hxFrost

@0xFrost

Threat Hunting | Malware Analysis | Reverse Engineering | Interested in Windows Internals

Vrijeme pridruživanja: srpanj 2018.

Tweetovi

Blokirali ste korisnika/cu @0xFrost

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xFrost

  1. Prikvačeni tweet
    13. pro 2019.

    Doing IR case for a client just found out that is present on their DC for about 1 year and no one from their IT staff found out.

    Poništi
  2. prije 3 sata

    👏 to everyone that is submitting malware URL.

    Poništi
  3. proslijedio/la je Tweet
    4. velj

    Very useful tool if you are studying Drivers. Also really enjoyed the book: Windows Kernel Programming

    Poništi
  4. proslijedio/la je Tweet
    3. velj
    Poništi
  5. proslijedio/la je Tweet
    15. sij

    Operation :Cyber ​​attack on multinational military and political institutions in South Asia 198.54.117.197-200 IP 115.111.244.34 tatacommunications support IOC relate to 185.225.17.40 -> ap1-acl./net report from Antiy:

    Prikaži ovu nit
    Poništi
  6. 30. sij
    Poništi
  7. 30. sij
    Poništi
  8. 30. sij
    Poništi
  9. proslijedio/la je Tweet
    30. sij

    I received 30 emails today - that's the highest volume I've seen in about a week. A couple of the Word documents that I saw had the new VBA macros. 🧐 Here's what I saw/gathered:

    Poništi
  10. 28. sij

    Hey Is it possible to disable this User please [.]com/channel/UC5rZeqnotZF-8-rqOUVkL3A All his videos are promoting and containing links that are dropping Malware. Thread:

    Poništi
  11. proslijedio/la je Tweet
    28. sij

    Dridex malspam incoming 📨 Sender domains: deliverychuckh\.website delivercedor\.website deliverychuckh\.website Filename: BS005738599784.vbs BS005738599784.rar MD5 hash (VBS): 0cd98cbe50e461d2cb8f1651003d4383 Dridex C2s: 46.105.131.71:443 173.249.16.143:1443

    Poništi
  12. proslijedio/la je Tweet
    27. sij

    From an adware to a banking trojan: - PUA.InstallCapital c4b1077d4954b2536239dd7546ea6202 - Stage2 InstallCapitall: PUA.ImpulseLTD (exee. space/installer/exee.exe) - Stage2 ImpulseLTD : Dreambot (AES (new ?!) dJReCsX8qWlhQ0kv) 34.240.96. 52/files/sp/vvvv.exe

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    27. sij

    Great research on detecting ransomware! "Getting Ahead of Ryuk attacks using YARA rules" by

    Poništi
  14. proslijedio/la je Tweet
    25. sij

    Maybe I'm just paranoid but pckg-lab\.eu at 91.241.19\.83 just doesn't smell right...

    Poništi
  15. proslijedio/la je Tweet
    25. sij

    C2 Panels TOP 5 last 3 months: 1- (324 panels) 2- (192) 3- (97) 4- (42) 5- (38) Source:

    Prikaži ovu nit
    Poništi
  16. 24. sij
    Poništi
  17. proslijedio/la je Tweet
    23. sij
    Prikaži ovu nit
    Poništi
  18. 23. sij
    Poništi
  19. proslijedio/la je Tweet
    22. sij

    Fake Company, Real Threats: Logs From a Smart Factory -

    Poništi
  20. proslijedio/la je Tweet
    22. sij

    Incoming run, all subjects contain Docusign sender address is: docusign@shelbourncpa.us tracking paste:

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    22. sij

    2020-01-22: 🏦🔥 Banker | 🦹‍♂️ Group & Offshoots 🔩Module: "vnc_x32|64.dll"▶️💻VncStart|StopServer Activating Inject Function via VNC Redirection | 📨"VNC is starting your browser..." 💰Remote Connect for /Account Takeover 🔦Re-Used / VNC Module

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·