David Ledbetter @Ledtech3 - Twitter Profile

over 3 years ago

@1ZRR4H @malwrhunterteam @JAMESWT_MHT @StopMalvertisin @James_inthe_box @pr0xylife @0xToxin @ankit_anubhav Fished Decoding these 1 at a time. Interesting strings for sandbox checks

Ledtech3's tweet photo. @1ZRR4H @malwrhunterteam @JAMESWT_MHT @StopMalvertisin @James_inthe_box @pr0xylife @0xToxin @ankit_anubhav Fished Decoding these 1 at a time.
Interesting strings for sandbox checks https://t.co/yKYVJi3y3t

0

3

0

David Ledbetter @Ledtech3

over 3 years ago

@1ZRR4H @malwrhunterteam @JAMESWT_MHT @StopMalvertisin @James_inthe_box @pr0xylife @0xToxin @ankit_anubhav

1

4

1

0

David Ledbetter @Ledtech3

over 3 years ago

@GelosSnake Well it is on 'reddit' so ..🤷‍♂️

0

1

0

Ledtech3 retweeted

ExecuteMalware @executemalware

over 3 years ago

As others have mentioned, the "presidents" #qakbot #qbot distribution (obama221) is back to using "DLL Search Order Hijacking" today (see screenshot). Here are the IOCs: https://t.co/JqSmNQxUIf

executemalware's tweet photo. As others have mentioned, the "presidents" #qakbot #qbot distribution (obama221) is back to using "DLL Search Order Hijacking" today (see screenshot).

Here are the IOCs:
https://t.co/JqSmNQxUIf https://t.co/1clsryLKas

0

45

10

6

0

Who to follow

Steve YARA Synapse Miller

@stvemillertime

AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara

Arkbird

@Arkbird_SOLG

Malware slayer Member of @CuratedIntel

Dee

@ViriBack

#Malware C2 hunter #infosec passionate. Tweets are my own.

Ledtech3 retweeted

Scarlet Shark Security @ScarletSharkSec

over 3 years ago

Anyone seeing #Socgholish using localsys-shield[.]com today?

1

0

2

0

Ledtech3 retweeted

Kelsey @k3dg3

over 3 years ago

#IcedID mixing it up today with CHM files BotID: 1609463178 Loader C2: trolspeaksunt\.com pw-protected, zipped ISO attachments https://t.co/9PDXgxpRAF https://t.co/1jlSljsrFu

0

32

13

0

David Ledbetter @Ledtech3

over 3 years ago

@c_APT_ure you can bck up most of the stuff, but If I remember correctly it doesn't do the DM's thoguh. I've done 2 backup's since i've been here

1

0

David Ledbetter @Ledtech3

over 3 years ago

@t3ft3lb It looks like the site is down already. Is there a hash for what it downloaded ?

1

0

David Ledbetter @Ledtech3

over 3 years ago

@t3ft3lb Ok thanks. I'll have to download this and take a closer look at the shellcode. Looks interesting.

1

0

David Ledbetter @Ledtech3

over 3 years ago

@hacks4pancakes I have several people that I have DM'd with and the DM's have disappeared but I'm not sure how they do it.

1

0

David Ledbetter @Ledtech3

over 3 years ago

@Cryptolaemus1 I was waiting for a 'Ivan Season' to pop up.. 🤷‍♂️

1

3

0

David Ledbetter @Ledtech3

over 3 years ago

@ankit_anubhav @1ZRR4H @Max_Mal_ @pr0xylife @0xToxin @Gi7w0rm I think my tool got it right. (Still a work in progress) It is just like all of those document links that download the rtf's with the Shellcode I wrote about here. https://t.co/OZuqcUWL4e There are a constant change of urls but they are abuse the "@" function.

Ledtech3's tweet photo. @ankit_anubhav @1ZRR4H @Max_Mal_ @pr0xylife @0xToxin @Gi7w0rm I think my tool got it right.
(Still a work in progress)
It is just like all of those document links that download the rtf's with the Shellcode I wrote about here.
https://t.co/OZuqcUWL4e

There are a constant change of urls but they are abuse the "@" function. https://t.co/DVlz6MhWSz

1

7

0

Ledtech3 retweeted

hasherezade

@hasherezade

over 3 years ago

I added my solution for the Task 8: https://t.co/xFNGIxz6eX // #FlareOn9

3

48

10

9

0

David Ledbetter @Ledtech3

over 3 years ago

@t3ft3lb I have not had time to look at this one yet 🤔 Just from the screenshots you got the "External Link/Template" I'll have to see what it downloads

1

0