efflux.io @efflux_io - Twitter Profile

Seen many different threat actors trying a magnitude of tactics with the ConnectWise ScreenConnect vulnerability. Not just limited to cobalt strike but also crypto miners. Patch your environments and save an analyst today. 🧑‍💻👩‍💻 23[.]26[.]137[.]225

0xBurgers's tweet photo. Seen many different threat actors trying a magnitude of tactics with the ConnectWise ScreenConnect vulnerability. Not just limited to cobalt strike but also crypto miners.

Patch your environments and save an analyst today. 🧑‍💻👩‍💻

23[.]26[.]137[.]225 https://t.co/apmoaW4sqd

3

42

10

6

12K

0

1

0

101

efflux.io @efflux_io

over 2 years ago

https://t.co/2ujDe1jAHk

Fox_threatintel @banthisguy9349

over 2 years ago

Guys who has the possiblity to help me? Please help me get this ip suspended evidence on picture 3. ip : 107.189.7.133 is main ip being used by a large botnet. https://t.co/UTwtb4IIRH

banthisguy9349's tweet photo. Guys who has the possiblity to help me? Please help me get this ip suspended evidence on picture 3.

ip : 107.189.7.133 is main ip being used by a large botnet.

https://t.co/UTwtb4IIRH https://t.co/jKcsRRcYmD

2

9

1

2K

0

2

0

1

76

efflux.io @efflux_io

over 2 years ago

https://t.co/lKoY9HHEjG

Fox_threatintel @banthisguy9349

over 2 years ago

#opendir 79.124.59.34 with bunch of series/movies in there although there is portal called ''stalker_portal" 😬😬😬😬 found on a ASN that hosts malicious activity.

banthisguy9349's tweet photo. #opendir 79.124.59.34 with bunch of series/movies in there although there is portal called ''stalker_portal"
😬😬😬😬

found on a ASN that hosts malicious activity. https://t.co/SKB6UgupJS

2

25

4

14

5K

0

51

efflux.io @efflux_io

over 2 years ago

https://t.co/iBmYOTlwbj

Dee

@ViriBack

over 2 years ago

#malware #atlantida #stealer New C2 Panel : http://5.42.64.]32/login.php see: https://t.co/n0x8FrAnm1

1

14

3

5

2K

0

41

efflux.io @efflux_io

over 2 years ago

https://t.co/5PVIYVnYSg

Dee

@ViriBack

over 2 years ago

#observer #Stealer #malware C2: 5.42.66[.]25:3000 Ref: https://t.co/EU4dSBx1qV Same IP host a never seen login page at root on port 80.

4

57

15

16

15K

0

36

efflux.io @efflux_io

over 2 years ago

https://t.co/Ms2jfPPAEV

Karol Paciorek @karol_paciorek

over 2 years ago

PowerStealer / NTStealer🕵️‍♂️ 🌐 Domain: ntstealer[.]com 🖥️ IP Panels: 📍 20.79.179[.]111 📍 172.206.90[.]104 🔌 Login from IP panels communicates through API to the domain. The logo is fetched from Discord. 🤔 Does anyone have more insights on this stealer?

3

25

1

10

4K

0

37

efflux.io @efflux_io

over 2 years ago

https://t.co/QXJZj37Xat

Aaron Meese

@ajmeese7

over 2 years ago

#mirai #opendir being hosted on 192.227.231[.]5, not sure if anyone has reported on it yet:

2

6

0

1

445

0

28

efflux.io @efflux_io

over 2 years ago

https://t.co/JvXUucoBbX

Fox_threatintel @banthisguy9349

over 2 years ago

#malware found from the fake #mcafee phishing campaign that spreads malware: Hash: 4b99657495dbb6b32c7161b24f769a8e276a95b48bb71060d068c613b2968a1f ioc: 65.21.133.187

banthisguy9349's tweet photo. #malware found from the fake #mcafee phishing campaign that spreads malware:

Hash:
4b99657495dbb6b32c7161b24f769a8e276a95b48bb71060d068c613b2968a1f

ioc: 65.21.133.187 https://t.co/uLzYIUygGs

3

23

4

3

2K

0

25

efflux.io @efflux_io

over 2 years ago

https://t.co/zPj56YUbAc

Fox_threatintel @banthisguy9349

over 2 years ago

#amadey c2 discovered on hxxp://193.233.132.73/gjvjlS3jd2V/Login.php hash: 560aba847a47f07ccaaeded06dd799b134ef537d3b5239ae60df9c340d60ee33

1

8

0

7K

0

26

efflux.io @efflux_io

over 2 years ago

https://t.co/sacN5qLycy

Dee

@ViriBack

over 2 years ago

#malware bunch of #Godzilla loader C2 have appeared on ip: 91.215.85[.]223 see: https://t.co/fvGdqCwLY5

1

22

1

14

8K

0

29

efflux.io @efflux_io

over 2 years ago

https://t.co/sacN5qLycy

Fox_threatintel @banthisguy9349

over 2 years ago

http://91.215.85.223/ #opendir full of malware. my Virustotal is not running in VM :(. who can check this out and put into triage/vt/@abuse_ch ?

banthisguy9349's tweet photo. http://91.215.85.223/ #opendir full of malware.

my Virustotal is not running in VM :(.

who can check this out and put into triage/vt/@abuse_ch ? https://t.co/GgtcR9Hi4o

10

76

14

34

18K

0

23

efflux.io @efflux_io

over 2 years ago

https://t.co/9Tva91rCJs

Germán Fernández

@1ZRR4H

over 2 years ago

#opendir https://91.92.254.14/ "XFiltr8.exe" appears to be an exfiltration tool (written in Go) that uses MEGA services for storage via g.api.mega.]co.]nz. [+] https://t.co/ilHEQJOYFn ▪ "C:/Users/187ir/Golang-Projects/XFiltr8/Builder/XFiltr8.go" "Helpertask.exe" is #AsyncRAT C2: 91.92.254.14:4412 [+] https://t.co/EhvM5Wl3U2.

1ZRR4H's tweet photo. #opendir https://91.92.254.14/

"XFiltr8.exe" appears to be an exfiltration tool (written in Go) that uses MEGA services for storage via g.api.mega.]co.]nz.
[+] https://t.co/ilHEQJOYFn

▪ "C:/Users/187ir/Golang-Projects/XFiltr8/Builder/XFiltr8.go"

"Helpertask.exe" is #AsyncRAT
C2: 91.92.254.14:4412
[+] https://t.co/EhvM5Wl3U2.

1

87

23

17

16K

0

1

0

24

efflux.io @efflux_io

over 2 years ago

https://t.co/tqV4pe6toD

Germán Fernández

@1ZRR4H

over 2 years ago

#opendir http://91.92.245.88/ - http://91.92.245.88/Neptune/ Neptune loader admin panel files exposed. - http://91.92.245.88/u/ "ei.exe" https://t.co/igQAZ3gvNc #XMRig "einstall.exe" https://t.co/bhyDJh0hjh 🤔 🔎 The last binary deactivates and uninstalls MRT with "cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart".

1ZRR4H's tweet photo. #opendir http://91.92.245.88/

- http://91.92.245.88/Neptune/
Neptune loader admin panel files exposed.

- http://91.92.245.88/u/
"ei.exe" https://t.co/igQAZ3gvNc #XMRig
"einstall.exe" https://t.co/bhyDJh0hjh 🤔

🔎 The last binary deactivates and uninstalls MRT with "cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart".

4

66

24

10

11K

0

1

0

28

efflux_io retweeted

F5 Labs @F5Labs

over 2 years ago

We added six CVEs to our set this month and discuss the top talkers for 2023. Read on: https://t.co/FvyNEELzs8

0

1

0

167

efflux_io retweeted

F5 Labs @F5Labs

over 2 years ago

What do we see besides CVE? Plenty. We’ve got some data. https://t.co/OHhwDcnEIT

0

1

0

222

efflux.io @efflux_io

over 2 years ago

https://t.co/7QgpOTFjBU

Malpulse CTI @malpulse

over 2 years ago

#Mirai #malware #threat 147.78.103.10:80 Source: https://t.co/Ishoy2u38S

0

72

0

1

0

27

efflux_io retweeted

Josh Woodbury @jw00dbury

over 2 years ago

Microsoft breach via a test tenant? Makes one wonder when you see a hostname like MRS2-EXCH1[.]mrs2[.]msftofetesttenant1002[.]com https://t.co/2oLP890D3g