Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @JCyberSec_
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @JCyberSec_
-
Prikvačeni tweet
New Slack channel :: Magecart Intel Sharing
If you're engaged in hunting or protecting against #Magecart then come join. Split into with different TLP areas to enable effective intel sharing and allowing for collaborative working amount peers.
DM me for an invite now.pic.twitter.com/JgjH7szx6S
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Phishing against AT&T using free online form sites to host.
/ca.surveygizmo.com/s3/50067103/AT-T-support @SurveyGizmo
/atttnet.weebly.com @weebly
/currentfromatt826189.typeform.com/to/TMGflH
/mail532421.typeform.com/to/rm4WcY @typeformpic.twitter.com/Nhmsfb1jy6
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Has anyone found a way to circumvent the Cloudflare phishing detection splash screen when scanning a domain in
@urlscanio? Help:@CloudflareAbuse@hascj@xxdesmus I appreciate the good work you do; but sometimes, I really need to see the source of the site
pic.twitter.com/6GJj9HvCfF
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
Nice find. Steps are included in the images. Note the spelling of 'finalize' is US English not UK English! Obviously the creator used a translation service for it.pic.twitter.com/OZTINnUSXW
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Wow, thanks for the shout-out
@sans_isc
. Hope you see a good uplift on the service @abuse_ch. I'd better get researching more credentials!
#Phishing https://twitter.com/JCyberSec_/status/1222558561667960832 …pic.twitter.com/EqvvZTBGuC
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
#Phishing against@Huawei.
Multiple URLs from the same kit "modify by #cwx341547" IoC List: https://pastebin.com/J5g5LuTQ Second kit with same actor fingerprint but also contains a HTTrack artifact. Complex@urlscanio pivot https://bit.ly/2U286Mf IoC List: https://pastebin.com/kjKxLh5E pic.twitter.com/RdO8adkTsc
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
This campaign is still live and kicking.
New sites are being spun up daily and are easily identifiable.
Following domains are all on IP 101.99.75.22
hxxps://www.hmrc.tax8refund.com/verify
hxxps://www.hmrc.tax7refund.com/verify
hxxps://www.hmrc.tax6refund.com/verify https://twitter.com/Beeker51/status/1205970263990525958 …pic.twitter.com/Bb7JmrsT7y
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
We all love some Office
#Phishing on Windows ...
hxxps://standard7deliver1.z13.web.core.windows.net
52.239.246.1
TLS by Microsoft
POST's the stolen data to another domain.
@JayTHL@malwrhunterteam@Spam404Onlinepic.twitter.com/bdNDAYv4za
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This is a great project and I am proud to be able to work with others and feed data into this.
https://twitter.com/abuse_ch/status/1222481940529459201 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
We all love some Office
#Phishing on Windows ...
hxxps://standard7deliver1.z13.web.core.windows.net
52.239.246.1
TLS by Microsoft
POST's the stolen data to another domain.
@JayTHL@malwrhunterteam@Spam404Onlinepic.twitter.com/bdNDAYv4za
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
The search is detailed in the image. This enables searching for new kits targeting the same organisation. Use searches to pivot and to also help understand sites. Sites all look the same but they are all different kits, campaigns, and actors. Turn data into information.
#CTIpic.twitter.com/ivGXKueyMQ
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This campaign is still live and kicking.
New sites are being spun up daily and are easily identifiable.
Following domains are all on IP 101.99.75.22
hxxps://www.hmrc.tax8refund.com/verify
hxxps://www.hmrc.tax7refund.com/verify
hxxps://www.hmrc.tax6refund.com/verify https://twitter.com/Beeker51/status/1205970263990525958 …pic.twitter.com/Bb7JmrsT7y
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The search is detailed in the image. This enables searching for new kits targeting the same organisation. Use searches to pivot and to also help understand sites. Sites all look the same but they are all different kits, campaigns, and actors. Turn data into information.
#CTIpic.twitter.com/ivGXKueyMQ
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Phishing against@Huawei.
Multiple URLs from the same kit "modify by #cwx341547" IoC List: https://pastebin.com/J5g5LuTQ Second kit with same actor fingerprint but also contains a HTTrack artifact. Complex@urlscanio pivot https://bit.ly/2U286Mf IoC List: https://pastebin.com/kjKxLh5E pic.twitter.com/RdO8adkTsc
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sneaky. The actors behind this Magecart gang have a fake suspended page on their index page. The URL is :/magecart.net is linked to the recent arrests in Indonesia.pic.twitter.com/BMXw4OSuwv
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ermm
@Maersk you might want to take a look at this. There is a#Phishing campaign targeting your users directly. There is also two other domains using the same kit:
hxxps://courseworktutors.com/test/view/index.php
hxxp://luzia.co/wp/view/
https://twitter.com/IpNigh/status/1221750414237929472 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Over the weekend my script discovered
#PredatorTheThief
and one occurrence of #CrownAdsPro
Other sites were also found but were already scanned in @urlscanio. These are all first time scans on the platform If anyone wants a tracking ability to monitor these scans DM me
https://twitter.com/JCyberSec_/status/1220054791193341953 …pic.twitter.com/AnEAI02g1b
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
Thanks to data from
@ecomscan we were able to see a new digital skimmer/#magecart loader that's starting to be utilized. It's unique enough that it merits some discussion, even if it's also not fully operational. Let's call it the Prototype loader, I guess.pic.twitter.com/xkXXdNQ1SC
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Whoops. Found a minor error that occasionally gave the wrong panel type as a tag on UrlScan. This is now fixed, stupid incrementing index and then referencing after! I am seeing if there's a way to fix the previous errors. Sorry!
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jake proslijedio/la je Tweet
Thanks
@HackingHumansCW podcast for featuring my tweet (
1:27 - 4:02) https://twitter.com/JCyberSec_/status/1217480287514292225?s=20 …
Notes:
The URL isn't .gb but /gb it is hosted on a .com domain
The 'udud' blob is AES encrypted containing the sites content
Listen here
:https://castbox.fm/episode/Flipping-the-script.-id1304141-id223377306 …
DM me to chat!pic.twitter.com/aPzgi8M8ya
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
For bug reports and feature requests -> DM me