Top Tweets for #Isfb
💡 Big news for student founders in India!
ISFB launches a ₹25 Cr fund to back promising student-led startups, boosting early innovation with capital, mentorship & strong networks. @imarticus
Read more 👇
🔗 https://t.co/jPUUDcSBWI
#StudentFounders #StartupFunding #ISFB

can i get 3k followers #isfb
#ISFB #LDR4 - url > .zip > .js > CobaltStrike
Interesting campaign this week purporting to be Hays Recruitment.
DocuSign lure that leads to a site that drops a zip file that contains a .js loader for #CobaltStrike
(1/3)👇IOC's continued

Awesome work from @gh0stp0p on #Wailingcrab aka #Wikiloader - a sophisticated malware delivered by #TA544 / #Hive0133 often leading to #Gozi #Ursnif #ISFB - and how it misuses the #IoT #MQTT protocol for C2 communications.
https://t.co/jsXvl44WRT
#ursnif #gozi #isfb update/tagged
Tag for samples named #putty from communicalink].com
💥https://t.co/7Y0T6EEJo9
Tag post #killchain or/and related
#Rozena #VNC #BadInteropt #Grabber #Plugin
⚠️https://t.co/7di70A4Q6o
💯Summary #agenziaentrate
https://t.co/kADezqnWmA
![JAMESWT_WT's tweet photo. #ursnif #gozi #isfb update/tagged
Tag for samples named #putty from communicalink].com
💥https://t.co/7Y0T6EEJo9
Tag post #killchain or/and related
#Rozena #VNC #BadInteropt #Grabber #Plugin
⚠️https://t.co/7di70A4Q6o
💯Summary #agenziaentrate
https://t.co/kADezqnWmA https://t.co/znppDxeCnu](https://pbs.twimg.com/media/F7zJQgUXEAAN_Ul.png)
"Commissione di osservanza sul registro tributario"
#agenziaentrate #ursnif
Email>Url>Zip>url>url>zip>hta>url>exe
Samples
https://t.co/kADezqnWmA
C2
mifrutty.]com
systemcheck].top
Exe
communicalink.]com/putty.exe
this time is ursnif named as putty
Run
https://t.co/Tfv6ErrFty
![JAMESWT_WT's tweet photo. "Commissione di osservanza sul registro tributario"
#agenziaentrate #ursnif
Email>Url>Zip>url>url>zip>hta>url>exe
Samples
https://t.co/kADezqnWmA
C2
mifrutty.]com
systemcheck].top
Exe
communicalink.]com/putty.exe
this time is ursnif named as putty
Run
https://t.co/Tfv6ErrFty https://t.co/Hq6x2xXlBF](https://pbs.twimg.com/media/F7wU-SiWYAArSNA.jpg)
"Commissione di vigilanza sul registro tributario"
#Agenzia_Entrate #ursnif #gozi #isfb
EML>zip pw>url>SMB EXE
Samples
🌟https://t.co/kADezqnWmA
CC @58_158_177_102 @felixw3000 @fumik0_ @bry_campbell @cocaman

"Commissione di osservanza sull'anagrafe tributaria" spam email #Agenzia_Entrate #ursnif #gozi #isfb
🌟Here the email attached zip without password
https://t.co/p7vBO3fOdV
🌟url that drop payload directly from SMB
https://t.co/fLHaTMhThI
cc @bry_campbell @cocaman @felixw3000

🌍| Excited for the #ISFB 23, where experts from the global security community meet for insightful discussions on pressing international issues. Already, you can watch some of last years' intriguing conversations on our YouTube channel!
👉https://t.co/vGIpPUViEi

🌍| #ISFB 23
We are excited for this year’s International Security Forum in Bonn, which will take place from Oct. 19 until Oct. 22, 2023. Now, you can find information on our four day program on our website!
👉https://t.co/eU9FmuAjXz

Now at Sao Paulo airport, waiting to go to International Symposium on Flatworm Biology #ISFB

2023-07-12 (Wednesday) - #Gozi/#ISFB infection in an AD environment led to #CobaltStrike C2: 170.130.55[.]162:443 - iamupdate[.]com. List of IOCs at https://t.co/PWtMgpJeqi
![Unit42_Intel's tweet photo. 2023-07-12 (Wednesday) - #Gozi/#ISFB infection in an AD environment led to #CobaltStrike C2: 170.130.55[.]162:443 - iamupdate[.]com. List of IOCs at https://t.co/PWtMgpJeqi https://t.co/Wws7FUudy5](https://pbs.twimg.com/media/F07JB4MWAAA1vrA.jpg)
Updated #GOZI #Ursnif #ISFB campaign
🔥new c2:
https://avas1t,de/in/loginq/
109.105,198.129
delideta,com
#infosec #CyberSecurity
https://t.co/E6EEzVW8FJ

