🚩 Nuevo dominio .CL registrado para distribuir el Troyano para dispositivos Android #SpyNote. El sitio web se encuentra en scotiapass[.]cl y suplanta a Scotiabank Chile 🇨🇱 Los actores de amenaza también crearon un canal de YouTube (ScotiaPass) con una guía de instalación 😏…

1ZRR4H's tweet image. 🚩 Nuevo dominio .CL registrado para distribuir el Troyano para dispositivos Android #SpyNote. 

El sitio web se encuentra en scotiapass[.]cl y suplanta a Scotiabank Chile 🇨🇱

Los actores de amenaza también crearon un canal de YouTube (ScotiaPass) con una guía de instalación 😏…
1ZRR4H's tweet image. 🚩 Nuevo dominio .CL registrado para distribuir el Troyano para dispositivos Android #SpyNote. 

El sitio web se encuentra en scotiapass[.]cl y suplanta a Scotiabank Chile 🇨🇱

Los actores de amenaza también crearon un canal de YouTube (ScotiaPass) con una guía de instalación 😏…
1ZRR4H's tweet image. 🚩 Nuevo dominio .CL registrado para distribuir el Troyano para dispositivos Android #SpyNote. 

El sitio web se encuentra en scotiapass[.]cl y suplanta a Scotiabank Chile 🇨🇱

Los actores de amenaza también crearon un canal de YouTube (ScotiaPass) con una guía de instalación 😏…
1ZRR4H's tweet image. 🚩 Nuevo dominio .CL registrado para distribuir el Troyano para dispositivos Android #SpyNote. 

El sitio web se encuentra en scotiapass[.]cl y suplanta a Scotiabank Chile 🇨🇱

Los actores de amenaza también crearon un canal de YouTube (ScotiaPass) con una guía de instalación 😏…

This is a type of craxs rat(#spynote) malware. Since A101 is a Turkish🇹🇷 market chain, the target is Turkish citizens.

0x6rss's tweet image. This is a type of craxs rat(#spynote) malware. Since A101 is a Turkish🇹🇷 market chain, the target is Turkish citizens.

who can help? these apks are 0 detections on VT although i am almost 100% sure they are malicious.

banthisguy9349's tweet image. who can help? these apks are 0 detections on VT although i am almost 100% sure they are malicious.


Similarity between #EagleSpy and #SpyNote from a year ago (October 2023).

guelfoweb's tweet image. Similarity between #EagleSpy and #SpyNote from a year ago (October 2023).

⚠️ #SpyNote Android RAT dirigido a Chile 🇨🇱 y suplantando a Banco Estado y Banco Santander. Para infectar a sus víctimas, el atacante realiza campañas de #phishing a través de la técnica conocida como BITB (Browser In The Browser). Ref: mrd0x.com/browser-in-the… 69.197.134.103…

1ZRR4H's tweet image. ⚠️ #SpyNote Android RAT dirigido a Chile 🇨🇱 y suplantando a Banco Estado y Banco Santander.

Para infectar a sus víctimas, el atacante realiza campañas de #phishing a través de la técnica conocida como BITB (Browser In The Browser). Ref: mrd0x.com/browser-in-the…

69.197.134.103…
1ZRR4H's tweet image. ⚠️ #SpyNote Android RAT dirigido a Chile 🇨🇱 y suplantando a Banco Estado y Banco Santander.

Para infectar a sus víctimas, el atacante realiza campañas de #phishing a través de la técnica conocida como BITB (Browser In The Browser). Ref: mrd0x.com/browser-in-the…

69.197.134.103…
1ZRR4H's tweet image. ⚠️ #SpyNote Android RAT dirigido a Chile 🇨🇱 y suplantando a Banco Estado y Banco Santander.

