Sotwe logo Sotwe logo
netresec's profile banner image
netresec's profile image

π™½π™΄πšƒπšπ™΄πš‚π™΄π™²

@netresec

Creators of #NetworkMiner, #CapLoader, #PolarProxy, #FlowCarp and #RawCap.
@[email protected]
Joined November 2011
852 Following
8.8K Followers
3.6K Posts
Β Pinned Tweet
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Netresec is @[email protected] on Mastodon: https://t.co/gjSSLHGUFR
1
1
1
0
500
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
@abuse_ch Sorry for the cross post. It's AzaleaControl C2. https://t.co/SGd2UBdwL4
0
3
0
1
382
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
https://t.co/8x9BHx2guQ https://t.co/2rN1Y5ziC4
0
0
0
0
519
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Is this a new ValleyRAT variant from SilverFox (铢狐) or a completely new malware? Custom protocol over TCP 443. C2 traffic starts with: "BFuck" (42 46 75 63 6b 00 00 00) IOCs: πŸ‘Ύ 38.76.177.46:443 πŸ‘Ύ 43.99.101.175:443 https://t.co/tgPnjik7XG
1
55
7
15
4K

Who to follow

ale_sp_brazil's profile image
Alexandre Borges Verified account
@ale_sp_brazil
iOS, Chrome and Android security researcher | Exploit Developer
stvemillertime's profile image
Steve YARA Synapse Miller
@stvemillertime
AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
nextronsystems's profile image
Nextron Systems
@nextronsystems
Managed Compromise Assessments #YARA #IOCs #DFIR #APT #Sigma - the home of @thor_scanner, ASGARD and the Aurora Agent
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
@Jane_0sint Looks like LAC did a follow-up analysis on the same RAT https://t.co/mHK3d0AEq7
1
1
0
0
28
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
@wessorh Wow, that's an interesting solution!
0
0
0
0
7
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Maximizing IOC Impact: Advice on extracting, verifying, and sharing IOCs for fast, broad protection. https://t.co/aIylJK4REY
1
5
2
7
1K
netresec Β retweeted
HuntressLabs's profile image
Huntress @HuntressLabs
The whole chain barely touches disk. HTML β†’ JScript β†’ PowerShell β†’ .NET loader β†’ RAT, nearly all in memory. Full writeup and IOCs from @RussianPanda9xx and Adam Mooney. https://t.co/7OaPrMdDUR
2
21
7
13
2K
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
@HuntressLabs @RussianPanda9xx You can get a verdict on the protocol from FlowCarp by submitting a PCAP like this: curl --data-binary @​desckvb-rat.​pcap https:​//demo.flowcarp.​com
1
2
0
0
106
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
@HuntressLabs @RussianPanda9xx CapLoader and FlowCarp both identify the traffic to 48.202.58.22:7211 as "BlueLoader", which is a new RAT from PureCoder. The description of "DesckVB RAT" in your blog post also seem to match what we know about BlueLoader. Can you please verify if it is the same thing?
netresec's tweet photo. @HuntressLabs @RussianPanda9xx CapLoader and FlowCarp both identify the traffic to 48.202.58.22:7211 as "BlueLoader", which is a new RAT from PureCoder. The description of "DesckVB RAT" in your blog post also seem to match what we know about BlueLoader. Can you please verify if it is the same thing? https://t.co/yZmHbtFcMb
1
2
0
0
128
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
PolarProxy 2.0.1 Released πŸ»β€β„οΈ πŸ’¨ Improved performance 🐞 Bug fixes βš–οΈ Prioritizes PCAP output over throughput https://t.co/pSn07p2gIW
0
9
3
1
1K
netresec Β retweeted
scanmalware's profile image
Scan Malware @scanmalware
It's now possible to do ScanMalware lookups from @netresec CapLoader: https://t.co/je31cWOtKv
0
4
1
0
371
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
New release of CapLoader πŸ«† JA3/JA4/SNI extraction from multi-segment TLS handshakes 🚨 Alerts on IOCs from @viql's RΓΆsti πŸ‘€ OSINT lookup on @jonasl's ScanMalware πŸ“¦οΈExtracts packets from more encapsulation protocols https://t.co/bbKCa8yutE
0
9
5
0
1K
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
PolarProxy 2.0 TLS inspection proxy released πŸ“¦οΈSingle self-contained binary release πŸ”€ Improved HTTP proxy 🐳 Builds for Linux musl (Alpine) ARM/ARM64 πŸͺ„ Simplified deployment πŸ”ͺ Flow cutoff in output PCAP https://t.co/7sXiudBebT
0
36
9
25
3K
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Viewing #remcos alerts from FlowCarp in @jasonish's #EveBox https://t.co/DUVUWFnAom
0
5
1
1
474
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
New tool released: #FlowCarp πŸ”οΈIdentifies protocols without port numbers πŸ”¨ Build protocol detection from example traffic ➑️ Input: PCAP or PcapNG ⬅️ Output: Flows and/or Alerts https://t.co/3sqnfOpN4a
0
20
6
10
860
netresec Β retweeted
DFRWS's profile image
DFRWS @DFRWS
✨ DFRWS EU 2026 Workshops Led by Erik Hjelmvik (Netresec, Sweden), the session is designed for practitioners and researchers working with network and memory forensics in real-world investigations. πŸ“ Workshop Dates 23–24 March 2026 🧿 Details here: https://t.co/Aitqb7i2ua
DFRWS's tweet photo. ✨ DFRWS EU 2026 Workshops Led by Erik Hjelmvik (Netresec, Sweden), the session is designed for practitioners and researchers working with network and memory forensics in real-world investigations. πŸ“ Workshop Dates 23–24 March 2026 🧿 Details here: https://t.co/Aitqb7i2ua https://t.co/rbvsKadrcW
0
4
4
2
530
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
21 of the world's best intelligence and security agencies cannot be wrong... right? https://t.co/eALNc5OHtF
0
0
1
0
410
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Do CISA analysts type out IOC domains by hand? https://t.co/VpI6LUhlKR
1
6
1
2
722
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Netresec is @netresec.com on Bluesky: https://t.co/wDktzNKJhR
0
0
1
0
249
netresec's profile image
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² @netresec
Netresec is @[email protected] on Mastodon: https://t.co/gjSSLHGUFR
1
1
1
0
500

Last Seen Users on Sotwe

SexGnc's profile image
SEVGΔ°LΔ°SΔ°NΔ° ALDATANLAR PLATFORMU
Seen from Turkey
hotwifecucksiss's profile image
Hotwives & Cuckold sissies couples
Seen from Turkey
Burrakkalkan's profile image
Burak
Seen from Turkey
LBadderzWorld's profile image
LBadderz around the world πŸ‡¬πŸ‡§πŸ‡ͺπŸ‡¬πŸ‡­πŸ‡Ί
Seen from United Kingdom
ale_xandra45ca's profile image
Alexandra Campbell
quran_fuck's profile image
Fuck Quran
YIKONG16's profile image
δΈŠζ΅·η”·δΈ»θ°ƒζ•™εœˆε…»ζ”Άε₯΄YIKONG SM Verified account
Seen from United Kingdom
positifcovid19's profile image
Totneng kuy
Seen from Singapore
Yoyo39643870's profile image
Yo yo
Seen from Thailand
Jeevan15101980's profile image
serial world
Seen from United Kingdom

Trends for you

1
Japan
Under 10K tweets
2
Oliver Tree
Under 10K tweets
3
Ecuador
Under 10K tweets
4
Lebanon
Under 10K tweets
5
Izzy
Under 10K tweets
6
Troy
Under 10K tweets
7
Dutch
Under 10K tweets
8
MREs
Under 10K tweets
9
#artfight
Under 10K tweets
10
Germany
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.3M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
109.5M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.4M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.7M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
87.1M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.9M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.5M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.5M followers
imvkohli's profile image
13
Virat Kohli Verified account
@imvkohli
69M followers
youtube's profile image
14
YouTube Verified account
@youtube
68.6M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.6M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61.7M followers
x's profile image
19
X Verified account
@x
60.9M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
60.2M followers