-
2020-02-03:
#Shellcode Loader
#hVNC 'HiddenDesktop'#Malware
"FudV"|
Recompiled from #TinyNuke Leak|
AVE_MARIA
C2:
94.103.81. 79
PDB:
C:\Users\Administrator\Documents\c++ project\hVNC\Client\Release\FudV.pdb
h/t @malwrhunterteam MD5: 6d8d825d00a4a1d8e3f406bad69fa4a7pic.twitter.com/bsvz8nCkeE
-
#stealer#predatorthethief 53daa43d1313d5cb4ce240c7f850ee86 (https://www.hybrid-analysis.com/sample/937a5a20b1f488806d28f5b94052228e72358cb85e710de25e252e480bdc5bd3 …) c2: jokertor.]com/api (/check.get, /Clipper.post, /Clipper.get, /gate.get,..) Downloads#tinynuke: http://digalitol.]fun/u/sppsvw.exe (https://app.any.run/tasks/b028c2a6-ffb2-4170-8014-bb4389c71bcf …) c2: http://zalivy.]ug/gate.phpPrikaži ovu nit -
#sarwent#bot https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/ … seen this floating around with#tinynuke#yara sig and domains here: https://pastebin.com/etLWDrBT pic.twitter.com/qUpLMNG7cb
-
Loader / Spammer spread in France for a few weeks now ! Domains related (recommended to block) are here https://pastebin.com/fuAK9BHC (fun fact you'll recognize a well known style in the malware code and TTPS
#tinynuke) https://twitter.com/anyrun_app/status/1135822497839013888 …Prikaži ovu nit -
What if you need to determine the type of
#malware, but C2 is already dead?
Just use the contextual search in http://ANY.RUN by domains, IPs or hashes!
Here is the example of #Tinynuke from@dvk01uk: Today: https://app.any.run/tasks/eadc4104-2ab0-4c43-a858-67809469c3bc … From 10 Jan: https://app.any.run/tasks/3cc01534-cab5-42d0-aa04-c256603f6f85 …pic.twitter.com/tHcRaTMxeZ
-
Hello! This is
#TinyNuke. After rebooting we can see the C2 - m0pedx9[.]su, https://app.any.run/tasks/eadc4104-2ab0-4c43-a858-67809469c3bc … Unresolved, but you can find related tasks in public submissions by context (domain), here are: https://app.any.run/tasks/3cc01534-cab5-42d0-aa04-c256603f6f85 …pic.twitter.com/5Q8owA8yl5
-
Active
#tinynuke c2 at: http://pagefinder52[.]uz/razer/gate.php thanks to@malwrhunterteam for the sample, hash 34e252f4c5dd63e61686d77100120f42 on@mal_share pic.twitter.com/0bjG4E7FB6
Prikaži ovu nit -
I've just released an old script to retrieve WebInjects and binaries from
#TinyNuke CnCs. It's available on GitHub: https://github.com/coldshell/Malware-Scripts/tree/master/TinyNuke …pic.twitter.com/Me9wj9q9lc
-
Soit le prix du kebab a augmenté dans les balkans soit y'en a un qui nous fait une petite crise existentielle, mais
#tinynuke est de retour en France depuis une dizaine de jours ! c2: http://virpska2uuredbjp.onion sample (du jour): 903f4b1ce7fc9e9127d5e08dce805619Prikaži ovu nit -
#Tinynuke : Actual hidden message from Tinynuke's botmaster posted on Onion C&C are : > RIMBAUD : Jeunesse (Illuminations 1873) > Papal indulgence 1516 (Essay on catholic reformation) > Adam and Eve@malwrhunterteampic.twitter.com/eIdLzhESo7
-
#Tinynuke spread in France this morning ! (same guy as usual) hxxps://telechargement-email[.]cc/setup.exe pic.twitter.com/xKgVwFJCTO
-
Another Tinynuke campaign targeting Poland just appeared. Malicious DLL is called this time "iloveyou.dll" with new PDB too "c:\users\user\documents\visual studio 2012\Projects\HoodRich\Release\HoodRich.pdb" https://app.any.run/tasks/92d73f9d-73cb-48a6-9b62-847ae954444a …
@H_Miser#tinynuke#malware -
7-15-2018:
#TinyNuke#Banker#Malware ITW (Leaked Src Base)
C2[2]: { "dingparighrewrec].win", "refendisoked[.win" }
/panel/client.php | Same XOR key string encryption | "Entering bot loader" | MD5: 1a097463e356b255875fd8b4779ecd1d
PDB: C:\work\bot\Bin\int32.pdb
Stay safe!pic.twitter.com/XkTL2u2aaP
-
#Tinynuke : Hidden message (C&C text) from Tinynuke's botmaster posted for security companies !@malwrhunterteam@benkow_@James_inthe_boxpic.twitter.com/Dt54a8QVuc
Prikaži ovu nit -
6-25-2018: VT Hunt:
#TinyNuke Banker &#Pony Stealer#Malware C2 Block -> /tarati.se/.pma/ TinuNuke MD5 (C2 /php/): 4dbf7ad8904de470d0ee45d38f70c68a Default Webinject Template Pony MD5 (C2 /mysql/): 6650056f1360dc206ef647a9a6c28476 Uploaded Samples ->@virusbay_iopic.twitter.com/aVll7UbbiB
-
After the victory of the political elections of
#Erdogan, an attack of malspam from Turkey hits Italy and spreads the trojan banker#TinyNuke#Atatürk https://www.tgsoft.it/italy/news_archivio.asp?id=932 …@JAMESWT_MHT@arturodicorinto@malwrhunterteam@James_inthe_box@Bank_Security@dvk01uk@carolafredianiPrikaži ovu nit -
#TinyNuke 6/13 Votre facture coriolis[.]site downloads zip with exe facture_31254872_13.06.2018.exe ytcracker - nerd ambition.mp3 https://urlscan.io/result/87d29921-946a-44e3-9040-c4cee5566c33/dom/ … cc@TheBukypic.twitter.com/jklwk0tuTK
-
Besides developing malware, they make poetry... Oh wait. It's lyrics of Nerd Ambition by YTCracker. Malware:
#tinynuke Payload: coriolis[.]site/facture/ Panel: 4s65xlo930ubyjz8dlcm[.]com/admin/login.php pic.twitter.com/asVmAyzia2
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.