Para infectar a sus víctimas, el atacante realiza campañas de #phishing a través de la técnica conocida como BITB (Browser In The Browser). Ref: mrd0x.com/browser-in-the…

69.197.134.103…
1ZRR4H's tweet image. ⚠️ #SpyNote Android RAT dirigido a Chile 🇨🇱 y suplantando a Banco Estado y Banco Santander.

Para infectar a sus víctimas, el atacante realiza campañas de #phishing a través de la técnica conocida como BITB (Browser In The Browser). Ref: mrd0x.com/browser-in-the…

69.197.134.103…

#android #spynote hxxps://45.130.151.211/ 🤔@malwrhunterteam

0x6rss's tweet image. #android #spynote 
hxxps://45.130.151.211/
🤔@malwrhunterteam
0x6rss's tweet image. #android #spynote 
hxxps://45.130.151.211/
🤔@malwrhunterteam

#spynote #spyware owner dor47 whoever wondered how Cybercriminals setup the malicious spynote apk's check Picture 2. we are sending roughly 40 samples now to @ReversingLabs

banthisguy9349's tweet image. #spynote #spyware owner dor47

whoever wondered how Cybercriminals setup the malicious spynote apk's check Picture 2.

we are sending roughly 40 samples now to @ReversingLabs
banthisguy9349's tweet image. #spynote #spyware owner dor47

whoever wondered how Cybercriminals setup the malicious spynote apk's check Picture 2.

we are sending roughly 40 samples now to @ReversingLabs

Find 10 differences / Yet another #SpyNote 🤖 Today I read medium.com/s2wblog/detail… about DocSwap After research I found the old article about C2 communication SpyNote (#android #spyware) - bulldogjob.pl/articles/1200-… C2: 204.12.253[.]10:6834 - the network protocol is identical ⬇️

naumovax's tweet image. Find 10 differences / Yet another #SpyNote 🤖

Today I read medium.com/s2wblog/detail… about DocSwap
After research I found the old article about C2 communication SpyNote (#android #spyware) - bulldogjob.pl/articles/1200-…

C2: 204.12.253[.]10:6834 - the network protocol is identical ⬇️

+ haorizi888[.]top #SpyNote

skocherhan's tweet image. + haorizi888[.]top
#SpyNote

🚨 Newly Registered Domains Distributing SpyNote Malware The latest DomainTools Investigations (DTI) analysis reveals that deceptive websites hosted on newly registered domains are being used to deliver the potent AndroidOS SpyNote malware. dti.domaintools.com/newly-register…

SecuritySnacks's tweet image. 🚨 Newly Registered Domains Distributing SpyNote Malware

The latest DomainTools Investigations (DTI) analysis reveals that deceptive websites hosted on newly registered domains are being used to deliver the potent AndroidOS SpyNote malware. dti.domaintools.com/newly-register…


#Phishing #Avast #Spynote 📌hxxps://avastsf.]com/📌 Windows - Downloads Anydesk (Revoked Cert) - Anydesk.exe (virustotal.com/gui/file/ec33d…) Mac - Downloads Anydesk - anydesk.dmg (virustotal.com/gui/file/9960c…) Android - Downloads Spynote Trojan - Avastavv.apk (virustotal.com/gui/file/94a3b…)

RacWatchin8872's tweet image. #Phishing #Avast #Spynote
📌hxxps://avastsf.]com/📌
Windows - Downloads Anydesk (Revoked Cert) - Anydesk.exe (virustotal.com/gui/file/ec33d…)
Mac - Downloads Anydesk - anydesk.dmg (virustotal.com/gui/file/9960c…)
Android - Downloads Spynote Trojan - Avastavv.apk (virustotal.com/gui/file/94a3b…)
RacWatchin8872's tweet image. #Phishing #Avast #Spynote
📌hxxps://avastsf.]com/📌
Windows - Downloads Anydesk (Revoked Cert) - Anydesk.exe (virustotal.com/gui/file/ec33d…)
Mac - Downloads Anydesk - anydesk.dmg (virustotal.com/gui/file/9960c…)
Android - Downloads Spynote Trojan - Avastavv.apk (virustotal.com/gui/file/94a3b…)
RacWatchin8872's tweet image. #Phishing #Avast #Spynote
📌hxxps://avastsf.]com/📌
Windows - Downloads Anydesk (Revoked Cert) - Anydesk.exe (virustotal.com/gui/file/ec33d…)
Mac - Downloads Anydesk - anydesk.dmg (virustotal.com/gui/file/9960c…)
Android - Downloads Spynote Trojan - Avastavv.apk (virustotal.com/gui/file/94a3b…)

