MB Threat Intel

@MBThreatIntel

Twitter account for the Threat Intelligence team

Worldwide
Vrijeme pridruživanja: kolovoz 2019.

Tweetovi

Blokirali ste korisnika/cu @MBThreatIntel

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @MBThreatIntel

  1. Prikvačeni tweet
    13. sij

    Interested in threat hunting and making the internet a safer place? We are looking for a threat intelligence analyst to join our team. Apply here:

    Poništi
  2. prije 4 sata

    Seeing lots of distributing via Word/Excel combo, followed by PowerShell -> fake image Subject: eFAX Message from #[0-9]{8} Payload URL: 107.189.10[.]150/ui/10357780.jpg Payload hash: 7ca62123dabe70a6419aec5cbb2244a5be224789beaf4f4356b6cea9b29df7a7

    Poništi
  3. 31. sij

    Malvertising into dropping . * IoCs * RIG EK: 193.168.3[.]92 Dridex: 9b0635de1bb4a3ae883c514150fb8f8bf5a24bc1b6b1d627435cd886f7397d46

    Poništi
  4. 31. sij

    Malpam with VBS loader fingerprinting the system. * IoCs * Dridex: 635ded83b8e1be3fea6e8899627164f0f983831ce59bb37ddf4a89f86b86b46d

    Poništi
  5. 29. sij

    pushing via CVE-2017-11882 (Equation Editor exploit). * IoCs * f440a587d49886b52586d9dfa8f9a17226b612e10e17cb5b09851ee6abdfdf82 windowsfirewallsecurityauthorise.duckdns[.]org/lvc/svch.exe 7984f74486d3ea0408c80b7474d555b4a2fe5cc9982d8468bd3887a8dbef22b7

    Poništi
  6. 27. sij

    Submissions to show that this browlock was active for over 2 years. This query allows you to go back to December 2017:

    Prikaži ovu nit
    Poništi
  7. 27. sij

    Following our investigation into the most sophisticated browser locker campaign to date, a large part of the infrastructure (including the stegano server) was taken down. No new browlock observed since 01/23. Ref:

    Prikaži ovu nit
    Poništi
  8. 22. sij

    IOCs from this campaign can be downloaded in STIX2 format here:

    Prikaži ovu nit
    Poništi
  9. 22. sij

    Amazingly, this browlock campaign has been around for over 2 years. The use of more advanced traffic deception techniques are one of the reasons why it has been active for that long.

    Prikaži ovu nit
    Poništi
  10. 22. sij

    This browlock also shows how tech support scam operations involve different threat actors who specialize in their area of expertise.

    Prikaži ovu nit
    Poništi
  11. 22. sij

    If victims call the toll-free number they will be sold bogus support packages for hundreds of dollars.

    Prikaži ovu nit
    Poništi
  12. 22. sij

    The browlock itself currently locks up the latest version of Firefox (and is barely handled by Chrome).

    Prikaži ovu nit
    Poništi
  13. 22. sij

    Attempts to replay the browlock chain via a traffic capture are foiled because of server-issued session keys. To be served the browlock, a series of conditions must be fulfilled.

    Prikaži ovu nit
    Poništi
  14. 22. sij

    Machines are fingerprinted before being served a fake PNG image (steganography). It hides encrypted data that only a unique key can decrypt on the fly.

    Prikaži ovu nit
    Poništi
  15. 22. sij

    The infamous browlock produces unique and time sensitive URLs, resulting in 404s by the time you investigate them.

    Prikaži ovu nit
    Poništi
  16. 22. sij

    This has it all: advanced traffic filtering, steganography and anti-reply techniques.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    20. sij
    Poništi
  18. 18. sij

    Apple * IOCs * peanutallergymom[.]com/.well-known/acme-challenge/ maternidadeluizacoelho[.]com[.]br/Writeable/default/

    Poništi
  19. 14. sij

    As seen by others, is back in business after the holiday break. Emotet binary: c79c0b2ce7fa6546ef76ca240ec643c4138071109de3adc3859c778e1a90d351 C2s: 99.252.27[.]6 152.231.89[.]226 86.123.138[.]76 51.159.23[.]217

    Poništi
  20. 13. sij

    Bahrain: plspaynambakibertuna[.]tk

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·