#wsgidav search results
Another #WsgiDAV #opendir hxxps://scratch-orbit-method-unlikely.trycloudflare(.)com/ "RUP" "W1PP" "WYA" folders contains LNK bazaar.abuse.ch/sample/8f40b6c… bazaar.abuse.ch/sample/bf82d23… bazaar.abuse.ch/sample/9b32646… @skocherhan
'DATEV-Rechnung Nr. 21412122025.pdf.lnk' @abuse_ch bazaar.abuse.ch/sample/b13fe27… #WsgiDAV #opendir with LNK that was seen from Germany: hxxps://msg-presented-threshold-figure.trycloudflare(.)com/DE/DATEV-Rechnung%20Nr.%2021412122025.pdf.lnk
#WsgiDAV #opendir with LNK in the documents folder: hxxps://hardware-added-mba-night.trycloudflare(.)com/ Other files possible the next stage... bazaar.abuse.ch/sample/f071647…
🧵/ Over the last months, our CyberSOC & CERT teams have been tracking a malicious cluster leveraging #WsgiDAV servers to distribute commodity #RATs, including in Europe🇪🇺. ⛓️Multistage infection chain: LNK>VBS>BAT>Powershell>ZIP>Python We track this activity as Blue Stylthon🧀
![JAMESWT_WT's tweet image. #WsgiDAV
⛔️http://krynifbeqw.]shop:7020/](https://pbs.twimg.com/media/Ge6eEloXoAAiYy9.jpg)
![JAMESWT_WT's tweet image. #WsgiDAV
⛔️http://dbasopma.]one:6049/](https://pbs.twimg.com/media/Ge79I2yWkAA5_Qh.jpg)
This ones has a #WsgiDAV #opendir full mirror at hxxp://91.219.239(.)49:7940/ ServerAstra Kft #Hungary emojohbokloc-dedicated.serverastra(.)com AS56322 Still active mirror to these #trycloudflare pages: ethical-points-competitive-fluid.trycloudflare(.)com…
Another #WsgiDAV #opendir hxxps://scratch-orbit-method-unlikely.trycloudflare(.)com/ "RUP" "W1PP" "WYA" folders contains LNK bazaar.abuse.ch/sample/8f40b6c… bazaar.abuse.ch/sample/bf82d23… bazaar.abuse.ch/sample/9b32646… @skocherhan
#WsgiDAV #AsyncRat dbasopma. me:6110 partinvshipppjbb[.click Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/371ec616… h/t @malwrhunterteam
#WsgiDAV #opendir: https://lender-router-exclusively-fraction.trycloudflare.]com/ Samples 👇 bazaar.abuse.ch/browse/tag/Wsg…
![JAMESWT_WT's tweet image. #WsgiDAV #opendir: https://lender-router-exclusively-fraction.trycloudflare.]com/
Samples 👇
bazaar.abuse.ch/browse/tag/Wsg…](https://pbs.twimg.com/media/GsMRPdXXoAEFlfX.jpg)
#WsgiDAV ⛔️https://desired-equally-delete-choir.trycloudflare.[com/ Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg…
#WsgiDAV #germany #italy spam email Fattura-N.263829362. zip > Url>WsgiDAV>lnk>js>bat>WsgiDAV>zip python > #AsyncRat Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/d86e31dd… h/t @malwrhunterteam
#WsgiDAV #germany #italy spam email Fattura-N.263829362. zip > Url>WsgiDAV>lnk>js>bat>WsgiDAV>zip python > #AsyncRat Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/d86e31dd… h/t @malwrhunterteam
#WsgiDAV samples collection updated bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg…
We found similar sites, all abusing the TryCloudflare service: 👀 previews-belgium-achieved-driving.trycloudflare[.]com louise-monitors-mo-rating.trycloudflare[.]com fit-retired-athletics-marathon.trycloudflare[.]com native-shipments-forty-polar.trycloudflare[.]com 🧵4/4
Mentioned #WsgiDAV bazaar.abuse.ch/browse/tag/Wsg… and Related Samples bazaar.abuse.ch/browse/tag/ken…
Related #AsyncRat #WsgiDAV Samples ❇️bazaar.abuse.ch/browse/tag/Wsg… Urls ❇️urlhaus.abuse.ch/host/casinos-c… ❇️urlhaus.abuse.ch/host/barry-phy… ❇️urlhaus.abuse.ch/host/holder-ap…
#AsyncRat #Malware 💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣 lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat app.any.run/tasks/0a336523… app.any.run/tasks/13911dd7…
![RacWatchin8872's tweet image. #AsyncRat #Malware
💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣
lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat
app.any.run/tasks/0a336523…
app.any.run/tasks/13911dd7…](https://pbs.twimg.com/media/GdFOYEOWsAAWv4n.jpg)
![RacWatchin8872's tweet image. #AsyncRat #Malware
💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣
lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat
app.any.run/tasks/0a336523…
app.any.run/tasks/13911dd7…](https://pbs.twimg.com/media/GdFOwM8XsAA059n.png)
![RacWatchin8872's tweet image. #AsyncRat #Malware
💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣
lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat
app.any.run/tasks/0a336523…
app.any.run/tasks/13911dd7…](https://pbs.twimg.com/media/GdFO3ciXgAAF_-C.jpg)
![RacWatchin8872's tweet image. #AsyncRat #Malware
💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣
lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat
app.any.run/tasks/0a336523…
app.any.run/tasks/13911dd7…](https://pbs.twimg.com/media/GdFO8TuXIAEJffo.png)
![JAMESWT_WT's tweet image. Mentioned #WsgiDAV/193.143.1[.]95 Samples
👇👇👇
bazaar.abuse.ch/browse/tag/193…](https://pbs.twimg.com/media/GiOPFC5W4AA6lAM.jpg)
![JAMESWT_WT's tweet image. Mentioned #WsgiDAV/193.143.1[.]95 Samples
👇👇👇
bazaar.abuse.ch/browse/tag/193…](https://pbs.twimg.com/media/GiOPFiYWIAA3v27.jpg)
Related #WsgiDAV 👇 ⛔️https://additional-markets-fee-romance.trycloudflare[.com/ ⛔️http://makingbmw2skodahossh[.net:26077/ ⛔️http://overboardlogist.]org:2677/KKG2W2.zip 👇 Samples bazaar.abuse.ch/browse/tag/Wsg…
![JAMESWT_WT's tweet image. Related #WsgiDAV
👇
⛔️https://additional-markets-fee-romance.trycloudflare[.com/
⛔️http://makingbmw2skodahossh[.net:26077/
⛔️http://overboardlogist.]org:2677/KKG2W2.zip
👇
Samples
bazaar.abuse.ch/browse/tag/Wsg…](https://pbs.twimg.com/media/GfE_mVmXwAAWx3-.jpg)
![JAMESWT_WT's tweet image. Related #WsgiDAV
👇
⛔️https://additional-markets-fee-romance.trycloudflare[.com/
⛔️http://makingbmw2skodahossh[.net:26077/
⛔️http://overboardlogist.]org:2677/KKG2W2.zip
👇
Samples
bazaar.abuse.ch/browse/tag/Wsg…](https://pbs.twimg.com/media/GfE_nIYWsAAh2KH.jpg)
![JAMESWT_WT's tweet image. Related #WsgiDAV
👇
⛔️https://additional-markets-fee-romance.trycloudflare[.com/
⛔️http://makingbmw2skodahossh[.net:26077/
⛔️http://overboardlogist.]org:2677/KKG2W2.zip
👇
Samples
bazaar.abuse.ch/browse/tag/Wsg…](https://pbs.twimg.com/media/GfFBNDBXUAAsYWt.jpg)
weno aun asi me sigo quedando con #wsgidav code.google.com/p/wsgidav/
#WsgiDAV #asyncrat /#Xworm Samples bazaar.abuse.ch/browse/tag/Wsg… C2 •ghanarchydn.duckdns. org:7878 • pdhasync.duckdns. org:8797 • ksjvenom.duckdns. org:8890 • jkswrm3.duckdns. org:8895 • novxrw9402.duckdns. org:9402 • jkwrm5.duckdns. org:8896 H/T @malwrhunterteam 1/2
This ones has a #WsgiDAV #opendir full mirror at hxxp://91.219.239(.)49:7940/ ServerAstra Kft #Hungary emojohbokloc-dedicated.serverastra(.)com AS56322 Still active mirror to these #trycloudflare pages: ethical-points-competitive-fluid.trycloudflare(.)com…