"BRT S.P.A. - Codice cliente 0XXXX (IDXXXX)
spam email spread #ursnif #gozi #italy
EML>Pdf>url>zip>js>url>dll
Samples
https://t.co/vfOQWIdOwC
Domain
s:/exeseria[.]com/
C2
s:/avas1ta.[com/in/login/
itwicenice[.com
s://avas1t.[de/in/loginq/
cc @58_158_177_102 @felixw3000 @fumik0_
![JAMESWT_WT's tweet photo. "BRT S.P.A. - Codice cliente 0XXXX (IDXXXX)
spam email spread #ursnif #gozi #italy
EML>Pdf>url>zip>js>url>dll
Samples
https://t.co/vfOQWIdOwC
Domain
s:/exeseria[.]com/
C2
s:/avas1ta.[com/in/login/
itwicenice[.com
s://avas1t.[de/in/loginq/
cc @58_158_177_102 @felixw3000 @fumik0_ https://t.co/ODYZDJQDmB](https://pbs.twimg.com/media/F0MTvu0XgAUUAmm.jpg)
#Gozi #Ursnif #malware #ISFB targeting #italy🇮🇹
thanks to @JAMESWT_MHT
🔥staging:hxxp://swebbers.com
🔥c2: hxxp://mainertin.com
🔥Plugins:
hxxp://94.140.114.123/sk32.jpg,sk64jpg
hxxp://94.140.114.123/c32.jpg,c64.jpg
#infosec #cybercrime #cybersecurity

#Malware #Gozi #Ursnif #ISFB targeting #italy🇮🇹
thanks to @JAMESWT_MHT
dll: https://t.co/yXfhuysGDa
🔥staging: 91.215[.85.222
🔥c2:
fastyray[.com
debosod[.com
https://t.co/U4gXq5M47b
#infosec #cybersecurity

Just updated samples + hunting + run + added tags
+ Dll info from @reecdeep
#Ursnif #Gozi #Isfb
Samples
💠https://t.co/aiwpbXqho6
Urls
💠https://t.co/I2hdere2yz
Info
⏯️https://t.co/mkqgQgfbbp📝
Run
https://t.co/VyfgBUsQwl
cc @58_158_177_102 @felixw3000 @fumik0_

#Malware #Italy 🇮🇹
thanks @pr0xylife @JAMESWT_MHT 👏
.one #maldoc downloads DLL and starts shellcode like previous #Ursnif campaigns:
1⃣ <decoy domain>
2⃣ www,sisopen,it/....
3⃣ www,paolasavinodanza,it/...
then tries to download from discordapp
https://t.co/QHhSdzGnLg
#infosec

#Gozi #malware #ursnif #ISFB targeting #Italy 🇮🇹
thanks @JAMESWT_MHT
run:https://t.co/g5TpRe0mf7
🔥stage
91.215,85.186
🔥c2
91.215,85.186
oqdomain,com
🔥plugins
94.140,114.159/sk32.jpg
94.140,114.159/sk64.jpg
94.140,115.47/c32.jpg
https://t.co/06gbhhTY5I
#infosecurity #infosec

