FletchSec @fletchsec - Twitter Profile

about 5 years ago

@ASIS_Intl you have a credit card skimmer on your site, found at the end of this script https://t.co/I8ivYVxBYb Loads hxxps://0446aa5.netsolhost[.]com/123/jquery.ux.js Might want to take care of that

0

fletchsec retweeted

mak @maciekkotowicz

almost 6 years ago

Today's #Trickbot loaders with a screen resolution #antivm trick, if you have 800x600 or 1024x768 resolution - you are safe! ;] cc @VK_Intel @James_inthe_box @JAMESWT_MHT @abuse_ch

maciekkotowicz's tweet photo. Today's #Trickbot loaders with a screen resolution #antivm trick, if you have 800x600 or 1024x768 resolution - you are safe! ;] cc @VK_Intel @James_inthe_box @JAMESWT_MHT @abuse_ch https://t.co/mbGE5IwLH0

7

191

70

8

0

fletchsec retweeted

Shadow Chaser Group @ShadowChasing1

about 6 years ago

Today #Lazarus #APT sample has been found on VT by our researcher ITW:34f83ff7b0a1d05aaf8f81c9803a3a02 C2:www.ne-ba[.]org Attacked by forging a job description from BAE SYSTEMS London's human resources department

ShadowChasing1's tweet photo. Today #Lazarus #APT sample has been found on VT by our researcher
ITW:34f83ff7b0a1d05aaf8f81c9803a3a02
C2:www.ne-ba[.]org
Attacked by forging a job description from BAE SYSTEMS London's human resources department https://t.co/Wsl1KUWoBh

2

53

22

7

0

fletchsec retweeted

JAMESWT @JAMESWT_WT

about 6 years ago

Japanese car giant Honda probes suspected cyber attack https://t.co/V8y6v8dBfC

4

32

19

3

0

Who to follow

Tom Hegel

@TomHegel

@LabsSentinel Research Lead, Hunting nation-state threats @SentinelOne, bending intelligence tech to shape real-world outcomes with @ValidinLLC

Suspicious Link

@killamjr

I'm just here for the malware and the memes

nao_sec

@nao_sec

fletchsec retweeted

CyberWar - 싸워 @cyberwar_15

about 6 years ago

#북한 #NorthKorea depts.washington[.]edu 04d0856afb1aa9168377d6aa579c5403

2

33

13

4

0

fletchsec retweeted

ThreatDown @Threat_Down

about 6 years ago

Shining a light on "Silent Night" #Zloader/Zbot. Joint research between @hasherezade (@Malwarebytes) and @prsecurity_ (@hyasinc). https://t.co/wiUUQvjGDV

0

35

18

1

0

fletchsec retweeted

The Missing LNK

@BitDefense

about 6 years ago

Today's reported #ZLoader #malspam downloader URLs: hxxp://almakaaseb.com/wp-content/uploads/2020/05/wp-front.php hxxps://neebank.com/wp-content/uploads/2020/05/wp-front.php DLL: hxxp://45.138.72.39/g/s.dll

1

10

6

1

0

fletchsec retweeted

The Missing LNK

@BitDefense

about 6 years ago

A post about recent #ZLoader activity from IBM X-Force Security: https://t.co/iRPFvAYI6u Info on one of the samples from this article can be found here: https://t.co/kAw7iLTpT6 Also, I submitted the sample to AnyRun: https://t.co/yZLHgWz5Lo

0

11

7

3

0

fletchsec retweeted

James @James_inthe_box

about 6 years ago

Keep an eye out for these newish funky droppers going to: www[.]google[.]com[.]br Looks to be trying to evade MITM solutions: https://t.co/gTaKe7WsQZ https://t.co/o0M7QHElKL cc @siri_urz

James_inthe_box's tweet photo. Keep an eye out for these newish funky droppers going to:

www[.]google[.]com[.]br

Looks to be trying to evade MITM solutions:

https://t.co/gTaKe7WsQZ

https://t.co/o0M7QHElKL

cc @siri_urz https://t.co/MwvHCejxgg

3

28

21

2

0

fletchsec retweeted

CyberWar - 싸워 @cyberwar_15

about 6 years ago

#북한 #NorthKorea #Lazarus 북한 사이버 공작원은 해외 항공우주 방위산업체 등에 대한 집중 공격을 수행하고 있습니다. 2449f61195e39f6264d4244dfa1d1613

3

36

14

2

0

fletchsec retweeted

Vitali Kremez @VK_Intel

about 6 years ago

2020-04-27: 🔥 "We are the team which created a trojan-encryptor mostly known as #Shade, #Troldesh or Encoder.858 #ransomware. In fact, we stopped its distribution in the end of 2019. Now we made a decision to put the last point in this story & to publish all the decryption keys"

1

28

24

2

0

FletchSec @fletchsec

about 6 years ago

Totally legit site, nothing to see here nowinstallupgrade.yoursafesoftwarevideoflash[.]best

0

fletchsec retweeted

Timele12138 @Timele9527

about 6 years ago

#APT #Konni #Covid19 md5:677e200c602b44dc0a6cc5f685f78413 filename:guidance.doc

2

34

21

2

0

fletchsec retweeted

Racco42 @Racco42

about 6 years ago

#zloader from .vbs malspam https://t.co/TIFIEC8j55 C2: hxxps://spardanos.com/sound.php hxxps://lonehee.com/sound.php hxxps://surgued.com/sound.php hxxps://maremeo.com/sound.php not resolving: tremood[.]com soceneo[.]com baatiot[.]com welefus[.]com

0

25

9

0

fletchsec retweeted

ThreatDown @Threat_Down

about 6 years ago

According to our crawlers, credit card skimming code was injected into wine store belonging to top French supermarket chain E. Leclerc. This may be why the site is now in maintenance mode. IOCs: clipbutton[.]com[.]br/catalog/discount.php tivents[.]de/media/wysiwyg/paypal4.gif

Threat_Down's tweet photo. According to our crawlers, credit card skimming code was injected into wine store belonging to top French supermarket chain E. Leclerc.

This may be why the site is now in maintenance mode.

IOCs:
clipbutton[.]com[.]br/catalog/discount.php
tivents[.]de/media/wysiwyg/paypal4.gif https://t.co/itjqzJ9Yd3

2

40

26

2

0

fletchsec retweeted

The Missing LNK

@BitDefense

about 6 years ago

#ZLoader invoiced themed #malspam with new downloader URLs for today: hxxp://rksinha.com/wp-content/themes/calliope/wp-front.php hxxp://salamdrug.com/wp-content/themes/calliope/wp-front.php Both redirect to DLL at: hxxp://95.181.172.99/l/a.dll

BitDefense's tweet photo. #ZLoader invoiced themed #malspam with new downloader URLs for today:

hxxp://rksinha.com/wp-content/themes/calliope/wp-front.php
hxxp://salamdrug.com/wp-content/themes/calliope/wp-front.php

Both redirect to DLL at:

hxxp://95.181.172.99/l/a.dll https://t.co/p1ijkv4BAS

1

23

11

2

0

FletchSec @fletchsec

about 6 years ago

Does this mean I've officially made it on Twitter now? 😂

2

7

0

fletchsec retweeted

_re_fox @_re_fox

about 6 years ago

#malware #apt #crimson b5515042f59a90e13e49542a3b6de1f8 (India and Afghanistan on Parliamentary Affairs[.]zip) 48a00c1a8c9b39c96152e8ca80b7a972 (India and Afghanistan on Parliamentary Affairs.exe) C2: 64.188.25[.]205 https://t.co/b6y8nviGp0

_re_fox's tweet photo. #malware #apt #crimson
b5515042f59a90e13e49542a3b6de1f8 (India and Afghanistan on Parliamentary Affairs[.]zip)

48a00c1a8c9b39c96152e8ca80b7a972 (India and Afghanistan on Parliamentary Affairs.exe)

C2: 64.188.25[.]205

https://t.co/b6y8nviGp0 https://t.co/sJaBhxdxbi

1

13

6

2

0

fletchsec retweeted

nao_sec @nao_sec

about 6 years ago

If you want to search for EK tasks in @anyrun_app use SID instead of tag. For example, 2024049 and 2024381 are useful for #RigEK, and 4001761 is for #SpelevoEK. There are many other great signatures you can use in search, such as 4001554 and 10004044.

nao_sec's tweet photo. If you want to search for EK tasks in @anyrun_app use SID instead of tag. For example, 2024049 and 2024381 are useful for #RigEK, and 4001761 is for #SpelevoEK. There are many other great signatures you can use in search, such as 4001554 and 10004044. https://t.co/0PwkzJp8go

1

45

15

0

FletchSec

@fletchsec

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users