Top Tweets for #DiceLoader
#FIN7 abuses sponsored Google Ads disguised as reputable brands to deliver #NetSupport #RAT via MSIX #payloads and other #malware, including #DiceLoader. Detect #cyberattacks with a set of relevant #Sigma rules from SOC Prime Platform.
https://t.co/NryVpiJMoM
The latest eSentire blog is a good example of vendors using adversary monikers for a marketing boost. They state this activity is #FIN7 with no real explanation of how they came to that. They mention usage of #DiceLoader, but... 1/2
https://t.co/PM8iDA8rkZ
In our latest blog, our @BlackBerry Threat Research & Intelligence team share new insights on how #FIN7 is moving away from using #DICELOADER to a new custom loader utilizing off the shelf libraries, making the loader seem more legitimate.
We also share a list of #OpenSSH proxy servers utilized by FIN7 for persistence and remote access, that had not been disseminated previously 👇
https://t.co/PIxPW6TH3O
#100DaysofYARA Day33: #DiceLoader malware used by Fin7
Experimenting with export offsets and RegEx to grab the randomly generated export function names by the DLL.
https://t.co/2xvL8kjss0
Super insightful analysis by @sekoia_io. Bonus was the YARA rule towards the end 🐧
We are pleased to announce our newest article on #DiceLoader, one of the #malware used by #FIN7. The post dives in the loader arcana to cover multiple aspects such data structures, threading related mechanisms, and much more!
https://t.co/ctt1Fwrov8
Don't miss our latest report and technical analysis of #DiceLoader aka #IceBot, a malware used by #FIN7.
Thanks to @plebourhis, reverse engineer at @sekoia_io TDR team!
https://t.co/yxhdcAYRAY
I am glad to share, my latest analysis on #DiceLoader, the network part related to the linked lists was a can of worms but it was really instructive. 🎲
We are pleased to announce our newest article on #DiceLoader, one of the #malware used by #FIN7. The post dives in the loader arcana to cover multiple aspects such data structures, threading related mechanisms, and much more!
https://t.co/ctt1Fwrov8
We are pleased to announce our newest article on #DiceLoader, one of the #malware used by #FIN7. The post dives in the loader arcana to cover multiple aspects such data structures, threading related mechanisms, and much more!
https://t.co/ctt1Fwrov8
I confirm and just to clarify a bit:
- book.pdf.lnk > C2: 107.181.161[.]200 (confirmed #DarkGate).
- FromEnergyBadx64.msi > C2: 45.159.249[.]119 (potential #DICELOADER IP)
It's 1 opendir with 2 different threats, interesting connection.
FYI: @fr0s7_ @JAMESWT_MHT @StopMalvertisinalvertisin @JRoosen
📰 #IronRadar June Update
🎯 4 new detections (e.g. #POWERTRASH & #DICELOADER)
📈 #Havoc (+42%) #Empire (+24%)
🕵️ Detected ALPHV / BlackCat Ransomware infrastructure
#ThreatIntel
🔥 New Potential #FIN7 #Diceloader on port 443 🌐
C2 IP: 5.181.20.239 ⚠️ Zero detections in VT! 😮 Hosted on STARK INDUSTRIES! 🦾 Potential #POWERTRASH on port 80! 🗂️
🔥 #FIN7 is on the move once again! They're using a new IP address: 185.39.204.19 (2/88 in VT). 🌐
💥 Analysis on port:80 indicates potential #POWERTRASH C2
🔍 Furthermore, cross-referencing with Censys data port:443 reveals #DICELOADER config🎲
🕵️♂️Cyber Sleuth Alert: Stumbled upon an Interesting IP...🔍
IP 23.164.240.86 (💡clean slate in VT), is hosted on #Baxet. Guess what it flashes on 443? 🎲
A banner eerily similar to #DICELOADER C2.
A quick check on Censys and port 80 is showing similar config to #POWERTRASH 💪🗑️
Let's dig deeper - the hostname nanufisudinawfsgcaag[.]xyz (🛡️0/87 in VT) points to a new IP 23.164.240.87 (⛔0/87 in VT), and it's playing hide-and-seek with #Shodan.
![TLP_R3D's tweet photo. 🕵️♂️Cyber Sleuth Alert: Stumbled upon an Interesting IP...🔍
IP 23.164.240.86 (💡clean slate in VT), is hosted on #Baxet. Guess what it flashes on 443? 🎲
A banner eerily similar to #DICELOADER C2.
