
virustotal.com/gui/file/2812b…](https://pbs.twimg.com/media/GVHVdooXQAApL2P.png)
#понедельникденьтяжелый atlaissian BUT moday DOT com url: atlaissian\.com 🕶️ url: roobsadlov[.cloud /j7xl6v -> Monday-release-\.exe App-release-.exe [Inno Setup installer] 87ae797946f26db53e7f0847877e5cb9 Ref[1]: virustotal.com/gui/file/212e0…
![r3dbU7z's tweet image. #понедельникденьтяжелый
atlaissian BUT moday DOT com
url: atlaissian\.com 🕶️
url: roobsadlov[.cloud /j7xl6v ->
Monday-release-\.exe
App-release-.exe
[Inno Setup installer]
87ae797946f26db53e7f0847877e5cb9
Ref[1]:
virustotal.com/gui/file/212e0…](https://pbs.twimg.com/media/GVHTklrXkAAuTZC.jpg)
![r3dbU7z's tweet image. #понедельникденьтяжелый
atlaissian BUT moday DOT com
url: atlaissian\.com 🕶️
url: roobsadlov[.cloud /j7xl6v ->
Monday-release-\.exe
App-release-.exe
[Inno Setup installer]
87ae797946f26db53e7f0847877e5cb9
Ref[1]:
virustotal.com/gui/file/212e0…](https://pbs.twimg.com/media/GVHTklpXsAAeTkl.png)
JS stealer url: mireiaskqans\.com Ref[1]: EditPro_Installer-release-\.exe virustotal.com/gui/file/269f1… URLs: doweoanst\.pro foojerwa\.ink amorefysuop\.pro fostoopas\.site fostoopas\.cloud afternburner\.org hoopsature\.click Ref[2]: virustotal.com/gui/file/12876…
![r3dbU7z's tweet image. JS stealer
url: mireiaskqans\.com
Ref[1]:
EditPro_Installer-release-\.exe
virustotal.com/gui/file/269f1…
URLs:
doweoanst\.pro
foojerwa\.ink
amorefysuop\.pro
fostoopas\.site
fostoopas\.cloud
afternburner\.org
hoopsature\.click
Ref[2]:
virustotal.com/gui/file/12876…](https://pbs.twimg.com/media/GTGd2wyXcAAoemX.png)
![r3dbU7z's tweet image. JS stealer
url: mireiaskqans\.com
Ref[1]:
EditPro_Installer-release-\.exe
virustotal.com/gui/file/269f1…
URLs:
doweoanst\.pro
foojerwa\.ink
amorefysuop\.pro
fostoopas\.site
fostoopas\.cloud
afternburner\.org
hoopsature\.click
Ref[2]:
virustotal.com/gui/file/12876…](https://pbs.twimg.com/media/GTGd2zdWMAAxJ6f.png)
United States Trends
- 1. Jokic 25.3K posts
- 2. Lakers 53.6K posts
- 3. Epstein 1.65M posts
- 4. #AEWDynamite 49.9K posts
- 5. #River 4,852 posts
- 6. Clippers 14.3K posts
- 7. Nemec 3,284 posts
- 8. Shai 16.4K posts
- 9. #ReasonableDoubtHulu N/A
- 10. Thunder 42.2K posts
- 11. #NJDevils 3,096 posts
- 12. Markstrom 1,249 posts
- 13. Ty Lue 1,095 posts
- 14. #Blackhawks 1,598 posts
- 15. Nemo 8,738 posts
- 16. Lafferty N/A
- 17. Steph 29.8K posts
- 18. Mikey 71.1K posts
- 19. Rory 8,045 posts
- 20. Jordan Miller N/A
You might like
-
proxylife
@pr0xylife -
3xp0rt
@3xp0rtblog -
Arkbird
@Arkbird_SOLG -
Dee
@ViriBack -
Shadow Chaser Group
@ShadowChasing1 -
Myrtus
@Myrtus0x0 -
Ne0ne | Igal
@0xToxin -
Jiří Vinopal
@vinopaljiri -
RedDrip Team
@RedDrip7 -
Group-IB Threat Intelligence
@GroupIB_TI -
Will
@BushidoToken -
reecDeep
@reecdeep -
RussianPanda 🐼 🇺🇦
@RussianPanda9xx -
Matthew
@embee_research -
ExecuteMalware
@executemalware
Something went wrong.
Something went wrong.