#opendir

An #opendir with a mailer and some phishes, one of which is in Chinese. Do not test the mailer. Abuse reports to host encouraged. hxxp://tachiwaki[.]com pic.twitter.com/Eb9vLjfryE

An #opendir packed with suspicious files here: hxxp://dev.diaperpoultry[.]co[.]uk/vqv/ (185.119.173.138) (UK) WARNING: keyyc.php redirects, prompting users to download/run an exe. *** Assume everything is malicious. *** @James_inthe_box @Techhelplistcom https://app.any.run/tasks/17e3ab0f-017b-466f-9c26-9beaf7511dd3 …pic.twitter.com/JlZajM428Q

#Phishing email contains link that redirects to hxxps://seriba[.]mx/images/Dropboxer/login.microsoftonline.com/ which resolves to 52.200.238.10 #OpenDir #PhishKitpic.twitter.com/r9DMLp9djR

#emotet #opendir that's one heck of a no auth "newsletter" hxxp://conexa[.]org[.]br/homolog/wp-content/uploads/2016/newsleter.php hxxp://conexa[.]org[.]br/homolog/wp-content/uploads/2016/list.php pic.twitter.com/Twrp4np3dO

#emotet #opendir hxxp://csszsz[.]hu/ with Usage Statistics hxxp://csszsz[.]hu/stats/ Can spot the month when #emotet took over this website? pic.twitter.com/5kuSkv9dEh

And drops from another #opendir www.paulocamarao[.]com/wp-log pic.twitter.com/mX8RnlnZXi

easiest #opendir yet :-) (and *not* smart) #lokibot c2 at hXXp://abatii.web[.]id/smart/Panel/five/PvqDq929BSx_A_D_M1n_a.php cc @James_inthe_box @malwrhunterteam @benkow_pic.twitter.com/WKAXbCYKtn

Lots of #opendir here.. don't forget about /.idea pic.twitter.com/TVpDU3URh0

There are @PayPalInfoSec and @Chase #Phishing kits and a webshell deployed on this (compromised?) server in an #OpenDir here: hxxp://zoemdesigns.com.au/templates/Mobile/resources/ cc: @Bank_Security @Techhelplistcom @malwrhunterteampic.twitter.com/4s0PMUHxFJ

#malicious #Pdf -> #phishing (/vasa.tk/callahann/login/index.php): #opendir, a zip file containing the web app is on the server (/vasa.tk/callahann/donidoniwire.zip), sends email to donidoniwire@gmail.com, shows 404 code to users from specific ip addrs https://www.hybrid-analysis.com/sample/85735f5c68dd102b5d4ce53985ea979165626b1f893b719f40616cf0177be80c?environmentId=100 …pic.twitter.com/E75F89b2FS

#lokibot w/ #opendir hxxp://lokipanelhostingnew.gq/wordpress/wp-includes/images/media/pa1.exe payment receipt.doc 103.63.2.227 https://www.hybrid-analysis.com/sample/9b512321044ffff3cc3c81389d18267a09333f1b38d007b3b6c0da886d9a49e2?environmentId=100 … https://app.any.run/tasks/74438078-671d-4733-884b-2ad712e24a92 …pic.twitter.com/WZ7gB979YV

Active #pony panel: statewidelegal[.]com[.]au/wp-includes/js/thupload/ #opendir as well :( cc @benkow_ @Xylit0l @Anti_Expl0it @h3x2b @cocaman hash "ecf9f00bff3adfb484e1695d534cde5efdbcaa46fde89ffea1b87e7b35eb3670" on HA soon. pic.twitter.com/wIiZ55UKQZ

several partial #opendir for #emotet #malware, 2 that have a bit more https://pastebin.com/raw/KdsPq5t5  pic.twitter.com/rc6pJU60Cj

Another #opendir - in case you haven't gotten your fill of #phish hxxp://www.ospp.net/paypal-account-secure-limited/pic.twitter.com/Umn64bhoXe

A couple of #opendir from my honeypot from this afternoon: hxxp://114.215.148.72:12345 hxxp://123.59.195.141:384 FYI: I had trouble with access until setting a US-based IP address. pic.twitter.com/QHWArkocy8

several partial , one better #opendir #emotet #malware list here -> https://pastebin.com/raw/MXKQQv2t  pic.twitter.com/9mHXZ4ll7F

This was a lot of work just for #lokibot... docx -> doc -> exe #opendir https://app.any.run/tasks/71a30f73-87e9-47b9-9160-692f13659e08 … c2 is abatii.web[.]id/zor/Panel/five cc @benkow_ @Xylit0l @Anti_Expl0it @h3x2b @cocaman pic.twitter.com/D7Zv8Sfsm1

#lokibot #opendir script.exe #autoit possible c2 to "ip": "188.138.33.220", "city": "Hoest", "region": "North Rhine-Westphalia" - no time to analze now.. will pick up tomorrow. pic.twitter.com/kJNqtsoCvQ

Strike botnet C2. Phishes and panels still active. hxxp://download9[.]cf (204.152.208.130) (USA) #opendir @Techhelplistcom @James_inthe_box @WifiRumHam A modest proposal: https://www.youtube.com/watch?v=aCbfMkh940Q …pic.twitter.com/5TqKTUgmvj