#Spynote AS 20473 🇸🇬 http[:]//66.42.55.13/ready[.]apk AS 210538 🇹🇷 https[:]//45.87.173.219/ready[.]apk Undetected #IOC #Android cc @banthisguy9349 @bofheaded

prashant_92's tweet image. #Spynote
AS 20473 🇸🇬
http[:]//66.42.55.13/ready[.]apk

AS 210538 🇹🇷
https[:]//45.87.173.219/ready[.]apk

Undetected

#IOC #Android 

cc @banthisguy9349 @bofheaded
prashant_92's tweet image. #Spynote
AS 20473 🇸🇬
http[:]//66.42.55.13/ready[.]apk

AS 210538 🇹🇷
https[:]//45.87.173.219/ready[.]apk

Undetected

#IOC #Android 

cc @banthisguy9349 @bofheaded

http://54.253.82.23:8080/ #opendir #spyware #spynote hxxp://47.57.184.164 /ready.apk hxxp://103.148.125.8 /ready.apk hxxp://47.57.7.44 /ready.apk hxxp://103.148.125.26 /ready.apk hxxp://164.155.241.15 /ready.apk hxxp://103.142.244.32 /ready.apk

banthisguy9349's tweet image. http://54.253.82.23:8080/ #opendir #spyware #spynote

hxxp://47.57.184.164 /ready.apk
hxxp://103.148.125.8 /ready.apk
hxxp://47.57.7.44 /ready.apk
hxxp://103.148.125.26 /ready.apk
hxxp://164.155.241.15 /ready.apk
hxxp://103.142.244.32 /ready.apk
banthisguy9349's tweet image. http://54.253.82.23:8080/ #opendir #spyware #spynote

hxxp://47.57.184.164 /ready.apk
hxxp://103.148.125.8 /ready.apk
hxxp://47.57.7.44 /ready.apk
hxxp://103.148.125.26 /ready.apk
hxxp://164.155.241.15 /ready.apk
hxxp://103.142.244.32 /ready.apk

📲 Google_Translate.apk - #SpyNote Malware 📂 #opendir: 62.217.183[.163 🎛️ C2: 159.100.9[.47:8080 #android 🤖

karol_paciorek's tweet image. 📲 Google_Translate.apk  - #SpyNote Malware

📂 #opendir: 62.217.183[.163

🎛️ C2: 159.100.9[.47:8080

#android 🤖

#spyware #spynote Alert ‼️ Coming from AS137951 ASLINE-AS-AP They have also left a nice cat picture for @vxunderground cc: @spamhaus thanks @NDA0E for reporting them.

banthisguy9349's tweet image. #spyware #spynote Alert ‼️
Coming from 
AS137951 ASLINE-AS-AP

They have also left a nice cat picture for @vxunderground 

cc: @spamhaus 

thanks @NDA0E for reporting them.
banthisguy9349's tweet image. #spyware #spynote Alert ‼️
Coming from 
AS137951 ASLINE-AS-AP

They have also left a nice cat picture for @vxunderground 

cc: @spamhaus 

thanks @NDA0E for reporting them.
banthisguy9349's tweet image. #spyware #spynote Alert ‼️
Coming from 
AS137951 ASLINE-AS-AP

They have also left a nice cat picture for @vxunderground 

cc: @spamhaus 

thanks @NDA0E for reporting them.

#Spynote campaign targeting Poland Distribution with a fake website looking like the Google Play: https://pltraf111.pages[.]dev/ hash: 71351a9013e7cfbe959d1ea78d1f7bf4bc2cb08a5716725c8434a911149099f3 C2: 45.88.79.231:7771

alberto__segura's tweet image. #Spynote campaign targeting Poland
Distribution with a fake website looking like the Google Play: https://pltraf111.pages[.]dev/
hash: 71351a9013e7cfbe959d1ea78d1f7bf4bc2cb08a5716725c8434a911149099f3
C2: 45.88.79.231:7771

A new #SpyNote report is out! 🚨 Dive into the tactics of this Android RAT campaign, from dynamic payload decryption to new obfuscation methods. Learn how threat actors are using deceptive Google Play Store clones to target users dti.domaintools.com/spynote-malwar…

DomainTools's tweet image. A new #SpyNote report is out! 🚨 Dive into the tactics of this Android RAT campaign, from dynamic payload decryption to new obfuscation methods. Learn how threat actors are using deceptive Google Play Store clones to target users
dti.domaintools.com/spynote-malwar…

#Spynote campaign using fake VISA app Distribution: https://visasecurity[.]net/ C2: 172.86.93.104:7771 hash: 6b1179c23a7502b4dea7f9bde7dde3d4b5b97c64f634ff3471a1d3d27390f3b1 (The PC download button does nothing)

alberto__segura's tweet image. #Spynote campaign using fake VISA app
Distribution: https://visasecurity[.]net/

C2: 172.86.93.104:7771
hash: 6b1179c23a7502b4dea7f9bde7dde3d4b5b97c64f634ff3471a1d3d27390f3b1
(The PC download button does nothing)

Pakistan's #APT36 / #TransparentTribe is Targeting Indian Govt agency Central Bureau of Investigation (CBI) to deliver #SpyNote #RAT malware. Details are explained in the attached snapshot. Infra: pastebin.com/w0F6pVa7 @500mk500 #Malware #ioc

Cyberteam008's tweet image. Pakistan's #APT36 / #TransparentTribe is Targeting Indian Govt agency Central Bureau of Investigation (CBI) to deliver #SpyNote #RAT malware.

Details are explained in the attached snapshot.

Infra: pastebin.com/w0F6pVa7

@500mk500 #Malware #ioc

⚠️Watch out fake AV websites sharing malware #Spynote (for android) /avast-securedownload.com @Avast #Lumma Stealer /bitdefender-app.com @Bitdefender #StealC (via Buer Loader?) /malwarebytes.pro @Malwarebytes samples and detonations below 👀

g0njxa's tweet image. ⚠️Watch out fake AV websites sharing malware

#Spynote (for android)
/avast-securedownload.com @Avast 

#Lumma Stealer
/bitdefender-app.com @Bitdefender 

#StealC (via Buer Loader?)
/malwarebytes.pro @Malwarebytes 

samples and detonations below 👀
g0njxa's tweet image. ⚠️Watch out fake AV websites sharing malware

#Spynote (for android)
/avast-securedownload.com @Avast 

#Lumma Stealer
/bitdefender-app.com @Bitdefender 

#StealC (via Buer Loader?)
/malwarebytes.pro @Malwarebytes 

samples and detonations below 👀
g0njxa's tweet image. ⚠️Watch out fake AV websites sharing malware

#Spynote (for android)
/avast-securedownload.com @Avast 

#Lumma Stealer
/bitdefender-app.com @Bitdefender 

#StealC (via Buer Loader?)
/malwarebytes.pro @Malwarebytes 

samples and detonations below 👀

Không có kết quả nào cho "#spynote"
Không có kết quả nào cho "#spynote"
Loading...

Something went wrong.


Something went wrong.


United States Trends