Another #WsgiDAV #opendir hxxps://scratch-orbit-method-unlikely.trycloudflare(.)com/ "RUP" "W1PP" "WYA" folders contains LNK bazaar.abuse.ch/sample/8f40b6c… bazaar.abuse.ch/sample/bf82d23… bazaar.abuse.ch/sample/9b32646… @skocherhan
Another #WsgiDAV #opendir hxxps://scratch-orbit-method-unlikely.trycloudflare(.)com/ "RUP" "W1PP" "WYA" folders contains LNK bazaar.abuse.ch/sample/8f40b6c… bazaar.abuse.ch/sample/bf82d23… bazaar.abuse.ch/sample/9b32646… @skocherhan
'DATEV-Rechnung Nr. 21412122025.pdf.lnk' @abuse_ch bazaar.abuse.ch/sample/b13fe27… #WsgiDAV #opendir with LNK that was seen from Germany: hxxps://msg-presented-threshold-figure.trycloudflare(.)com/DE/DATEV-Rechnung%20Nr.%2021412122025.pdf.lnk
#WsgiDAV #opendir with LNK in the documents folder: hxxps://hardware-added-mba-night.trycloudflare(.)com/ Other files possible the next stage... bazaar.abuse.ch/sample/f071647…
#WsgiDAV #opendir: https://lender-router-exclusively-fraction.trycloudflare.]com/ Samples 👇 bazaar.abuse.ch/browse/tag/Wsg…
🧵/ Over the last months, our CyberSOC & CERT teams have been tracking a malicious cluster leveraging #WsgiDAV servers to distribute commodity #RATs, including in Europe🇪🇺. ⛓️Multistage infection chain: LNK>VBS>BAT>Powershell>ZIP>Python We track this activity as Blue Stylthon🧀
Mentioned #WsgiDAV bazaar.abuse.ch/browse/tag/Wsg… and Related Samples bazaar.abuse.ch/browse/tag/ken…
Related #WsgiDAV 👇 ⛔️https://additional-markets-fee-romance.trycloudflare[.com/ ⛔️http://makingbmw2skodahossh[.net:26077/ ⛔️http://overboardlogist.]org:2677/KKG2W2.zip 👇 Samples bazaar.abuse.ch/browse/tag/Wsg…
#WsgiDAV ⛔️https://desired-equally-delete-choir.trycloudflare.[com/ Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg…
#WsgiDAV #germany #italy spam email Fattura-N.263829362. zip > Url>WsgiDAV>lnk>js>bat>WsgiDAV>zip python > #AsyncRat Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/d86e31dd… h/t @malwrhunterteam
#WsgiDAV #germany #italy spam email Fattura-N.263829362. zip > Url>WsgiDAV>lnk>js>bat>WsgiDAV>zip python > #AsyncRat Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/d86e31dd… h/t @malwrhunterteam
#WsgiDAV #AsyncRat dbasopma. me:6110 partinvshipppjbb[.click Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/371ec616… h/t @malwrhunterteam
#WsgiDAV #asyncrat /#Xworm Samples bazaar.abuse.ch/browse/tag/Wsg… C2 •ghanarchydn.duckdns. org:7878 • pdhasync.duckdns. org:8797 • ksjvenom.duckdns. org:8890 • jkswrm3.duckdns. org:8895 • novxrw9402.duckdns. org:9402 • jkwrm5.duckdns. org:8896 H/T @malwrhunterteam 1/2
Related #AsyncRat #WsgiDAV Samples ❇️bazaar.abuse.ch/browse/tag/Wsg… Urls ❇️urlhaus.abuse.ch/host/casinos-c… ❇️urlhaus.abuse.ch/host/barry-phy… ❇️urlhaus.abuse.ch/host/holder-ap…
#AsyncRat #Malware 💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣 lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat app.any.run/tasks/0a336523… app.any.run/tasks/13911dd7…
#WsgiDAV samples collection updated bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg…
We found similar sites, all abusing the TryCloudflare service: 👀 previews-belgium-achieved-driving.trycloudflare[.]com louise-monitors-mo-rating.trycloudflare[.]com fit-retired-athletics-marathon.trycloudflare[.]com native-shipments-forty-polar.trycloudflare[.]com 🧵4/4
Cool - good tip @vm00z! So a simple #oneliner webserver (with #wsgidav preinstalled) would be something like: wsgidav --host=0.0.0.0 --port=1334 --root=/web Nice!
weno aun asi me sigo quedando con #wsgidav code.google.com/p/wsgidav/
🧵/ Over the last months, our CyberSOC & CERT teams have been tracking a malicious cluster leveraging #WsgiDAV servers to distribute commodity #RATs, including in Europe🇪🇺. ⛓️Multistage infection chain: LNK>VBS>BAT>Powershell>ZIP>Python We track this activity as Blue Stylthon🧀
#WsgiDAV #AsyncRat dbasopma. me:6110 partinvshipppjbb[.click Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/371ec616… h/t @malwrhunterteam
#WsgiDAV #opendir: https://lender-router-exclusively-fraction.trycloudflare.]com/ Samples 👇 bazaar.abuse.ch/browse/tag/Wsg…
#WsgiDAV samples collection updated bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg…
We found similar sites, all abusing the TryCloudflare service: 👀 previews-belgium-achieved-driving.trycloudflare[.]com louise-monitors-mo-rating.trycloudflare[.]com fit-retired-athletics-marathon.trycloudflare[.]com native-shipments-forty-polar.trycloudflare[.]com 🧵4/4
'DATEV-Rechnung Nr. 21412122025.pdf.lnk' @abuse_ch bazaar.abuse.ch/sample/b13fe27… #WsgiDAV #opendir with LNK that was seen from Germany: hxxps://msg-presented-threshold-figure.trycloudflare(.)com/DE/DATEV-Rechnung%20Nr.%2021412122025.pdf.lnk
#WsgiDAV #germany #italy spam email Fattura-N.263829362. zip > Url>WsgiDAV>lnk>js>bat>WsgiDAV>zip python > #AsyncRat Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/d86e31dd… h/t @malwrhunterteam
#WsgiDAV ⛔️https://desired-equally-delete-choir.trycloudflare.[com/ Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg…
#WsgiDAV #germany #italy spam email Fattura-N.263829362. zip > Url>WsgiDAV>lnk>js>bat>WsgiDAV>zip python > #AsyncRat Samples bazaar.abuse.ch/browse/tag/Wsg… Urls urlhaus.abuse.ch/browse/tag/Wsg… AnyRun app.any.run/tasks/d86e31dd… h/t @malwrhunterteam
Mentioned #WsgiDAV bazaar.abuse.ch/browse/tag/Wsg… and Related Samples bazaar.abuse.ch/browse/tag/ken…
Related #AsyncRat #WsgiDAV Samples ❇️bazaar.abuse.ch/browse/tag/Wsg… Urls ❇️urlhaus.abuse.ch/host/casinos-c… ❇️urlhaus.abuse.ch/host/barry-phy… ❇️urlhaus.abuse.ch/host/holder-ap…
#AsyncRat #Malware 💣holder-apartments-face-matthew[.]trycloudflare[.]com/uline/Nr-2005-028763-2024-PDF[.]lnk💣 lnk->vbs->bat (checks if Avast exists) -> zip -> python scripts (injects shellcode) -> AsyncRat app.any.run/tasks/0a336523… app.any.run/tasks/13911dd7…
Related #WsgiDAV 👇 ⛔️https://additional-markets-fee-romance.trycloudflare[.com/ ⛔️http://makingbmw2skodahossh[.net:26077/ ⛔️http://overboardlogist.]org:2677/KKG2W2.zip 👇 Samples bazaar.abuse.ch/browse/tag/Wsg…
#WsgiDAV #opendir with LNK in the documents folder: hxxps://hardware-added-mba-night.trycloudflare(.)com/ Other files possible the next stage... bazaar.abuse.ch/sample/f071647…
This ones has a #WsgiDAV #opendir full mirror at hxxp://91.219.239(.)49:7940/ ServerAstra Kft #Hungary emojohbokloc-dedicated.serverastra(.)com AS56322 Still active mirror to these #trycloudflare pages: ethical-points-competitive-fluid.trycloudflare(.)com…
Another #WsgiDAV #opendir hxxps://scratch-orbit-method-unlikely.trycloudflare(.)com/ "RUP" "W1PP" "WYA" folders contains LNK bazaar.abuse.ch/sample/8f40b6c… bazaar.abuse.ch/sample/bf82d23… bazaar.abuse.ch/sample/9b32646… @skocherhan
Something went wrong.
Something went wrong.
United States Trends
- 1. Good Saturday 24.9K posts
- 2. #SaturdayVibes 3,806 posts
- 3. #MeAndTheeSeriesEP1 520K posts
- 4. #askdave N/A
- 5. Massie 70.6K posts
- 6. Draymond 24.6K posts
- 7. PONDPHUWIN AT MAT PREMIERE 445K posts
- 8. Caturday 5,605 posts
- 9. IT'S GAMEDAY 2,138 posts
- 10. Wemby 47.8K posts
- 11. Marjorie Taylor Greene 63.5K posts
- 12. #Truedtac5GXWilliamEst 221K posts
- 13. Steph 88.6K posts
- 14. #PerayainEFW2025 192K posts
- 15. FAYE ATTENDS SILHOUETTE EFW 184K posts
- 16. Bubba 65.9K posts
- 17. Michelle 61.1K posts
- 18. Charlie Brown 3,023 posts
- 19. Spurs 36.8K posts
- 20. Metroid 19.9K posts