A quick check on Censys and port 80 is showing similar config to #POWERTRASH 💪🗑️
Let's dig deeper - the hostname nanufisudinawfsgcaag[.]xyz (🛡️0/87 in VT) points to a new IP 23.164.240.87 (⛔0/87 in VT), and it's playing hide-and-seek with #Shodan.](https://pbs.twimg.com/media/FzEBUaDWAAMPAoM.jpg)
![TLP_R3D's tweet photo. 🕵️♂️Cyber Sleuth Alert: Stumbled upon an Interesting IP...🔍
IP 23.164.240.86 (💡clean slate in VT), is hosted on #Baxet. Guess what it flashes on 443? 🎲
A banner eerily similar to #DICELOADER C2.
A quick check on Censys and port 80 is showing similar config to #POWERTRASH 💪🗑️
Let's dig deeper - the hostname nanufisudinawfsgcaag[.]xyz (🛡️0/87 in VT) points to a new IP 23.164.240.87 (⛔0/87 in VT), and it's playing hide-and-seek with #Shodan.](https://pbs.twimg.com/media/FzEA-y6XgAEFsun.jpg)
91.134.14[.]26 was mentioned in the research "Fin7 Unveiled: A deep dive into notorious cybercrime gang" as #Diceloader/Tirion C2: https://t.co/pfqpgj1e6T
#DICELOADER C2 servers:
45.82.13.64
62.233.57.31
62.233.57.171
62.233.57.241
65.108.20.101
65.108.20.165
88.119.174.243
91.149.221.92
91.149.253.184
91.199.147.60
95.216.251.213
95.217.82.121
176.97.76.163
176.122.177.159
185.39.204.73
193.233.22.68
193.233.23.16
193.233.23.45
193.233.23.59
193.233.23.158
193.233.23.176
194.36.189.199
194.87.191.198
195.54.170.95
195.54.170.99
195.123.246.46
209.209.113.52
212.18.104.17
217.12.206.176
217.12.206.218
🔛 #POWERTRASH to #DICELOADER:
▪ /91.199.147.60/icbt11801_64refl.ps1 > 217.12.206.176:443
▪ /185.161.208.45/icsnd16_64refl.ps1 > 91.149.243.181:443 / 91.199.147.152:443
I did not find samples in Bazaar so I shared them: https://t.co/5j8uwr9x87
Campaign targeted Veeam Backup & Replication servers exploited via CVE-2023-27532 to deploy (guess what) #CL0P ransomware/extortion, apparently orchestrated by Sangria Tempest (ELBRUS, #FIN7) according to Microsoft and WithSecure.
REF1: https://t.co/Br7X1rvCsv
REF2: https://t.co/CEGAWve8As
Financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7) has come out of a long period of inactivity. The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.
#FIN7 #CarbonSpider #Carbanak CVE-2023-27532 #veeam #diceloader #malware #threat
📍🇷🇺
⛓️ DiceLoader & Veeam Abuse > cmd download next stage > Reflective injection > Persistence > Recon > Discovery > Credential theft
Report-WithSecure Intel: https://t.co/qazTjKyFIA
🔊 access to #DICELOADER aka Lizar/Icebot alone is not enough to attribute to the cluster we call #FIN7.
this capability has been for 💰 for a while & is no longer considered exclusive to core #FIN7 at this pt.
and, the same goes for the #POWERTRASH loader - fun!
🧊🤖
Malware in #GoogleDrive Evades Detection & #GhostToken Opens Google Accounts to Permanent Infection.
#1 👉https://t.co/75MxJa6gPh
#2 👉https://t.co/9xWXrfH9VJ
#URSNIF #DICELOADER #Malware #Cybersecurity #CISO #CSuite #Infosec #Google #GoogleCloud #Cloud #Kubernetes #DataPrivacy
Notes are live with a #yara rule and a #config extractor …
🤜🤜🤜 #Diceloader
#OALABS
https://t.co/dM2F4iVeP3
🔴 Join us live!
We are taking a look at this #Diceloader thing… it seems to still be around… 🎲🎲
Is it just #metasploit? Is it really a #FIN7 tool? Why aren’t there any good yara rules for it yet? 🧠🧐
https://t.co/qmFXpiGGcX
Last Seen Hashtags on Sotwe
Sylus
Seen from United States
オナペ採点
Seen from Korea
นัดเย็ดสายไหม
Seen from Thailand
beta
Seen from Argentina
nolimit momson teen
Seen from United States
mamaehija
Seen from Mexico
nolimit filter:videos
Seen from Switzerland
PitPosse
Seen from Egypt
somno or #nolimit() +filter:native_video
Seen from India
มัธยมต้น
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers