CIPProject

about 8 years ago

Why #WeNeedWHOIS 1: We use WHOIS data to discover targeted phishing set up by threat actors. Example: Iranian threat group Charming Kitten used [email protected] as registrant of 12 domains used for phishing against human rights activists.¹ ¹https://t.co/m2a730fiMQ

ClearskySec's tweet photo. Why #WeNeedWHOIS 1:
We use WHOIS data to discover targeted phishing set up by threat actors. Example:
Iranian threat group Charming Kitten used isabella.careyy@gmail.com as registrant of 12 domains used for phishing against human rights activists.¹
¹https://t.co/m2a730fiMQ https://t.co/8G9fTg2bRo

6

194

146

7

0

cyberintproject retweeted

Unit 42 @Unit42_Intel

about 8 years ago

#Unit42 examines the Reaper Group’s updated mobile arsenal, including a Bitcoin Ticker Widget and a PyeongChang Winter Games application https://t.co/QrosqH0GRr

1

17

22

0

cyberintproject retweeted

@blu3_team @blu3_team

about 8 years ago

"High-Level Political Forum" themed #malware Advice about HLPF 2018.doc 2dcdd254fd72e49b7b212cbeb430e792 C2 unnews\.freetcp\.com 159.89.56\.126

$blu3_team's tweet photo. "High-Level Political Forum" themed #malware Advice about HLPF 2018.doc 2dcdd254fd72e49b7b212cbeb430e792 C2 unnews\.freetcp\.com 159.89.56\.126 https://t.co/6Pxos5JdOY$

0

5

4

0

Who to follow

Threat intelligence company

JaromirHorejsi

@JaromirHorejsi

malware researcher, reverse engineer, blogger, conference speaker, programmer, IT security professional

RedDrip Team

@RedDrip7

Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence.

cyberintproject retweeted

CIPProject @cyberintproject

over 8 years ago

https://t.co/PDhWzq0CWJ

0

6

3

0

cyberintproject retweeted

Florian Roth ⚡️

@cyb3rops

over 8 years ago

Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries | @FireEye https://t.co/VptsHO3Ru8

cyb3rops's tweet photo. Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries | @FireEye
https://t.co/VptsHO3Ru8 https://t.co/9OCegSfLge

1

43

41

1

0

cyberintproject retweeted

Florian Roth ⚡️

@cyb3rops

over 8 years ago

OceanLotus ships new backdoor using old tricks | @ESET https://t.co/omsRFDpjtW

0

25

11

1

0

over 8 years ago

Really interesting stuff here: China Altered Public Vulnerability Data to Conceal MSS Influence https://t.co/4lbBI6v4CF via @RecordedFuture

0

3

0

cyberintproject retweeted

ANY.RUN

@anyrun_app

over 8 years ago

Here the full analysis of the #MuddyWater attack. Contains heavy anti-evasion features, also requires OS reboot. https://t.co/Ym2KjU5Ru5 Source: https://t.co/eFvaLsmhqs

anyrun_app's tweet photo. Here the full analysis of the #MuddyWater attack.
Contains heavy anti-evasion features, also requires OS reboot.
https://t.co/Ym2KjU5Ru5
Source: https://t.co/eFvaLsmhqs https://t.co/JkRQ3Nuy7I

3

42

20

3

0

cyberintproject retweeted

over 8 years ago

#MuddyWater targeting Pakistan, sample: "https://t.co/sHewqFPK1y.doc" (https://t.co/Cwu449NUNz) Worth reading MuddyWater analysis: https://t.co/VncXNfV4LD

ClearskySec's tweet photo. #MuddyWater targeting Pakistan, sample: "https://t.co/sHewqFPK1y.doc" (https://t.co/Cwu449NUNz)

Worth reading MuddyWater analysis:
https://t.co/VncXNfV4LD https://t.co/ZvkZMH7EKD

1

10

7

1

0

cyberintproject retweeted

over 8 years ago

#Lazarus #NorthKorea https://t.co/Lr4viM9xSj

0

2

6

0

cyberintproject retweeted

over 8 years ago

We've published an new report: #AyatollahBBC – An Iranian #Disinformation Operation Against Western Media Outlets https://t.co/1PyfES0m6A

ClearskySec's tweet photo. We've published an new report: #AyatollahBBC – An Iranian #Disinformation Operation Against Western Media Outlets
https://t.co/1PyfES0m6A https://t.co/iU0jXAXo1v

2

42

29

1

0

cyberintproject retweeted

Jay Healey @Jason_Healey

over 8 years ago

At Cyber Command, they are angry & ready, moving from the Billy Mitchell phase of development, to the Curtis Lemay. Getting in close to grapple w/ adversary cyber forces is almost certainly the right move, but incredibly risky... https://t.co/AcS9YKW42w

5

41

20

0

cyberintproject retweeted

John Hultquist

@JohnHultquist

over 8 years ago

If it’s Sandworm, as suggested here, they were swinging for the fences just as they were being publicly blamed for the most economically damaging cyberattack in history. https://t.co/Ln2h131F9w

2

30

25

0

cyberintproject retweeted

over 8 years ago

Attempt to hack the South Korean government official certificate #Phishing #RGB #NorthKorea #Reconnaissance_General_Bureau #Lazarus

cyberwar_15's tweet photo. Attempt to hack the South Korean government official certificate #Phishing #RGB #NorthKorea #Reconnaissance_General_Bureau #Lazarus https://t.co/As3divjohZ

0

1

4

0

cyberintproject retweeted

over 8 years ago

Attacker uses a hacked Korean e-mail account in secret connection with a kakao. #NorthKorea #RGB #Reconnaissance_General_Bureau #Kimsuky #RSH #Lazarus #KakaoTalk

cyberwar_15's tweet photo. Attacker uses a hacked Korean e-mail account in secret connection with a kakao. #NorthKorea #RGB #Reconnaissance_General_Bureau #Kimsuky #RSH #Lazarus #KakaoTalk https://t.co/CejbFuctuD

1

5

3

0

cyberintproject retweeted

over 8 years ago

Attackers are constantly accessing certain services in Korea, and access logs and traces remain. (Korean translation: 북한 -> North Korea) #RGB #NorthKorea #Reconnaissance_General_Bureau #Lazarus

cyberwar_15's tweet photo. Attackers are constantly accessing certain services in Korea, and access logs and traces remain. (Korean translation: 북한 -> North Korea) #RGB #NorthKorea #Reconnaissance_General_Bureau #Lazarus https://t.co/0SIxdVHuwU

0

2

3

0

cyberintproject retweeted