![Unit42_Intel's tweet photo. 2024-08-06 (Tuesday): We found a #Xerxes Android #botnet server on 144.217.61[.]133 that was active until Monday. Pivoting on data from the server, we found two domains used for other Xerxes botnet servers in 2023. More info at https://t.co/syaUCMbzpi https://t.co/A3o6TFwp1f](https://pbs.twimg.com/media/GUYqS5VX0AAJdhf.jpg)
![Unit42_Intel's tweet photo. 2024-08-06 (Tuesday): We found a #Xerxes Android #botnet server on 144.217.61[.]133 that was active until Monday. Pivoting on data from the server, we found two domains used for other Xerxes botnet servers in 2023. More info at https://t.co/syaUCMbzpi https://t.co/A3o6TFwp1f](https://pbs.twimg.com/media/GUYqRrJWkAAjDU3.jpg)
![Unit42_Intel's tweet photo. 2024-08-06 (Tuesday): We found a #Xerxes Android #botnet server on 144.217.61[.]133 that was active until Monday. Pivoting on data from the server, we found two domains used for other Xerxes botnet servers in 2023. More info at https://t.co/syaUCMbzpi https://t.co/A3o6TFwp1f](https://pbs.twimg.com/media/GUYqQdCXcAEA9Mj.jpg)
![embee_research's tweet photo. Defeating API Hashing Using x32dbg and Conditional Breakpoints.
By setting simple log conditions on functions related to API hashing, you can quickly print out decoded hash values without needing to identify or reverse the hashing algorithm.
[1/11]
#Malware https://t.co/RozDgp49tH](https://pbs.twimg.com/media/F39iKbPbwAEJGjz.png)
![embee_research's tweet photo. Defeating API Hashing Using x32dbg and Conditional Breakpoints.
By setting simple log conditions on functions related to API hashing, you can quickly print out decoded hash values without needing to identify or reverse the hashing algorithm.
[1/11]
#Malware https://t.co/RozDgp49tH](https://pbs.twimg.com/media/F39YW1vaoAAJm85.jpg)
![embee_research's tweet photo. Defeating API Hashing Using x32dbg and Conditional Breakpoints.
By setting simple log conditions on functions related to API hashing, you can quickly print out decoded hash values without needing to identify or reverse the hashing algorithm.
[1/11]
#Malware https://t.co/RozDgp49tH](https://pbs.twimg.com/media/F39YUmfaAAA-2ql.png)
Olivia
Online
Yeti
@Yeti_Sec
Sr. Malware Reverse Engineer & Threat Researcher, Unit 42 Threat Intelligence @unit42_intel | Ex-Incident Response. Opinions are my own.
Joined July 2017
659 Following
722 Followers
244 Posts
Was really cool to hang out and demonstrate the IDA Pro MCP with a bit more nuance than 2 minute videos! 🔥
2024-08-21 (Wednesday): First reported in July 2024, a #PowerShell #Stealer named #Kematian Stealer (#KematianStealer) still appears to be active. Details on a recent sample are available at https://t.co/xCprgvPRou
#Unit42ThreatIntel #TimelyThreatIntel
Stargazers Ghost Network continuing to push malware on GitHub.
Sampling the data today, found Lumma Stealer under the repo name "Fortnitehck-seuj".
SHA256: d326e987fdb5fe5da2b52e73556a382ff945b526c4394c7747f26bc8be08d136
https://t.co/A6yNRU3iWD
#lummastealer
Who to follow
Group-IB Threat Intelligence 
@GroupIB_TI
Official account of the @GroupIB Threat Intelligence Unit. Latest research, analytics, IOCs and threat alerts.
Chris Duggan
@TLP_R3D
Full-Time Explorer | MDS Legendary Finisher | Ultra Endurance | From Cyber Intel to the Desert | Author- The Intent Model
t3ft3lb
@t3ft3lb
Threat researcher, Malware analyst
All tweets represent my personal opinion
Found some XehookStealer C2 instances using Censys Search https://t.co/KDgo8muXuM #c2 #xehookstealer
Tried hunting for RisePro panels ? Try using this search term.
Censys -> services.http.response.body_hashes:"sha256:5e52c3d964fc5e71ca6ed84cb3061f3d48921f12c08beb5f13e19be0fe5065c2"
Censys: 21 results
#RisePro #malware #threatintelligence
My latest research blog in collaboration with my colleague @rerednawyerg
With the release of #MaaS #BunnyLoader 3.0, our researchers distill the information gained from new samples of this upgraded malware.
Capable of #CredentialStealing and more, this article provides a thorough overview of BunnyLoader’s progression: https://t.co/vDkpZ08CDm
With the release of #MaaS #BunnyLoader 3.0, our researchers distill the information gained from new samples of this upgraded malware.
Capable of #CredentialStealing and more, this article provides a thorough overview of BunnyLoader’s progression: https://t.co/vDkpZ08CDm
#MedusaRansomware gang launched a dedicated leak site as part of their multi-extortion strategy. This article covers their victimology, toolkit and an ind-depth look at their #TTPs — a close examination of the literal gaze of Medusa’s binary. https://t.co/hcvEISaKjp
Tried hunting for Meduza Stealer panels ? Try using these search terms.
Censys -> services.http.response.html_tags="<title>Meduza Stealer</title>"
Hunter -> web.title="Meduza Stealer"
Censys: 9 results
Hunter: 11 results
#MeduzaStealer #malware #threatintelligence
Virtually attending CYBERWARCON this week. Excited to check out the conference for the first time. Curious to hear the talk from @cglyer on RomCom malware usage 🤘
#CYBERWARCON
Curious about exploited CVE-2023-3519 Citrix Gateways?
Try using these search terms on these platforms.
Censys -> https://t.co/iqTwwiKnKx
Hunter -> https://t.co/OJV4Kb1wgq
Censys: 258 results
Hunter: 301 results
#CVE20233519 #CitrixNetScaler #RemoteCodeExecution
2023-10-17 (Tuesday): We have been monitoring #RemoteCodeExecution vulnerability CVE-2023-3519 affecting #CitrixNetScaler products in the wild. This is a recent snapshot of associated activity. Indicators available at https://t.co/EUjkf1a1ea #CVE20233519 #TimelyThreatIntel
@r3dbU7z Appreciate you level setting, no issues here
Tried hunting for DarkGate servers ?
Try using this search term on Censys. ->
(Autoit3.exe) and services.service_name=`DARKGATE`
Censys: 10 results
#darkgate #threathunting #malware #threatintelligence #threatintel
@1ZRR4H @GoogleAds @malwrhunterteam @JAMESWT_MHT @StopMalvertisin @AnFam17 @pr0xylife @0xToxin @executemalware @James_inthe_box @Max_Mal_ @malware_traffic Dropping that actor name
Defeating API Hashing Using x32dbg and Conditional Breakpoints.
By setting simple log conditions on functions related to API hashing, you can quickly print out decoded hash values without needing to identify or reverse the hashing algorithm.
[1/11]
#Malware
![embee_research's tweet photo. Defeating API Hashing Using x32dbg and Conditional Breakpoints.
By setting simple log conditions on functions related to API hashing, you can quickly print out decoded hash values without needing to identify or reverse the hashing algorithm.
[1/11]
#Malware https://t.co/RozDgp49tH](https://pbs.twimg.com/media/F39iMqWbMAAh-i5.jpg)
My team is hiring for a Reverse Engineer at Unit 42. If you feel like you might be a good fit then take a look at the job posting. Hot off the press as of today.
#unit42 #reverseengineer #malware
https://t.co/jZ69cVVTdm
@CryptoprenuerUK On https://t.co/MQ1MgCVKHW this is what I used to find interesting exfil tooling, typically seen in incident response cases for ransomware.
web.body="chisel.exe"
#OpenDir, lot's of red team tools
Discovered using https://t.co/MQ1MgCVKHW platform 🔍
Urlscan:
https://t.co/0NngkPjPXR
#ThreatIntelligence #redteam #malware #CyberSecurity
#OpenDir, 34.238.123.45:8448
Tools: Metasploit, Chisel
Found using https://t.co/VmKlkHyYbD 🔎🔎
UrlScan: https://t.co/FPwKqWHzFv
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers