Suspicious Link

@killamjr

I'm just here for the malware and the memes

Missouri, USA
Vrijeme pridruživanja: lipanj 2016.

Tweetovi

Blokirali ste korisnika/cu @killamjr

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @killamjr

  1. Prikvačeni tweet
    23. kol 2019.

    For those with access to a SIEM with email headers, things to watch with email campaigns like emotet: Patterns in: Message-ID X-Mailer URLs in message body Filenames Sender host IP/Domain Obvious sender spoof attempts

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet

    Sample's a little old, it was at the bottom of the spam trap payload at daqrey-bg[.]site DocuSign themed maldoc, leverages bitsadmin. sample I got: found this sample from when it was live on AAR:

    Poništi
  4. 2. velj

    Can't wait to see the Chefs vs the 7^2 in the Superb Owl

    Poništi
  5. proslijedio/la je Tweet
    29. sij

    some bad guy is spreading fresh aviation-themed "NVG-KEA_AviationPurchase" [KAS_STATUS_NOT_DETECTED] .. lol ! 475cc45a9660557910260dbf26ade2f0 Same doc structure as 's

    Poništi
  6. proslijedio/la je Tweet
    29. sij

    The Netwire remote access trojan (RAT) has left a trail of crumbs across various platforms. shows us how it looks on Linux.

    Poništi
  7. proslijedio/la je Tweet
    29. sij

    This is a great project and I am proud to be able to work with others and feed data into this. 💪

    Poništi
  8. proslijedio/la je Tweet
    28. sij
    Odgovor korisnicima

    7d3eb86696eebbcc0ff05917d2b7d0a3

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    Pretty sure this is predictionsbet[.]xyz/jzwuhpimvfguizahlrpjdnfawneuymwp/hlpt.bin

    Poništi
  10. proslijedio/la je Tweet
    26. sij

    finally a macro sample using something other than ps as a wmiprvse child process :)

    Poništi
  11. 26. sij

    snarfs out data via FTP to ftp.faltelecom[.]com faltelecom@faltelecom.com Playboy@11

    Poništi
  12. 26. sij

    I forget to mention, this url at yewonder is almost definitely a hXXps://yewonder.com/wp-content/plugins/ltfhmam/

    Prikaži ovu nit
    Poništi
  13. 26. sij
    Poništi
  14. proslijedio/la je Tweet
    26. sij

    Which of course means insta-pivot to:

    Prikaži ovu nit
    Poništi
  15. 26. sij

    connects to www.classicpalace[.]ae but no download payload: (compiled locally by csc) mailserver mail.stalexinc[.]com email: lori@stalexinc.com stlx2009

    Poništi
  16. 26. sij

    payload: hXXps://yewonder.com/wp-content/plugins/ltfhmam/eklnxx.msi c2: breakthrough.hopto org:64735

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    25. sij

    Our CFP is open! We are trying out this year:

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    We need a new group organizer! If you are interested in taking over the spfdsec meetups, send a DM and we can work out account hand over. Otherwise, this account, and the meetups, will go dormant. Thanks!

    Poništi
  19. proslijedio/la je Tweet
    23. sij

    Goooooooooooood morning, ! .rtf > excel.exe > powershell > csc.exe > download .exe s://craftedcravings.net/wp-admin/4458.exe Renames and executes > Exfils data via SMTP to mail[.]gpphysio[.]co[.]za

    Poništi
  20. Poništi
  21. proslijedio/la je Tweet
    22. sij
    Odgovor korisniku/ci

    Just received a similar one. Payload: hxxps://kayeboutique[.]net/help[.]bin

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·