FaLcon Intelligence @FaLconIntel - Twitter Profile

FaLcon Intelligence @FaLconIntel

over 4 years ago

2021-10-29 #Malvertising -> #MagnitudeEK -> #Magniber #Ransomware location:Japan

1

6

5

0

FaLconIntel retweeted

DirectoryRanger @DirectoryRanger

over 4 years ago

Post Compromise Active Directory Checklist https://t.co/e85wblANnW

2

203

79

62

0

FaLconIntel retweeted

BleepingComputer

@BleepinComputer

over 4 years ago

Exploit code released for three iOS 0-days that Apple failed to patch - @serghei https://t.co/npqGoVOayI

4

267

128

18

0

FaLconIntel retweeted

Max_Malyutin @Max_Mal_

almost 5 years ago

#MSHTML RCE Vulnerability #CVE-2021-40444 (#CVE202140444) #DFIR #BlueTeam - Not only Control - CPL‼️ Potentially the exploit could run: #LOLBins 🔥🔥🔥🔥 MSHTA - HTA ✅ WSCRIPT - JS, JSE, VBA, WSF...✅ JAVAW - JAR ✅ MSIEXEC - MSI ✅ RegEdit - REG ✅ And MORE (?)

Max_Mal_'s tweet photo. #MSHTML RCE Vulnerability #CVE-2021-40444 (#CVE202140444)

#DFIR #BlueTeam - Not only Control - CPL‼️

Potentially the exploit could run:
#LOLBins 🔥🔥🔥🔥
MSHTA - HTA ✅
WSCRIPT - JS, JSE, VBA, WSF...✅
JAVAW - JAR ✅
MSIEXEC - MSI ✅
RegEdit - REG ✅

And MORE (?) https://t.co/CupB3SOmKV

10

319

134

37

0

Who to follow

reecDeep

@reecdeep

malware analyst, reverse engineer.

CAPE Sandbox

@CapeSandbox

Payloads or it didn't happen. https://t.co/rAVsWT6dcl

nao_sec

@nao_sec

FaLconIntel retweeted

Jakub Kroustek

@JakubKroustek

almost 5 years ago

#Sodinokibi / #REvil #ransomware is back and not just their sites. The latest variant from today: https://t.co/V6qq74UKMR

1

139

60

5

0

FaLconIntel retweeted

BleepingComputer

@BleepinComputer

almost 5 years ago

Windows CVE-2021-40444 defenses bypassed as new info emerges - @LawrenceAbrams https://t.co/8Q6yf8VIFK

1

226

122

22

0

FaLconIntel retweeted

Max_Malyutin @Max_Mal_

almost 5 years ago

#MSHTML RCE Vulnerability #CVE-2021-40444 #DFIR How to find mhtml object: 1) Unzip the MalDoc 2) Navigate to *\word\_rels\* 3) open document.xml.rels 4) Screech for: Target="mhtml: Sample: https://t.co/lqQGn7t7gf

$Max_Mal_'s tweet photo. #MSHTML RCE Vulnerability #CVE-2021-40444 #DFIR How to find mhtml object: 1) Unzip the MalDoc 2) Navigate to *\word\_rels\* 3) open document.xml.rels 4) Screech for: Target="mhtml: Sample: https://t.co/lqQGn7t7gf https://t.co/Opp4fBw1Ff$

4

146

51

24

0

FaLconIntel retweeted

Gen Threat Labs

@GenThreatLabs

almost 5 years ago

We’ve found #UnderminerEK has the following modules and can exploit a whopping 11 different vulnerabilities including #PrintNightmare.

GenThreatLabs's tweet photo. We’ve found #UnderminerEK has the following modules and can exploit a whopping 11 different vulnerabilities including #PrintNightmare. https://t.co/q2pH06i0px

1

37

17

3

0

FaLconIntel retweeted

RIVER @wugeej

almost 5 years ago

Fortinet FortiWeb OS Command Injection [‼️0-day] [PoC] POST /api/v2.0/user/remoteserver.saml HTTP/1.1 ... ... Content-Disposition: form-data; name="name" `touch /tmp/vulnerable` https://t.co/lWmj6JA5BR

wugeej's tweet photo. Fortinet FortiWeb OS Command Injection [‼️0-day]

[PoC]
POST /api/v2.0/user/remoteserver.saml HTTP/1.1
...
...
Content-Disposition: form-data; name="name"
`touch /tmp/vulnerable`

https://t.co/lWmj6JA5BR https://t.co/vyOzNJT1Or

18

1K

552

148

0

FaLconIntel retweeted

Florian Roth ⚡️

@cyb3rops

almost 5 years ago

A #PrinterNightmare overview https://t.co/lw1n2PesFi

4

308

67

15

0

FaLconIntel retweeted

Virus Bulletin @virusbtn

almost 5 years ago

Proofpoint reports an increase in malicious use of Cobalt Strike in threat actor campaigns. Cobalt Strike is currently used by more cybercrime and general commodity malware operators than APT and espionage threat actors. https://t.co/r8yfgtaS5f

virusbtn's tweet photo. Proofpoint reports an increase in malicious use of Cobalt Strike in threat actor campaigns. Cobalt Strike is currently used by more cybercrime and general commodity malware operators than APT and espionage threat actors. https://t.co/r8yfgtaS5f https://t.co/JWihqHsi1k

