@blu3_team

@blu3_team

Defender, enthusiast, finder of bad things. Opinions are my own and not those of my employer.

Washington, DC
blu3-team.blogspot.com
Vrijeme pridruživanja: lipanj 2017.
94 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @blu3_team

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @blu3_team

  1. Prikvačeni tweet
    3. lip 2019.

    Another method of C2 detection using Splunk with rare domain and PC counts.

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi
  2. 30. stu 2019.

    Powershell -encodedcommand decoding with Splunk Decrypt App AKA: How to get rid of the pesky periods in the base64_decode

    7 proslijeđenih tweetova 39 korisnika označava da im se sviđa
    Poništi
  3. 23. lis 2019.

    Nice, turns out Scr files generally have a manageable list of parents.

    md5:39ae6f1fd36c08e8199a9725906a9f0a filename: Social_Calendar.xls C2:hxxp://isroddp.com/rEmt1t_pE7o_pe0Ry/hipto.php pdb:C:\Users\Carlos\source\repos\drivertoolkit\Release\drivertoolkit.pdb
    4 korisnika označavaju da im se sviđa
    Poništi
  4. 7. lis 2019.

    Detecting using clustered child processes of java.exe Kudos to for making easier!

    2 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Poništi
  5. 2. lis 2019.

    Using Splunk to detect wmiprvse.exe as parent in close proximity to Winword.exe startup

    1 reply 23 proslijeđena tweeta 43 korisnika označavaju da im se sviđa
    Poništi
  6. 9. ruj 2019.

    Using pfSense to selectively allow traffic during dynamic malware analysis. Had fun setting this up so I thought I would share the process.

    1 reply 6 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  7. 7. kol 2019.

    installation Command line looking for "findstr" and "lnk" might be a good early indicator.

    4 korisnika označavaju da im se sviđa
    Poništi
  8. 19. srp 2019.

    Some methods for profiling scheduled tasks.

    5 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    9. srp 2019.

    PB&J. Wine and cheese. Some pairs just go together but others don't. Which is why today on the blog we're talking all about how to find anomalous pairs during threat hunting. Take 6 min to read our tips on how to find these in your environment:

    2 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Poništi
  10. 24. lip 2019.

    A couple of sigs for some file extension shenanigans. Nothing new, but you might want to check to see if you have them.

    1 reply 7 proslijeđenih tweetova 13 korisnika označava da im se sviđa
    Poništi
  11. 30. tra 2019.

    Seeing some adware trying to overwrite the zone.identifier. Command lines containing cmd echo zone.identifier should find it.

    3 korisnika označavaju da im se sviđa
    Poništi
  12. 20. pro 2018.

    8.t 78965.doc 10348b56b0e3466f9f9fa62bda081c98 QCRat C2: login\.vietnamairlines1\.com

    15 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  13. 4. pro 2018.

    Google's search leaves users in the dark: DuckDuckGo CEO via

    Poništi
  14. 1. pro 2018.

    Danh sách BQP dự họp TTg.doc List of participants of the meeting a48431970d150d977562c892c6c124cb OSE.EXE 86a0557fc47d79ad1cc056f229dab944 unio.exe legit LBTServ.dll 5767a17038ca8003ee3e806c5c64b2da k1.ini C2: goog1eupdate\.com

    1 reply 9 proslijeđenih tweetova 20 korisnika označava da im se sviđa
    Poništi
  15. 19. stu 2018.

    61c22d7612299e5838fc62f2b7f50a33efdbb1bc.rtf 0ee22eb0612a4e44c0425d1d9d978056 Drops ose.exe 596fb3f3d6f5a8d1a1fa8f6bd428e56b Antivm Tries to resolve www\.oprojectllheokdetectedmaliciouscode\.com resolution must fail to get the C2: mx.rec.dnsabr\.com

    11 korisnika označava da im se sviđa
    Poništi
  16. 19. stu 2018.

    noted that this is an older sample, my bad. The components are still in place so it still works.

    3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 18. stu 2018.

    Persecution Cases.docx.lnk a63b22171593d78109c38f0a405f6e60 Delivery from www\.geocities\.jp C2: web\.adobephotostage\.com

    5 proslijeđenih tweetova 11 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    14. stu 2018.

    Operation JOKAA(RR)

    16 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  19. 10. stu 2018.

    2 proslijeđena tweeta 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. 10. stu 2018.

    4116054684711436178.rtf 58ab2781a59767cc36198de474df7dc3 C2: 185.200.116\.181 drops mshtml.dll 96df4162f5c3439ea7cb7bd5e2097dae config.dat takshosts.exe c9279ab390d7431a27da3463de0e9b16 update.exe ff89261094e69e8282dbfc974466fb07

    1 reply 4 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@blu3_team još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·