0

17

7

1

0

FaLconIntel retweeted

Analysis Center @jpcert_ac

almost 5 years ago

ラッキービジター詐欺で不正サイトへのリダイレクトに悪用されるドメインを掲載するレポジトリを公開しました。新しい不正ドメインが観測された際は、こちらに掲載されますので、ご活用ください。 ^ST https://t.co/s11Nr8RKGt

1

74

48

6

0

FaLcon Intelligence @FaLconIntel

about 5 years ago

2021年5月に観測したPurple Foxのランディングはこちらです。 #PurpleFox(#PurpleFoxEK)

株式会社マクニカ　ネットワークスカンパニー @mncofficial2004

about 5 years ago

海外においてPurple Fox EKが活発です。 IEのパッチ適用状況確認（特に21年3月修正のCVE-2021-26411）やIE以外のブラウザへの切替について海外拠点への注意喚起をご検討ください。ランディングページは特定できておりませんが、PSの接続先は以下ドメインです。

mncofficial2004's tweet photo. 海外においてPurple Fox EKが活発です。

IEのパッチ適用状況確認（特に21年3月修正のCVE-2021-26411）やIE以外のブラウザへの切替について海外拠点への注意喚起をご検討ください。

ランディングページは特定できておりませんが、PSの接続先は以下ドメインです。 https://t.co/r0uGQSnsqs

0

26

7

0

8

5

0

FaLconIntel retweeted

nao_sec @nao_sec

over 5 years ago

New blog post! #nccTrojan is a RAT used by #TA428 in attacks targeting East Asian defense and aviation organizations. Please see the analysis result of nccTrojan v1 and v2😆 https://t.co/RxR2zzVoLj

1

50

28

3

0

FaLcon Intelligence @FaLconIntel

over 5 years ago

2021-02-17 #Malvertising -> #RIGEK -> #loader -> #BrowserAssistant The loader had Microsoft digital certification, which has been identified as an invalid signature. https://t.co/FC1BQXLJ2c https://t.co/uKmrhrXPLI

FaLconIntel's tweet photo. 2021-02-17
#Malvertising -> #RIGEK -> #loader -> #BrowserAssistant

The loader had Microsoft digital certification, which has been identified as an invalid signature.

https://t.co/FC1BQXLJ2c
https://t.co/uKmrhrXPLI https://t.co/FPkYhpyjVX

0

3

1

0

FaLcon Intelligence @FaLconIntel

over 5 years ago

2021-01-29 #Malvertising -> #RIGEK(#ExploitKit) -> #Smokeloader -> #Ursnif(#Dreambot) location:Japan SerpentKey=78347829JSDUKLHG Version:250161 id=8005 https://t.co/sY5MKIpb8l https://t.co/kGOmhXrbAv

FaLconIntel's tweet photo. 2021-01-29
#Malvertising -> #RIGEK(#ExploitKit) -> #Smokeloader -> #Ursnif(#Dreambot)
location:Japan

SerpentKey=78347829JSDUKLHG
Version:250161
id=8005
https://t.co/sY5MKIpb8l
https://t.co/kGOmhXrbAv https://t.co/UqhQokAV7M

1

15

0

FaLcon Intelligence @FaLconIntel

over 5 years ago

2021-01-28 #Malvertising -> #RIGEK(#ExploitKit) -> #Buer(##BuerLoader) https://t.co/XzFbPUtY6z https://t.co/BcRAzJsRDs

0

2

1

0

FaLcon Intelligence @FaLconIntel

over 5 years ago

2021-01-20 #Malvertising -> #RIGEK(#ExploitKit) -> #Dridex OR Unknown malware It seems that the malware that infects depends on the location. https://t.co/4e4ENBSjWU https://t.co/l3W8mVmh5G https://t.co/kdWNIVC7PR https://t.co/4K2YvX9cLc https://t.co/5PjxTVS03u

FaLconIntel's tweet photo. 2021-01-20
#Malvertising -> #RIGEK(#ExploitKit) -> #Dridex OR Unknown malware

It seems that the malware that infects depends on the location.

https://t.co/4e4ENBSjWU
https://t.co/l3W8mVmh5G

https://t.co/kdWNIVC7PR
https://t.co/4K2YvX9cLc
https://t.co/5PjxTVS03u https://t.co/XPW4eFaN9D

0

9

2

0

FaLconIntel retweeted

nao_sec @nao_sec

over 5 years ago

#PurpleFox Exploit Kit -> #PhantomNugget https://t.co/ekoZOGYnRr

0

31

12

1

0

FaLcon Intelligence @FaLconIntel

over 5 years ago

2020-12-08 #Malvertising(#Makemoney) -> #RIGEK(#ExploitKit) -> #Taurus Sample https://t.co/oEKPcoHL4r https://t.co/vKKkM8pz8b Reference https://t.co/3fjQJT7W5R

FaLconIntel's tweet photo. 2020-12-08
#Malvertising(#Makemoney) -> #RIGEK(#ExploitKit) -> #Taurus

Sample
https://t.co/oEKPcoHL4r
https://t.co/vKKkM8pz8b

Reference
https://t.co/3fjQJT7W5R https://t.co/JALc5c2IlB

0

3

2

0

FaLcon Intelligence

@FaLconIntel

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users