"Ricevuta di pagamento-Transazione n. " 29_03_2023
#agenziaentrate spread #ursnif #gozi Botnet 5050
Email > PDF >Url >Zip>JS>Url>Dll
Samples
https://t.co/kADezqnWmA
Urls
https://dobcia.]com/ora
http://dobcia.]com/
C2
91.215.85.[186
@58_158_177_102 @felixw3000 @fumik0_
![JAMESWT_WT's tweet photo. "Ricevuta di pagamento-Transazione n. " 29_03_2023
#agenziaentrate spread #ursnif #gozi Botnet 5050
Email > PDF >Url >Zip>JS>Url>Dll
Samples
https://t.co/kADezqnWmA
Urls
https://dobcia.]com/ora
http://dobcia.]com/
C2
91.215.85.[186
@58_158_177_102 @felixw3000 @fumik0_ https://t.co/FvkCeTwSvQ](https://pbs.twimg.com/media/FsYC9xQXoAYBo8m.jpg)
#Ursnif #Gozi #Isfb Botnet 7716
#smb with payload on "25/03/2023 8:20"
109.248.11[.225 "24/03 - 17:11"
46.8.210[.91 "24/03 - 17:11"
https://t.co/gecY8A37Kc
109.248.11[.226-227 "24/03 - 13:50"
https://t.co/FHnDtXrRpZ
46.8.19.]235 "06/03 15:21"
https://t.co/WfD6mbeNVc
![JAMESWT_WT's tweet photo. #Ursnif #Gozi #Isfb Botnet 7716
#smb with payload on "25/03/2023 8:20"
109.248.11[.225 "24/03 - 17:11"
46.8.210[.91 "24/03 - 17:11"
https://t.co/gecY8A37Kc
109.248.11[.226-227 "24/03 - 13:50"
https://t.co/FHnDtXrRpZ
46.8.19.]235 "06/03 15:21"
https://t.co/WfD6mbeNVc https://t.co/szHD43cBCq](https://pbs.twimg.com/media/FsDDIjUWYAAajIe.jpg)
#Ursnif #Gozi #Isfb Botnet 7716
24_03_2023 🇮🇹
a tema #MISE/#MEF/#AGENZIAENTRATE
via #SMB \Agenzia\Server.exe
46.8.19[.242
46.8.210[.86
Samples
https://t.co/kADezqnWmA
C2
193.233.175.]115
185.68.93].20
62.173.140].250
46.8.210.]133
@felixw3000 @58_158_177_102 @fumik0_
![JAMESWT_WT's tweet photo. #Ursnif #Gozi #Isfb Botnet 7716
24_03_2023 🇮🇹
a tema #MISE/#MEF/#AGENZIAENTRATE
via #SMB \Agenzia\Server.exe
46.8.19[.242
46.8.210[.86
Samples
https://t.co/kADezqnWmA
C2
193.233.175.]115
185.68.93].20
62.173.140].250
46.8.210.]133
@felixw3000 @58_158_177_102 @fumik0_ https://t.co/e21ujJMcLS](https://pbs.twimg.com/media/Fr93xoIX0AA5LRi.jpg)
#Gozi #Malware #Ursnif #ISFB #Italy 🇮🇹
caught by @JAMESWT_MHT
🔥staging:
193.233,175.115
185.68,93.20
62.173,140.250
46.8,210.133
🔥c2:
45.89,189.6
45.140,167.95
31.41,44.117
62.173,141.28
46.8,19.44
195.123,211.112
#infosec #cybersecurity
https://t.co/LzuRcQknO3

#Ursnif #Gozi #Isfb Botnet 7716
24_03_2023 🇮🇹
a tema #MISE/#MEF/#AGENZIAENTRATE
via #SMB \Agenzia\Server.exe
46.8.19[.242
46.8.210[.86
Samples
https://t.co/kADezqnWmA
C2
193.233.175.]115
185.68.93].20
62.173.140].250
46.8.210.]133
@felixw3000 @58_158_177_102 @fumik0_
![JAMESWT_WT's tweet photo. #Ursnif #Gozi #Isfb Botnet 7716
24_03_2023 🇮🇹
a tema #MISE/#MEF/#AGENZIAENTRATE
via #SMB \Agenzia\Server.exe
46.8.19[.242
46.8.210[.86
Samples
https://t.co/kADezqnWmA
C2
193.233.175.]115
185.68.93].20
62.173.140].250
46.8.210.]133
@felixw3000 @58_158_177_102 @fumik0_ https://t.co/e21ujJMcLS](https://pbs.twimg.com/media/Fr93xoIX0AA5LRi.jpg)
Last Seen Hashtags on Sotwe
Trends for you
Most Popular Users

Elon Musk 
@elonmusk
240.7M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
110.6M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.7M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
90.9M followers

KATY PERRY 
@katyperry
87.7M followers

Taylor Swift 
@taylorswift13
81.5M followers

Lady Gaga 
@ladygaga
73M followers

Virat Kohli 
@imvkohli
69.9M followers

Kim Kardashian 
@kimkardashian
69.8M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
63.9M followers

Neymar Jr 
@neymarjr
62.7M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

X 
@x
60.8M followers

Selena Gomez 
@selenagomez
60.8M followers






![JAMESWT_WT's tweet photo. #ursnif #gozi #isfb update/tagged
Tag for samples named #putty from communicalink].com
💥https://t.co/7Y0T6EEJo9
Tag post #killchain or/and related
#Rozena #VNC #BadInteropt #Grabber #Plugin
⚠️https://t.co/7di70A4Q6o
💯Summary #agenziaentrate
https://t.co/kADezqnWmA https://t.co/znppDxeCnu](https://pbs.twimg.com/media/F7zJJV8WYAAs5Bq.jpg)
![JAMESWT_WT's tweet photo. #ursnif #gozi #isfb update/tagged
Tag for samples named #putty from communicalink].com
💥https://t.co/7Y0T6EEJo9
Tag post #killchain or/and related
#Rozena #VNC #BadInteropt #Grabber #Plugin
⚠️https://t.co/7di70A4Q6o
💯Summary #agenziaentrate
https://t.co/kADezqnWmA https://t.co/znppDxeCnu](https://pbs.twimg.com/media/F7zJHeRXgAARulJ.png)
![JAMESWT_WT's tweet photo. #ursnif #gozi #isfb update/tagged
Tag for samples named #putty from communicalink].com
💥https://t.co/7Y0T6EEJo9
Tag post #killchain or/and related
#Rozena #VNC #BadInteropt #Grabber #Plugin
⚠️https://t.co/7di70A4Q6o
💯Summary #agenziaentrate
https://t.co/kADezqnWmA https://t.co/znppDxeCnu](https://pbs.twimg.com/media/F7zIjlyXEAAI6Dm.jpg)
![JAMESWT_WT's tweet photo. "Commissione di osservanza sul registro tributario"
#agenziaentrate #ursnif
Email>Url>Zip>url>url>zip>hta>url>exe
Samples
https://t.co/kADezqnWmA
C2
mifrutty.]com
systemcheck].top
Exe
communicalink.]com/putty.exe
this time is ursnif named as putty
Run
https://t.co/Tfv6ErrFty https://t.co/Hq6x2xXlBF](https://pbs.twimg.com/media/F7wUthrXAAAamwl.png)
![JAMESWT_WT's tweet photo. "Commissione di osservanza sul registro tributario"
#agenziaentrate #ursnif
Email>Url>Zip>url>url>zip>hta>url>exe
Samples
https://t.co/kADezqnWmA
C2
mifrutty.]com
systemcheck].top
Exe
communicalink.]com/putty.exe
this time is ursnif named as putty
Run
https://t.co/Tfv6ErrFty https://t.co/Hq6x2xXlBF](https://pbs.twimg.com/media/F7wUs1tXcAASRaD.png)
![JAMESWT_WT's tweet photo. "Commissione di osservanza sul registro tributario"
#agenziaentrate #ursnif
Email>Url>Zip>url>url>zip>hta>url>exe
Samples
https://t.co/kADezqnWmA
C2
mifrutty.]com
systemcheck].top
Exe
communicalink.]com/putty.exe
this time is ursnif named as putty
Run
https://t.co/Tfv6ErrFty https://t.co/Hq6x2xXlBF](https://pbs.twimg.com/media/F7wTuE7W8AANOQm.jpg)








![Unit42_Intel's tweet photo. 2023-07-12 (Wednesday) - #Gozi/#ISFB infection in an AD environment led to #CobaltStrike C2: 170.130.55[.]162:443 - iamupdate[.]com. List of IOCs at https://t.co/PWtMgpJeqi https://t.co/Wws7FUudy5](https://pbs.twimg.com/media/F07JAp-XgAAYhUE.jpg)
![Unit42_Intel's tweet photo. 2023-07-12 (Wednesday) - #Gozi/#ISFB infection in an AD environment led to #CobaltStrike C2: 170.130.55[.]162:443 - iamupdate[.]com. List of IOCs at https://t.co/PWtMgpJeqi https://t.co/Wws7FUudy5](https://pbs.twimg.com/media/F07I_bvX0Acy_i2.jpg)
![Unit42_Intel's tweet photo. 2023-07-12 (Wednesday) - #Gozi/#ISFB infection in an AD environment led to #CobaltStrike C2: 170.130.55[.]162:443 - iamupdate[.]com. List of IOCs at https://t.co/PWtMgpJeqi https://t.co/Wws7FUudy5](https://pbs.twimg.com/media/F07I-OFWcAAzdQw.jpg)

![JAMESWT_WT's tweet photo. "BRT S.P.A. - Codice cliente 0XXXX (IDXXXX)
spam email spread #ursnif #gozi #italy
EML>Pdf>url>zip>js>url>dll
Samples
https://t.co/vfOQWIdOwC
Domain
s:/exeseria[.]com/
C2
s:/avas1ta.[com/in/login/
itwicenice[.com
s://avas1t.[de/in/loginq/
cc @58_158_177_102 @felixw3000 @fumik0_ https://t.co/ODYZDJQDmB](https://pbs.twimg.com/media/F0MTcDJXoAEWTvA.jpg)
![JAMESWT_WT's tweet photo. "BRT S.P.A. - Codice cliente 0XXXX (IDXXXX)
spam email spread #ursnif #gozi #italy
EML>Pdf>url>zip>js>url>dll
Samples
https://t.co/vfOQWIdOwC
Domain
s:/exeseria[.]com/
C2
s:/avas1ta.[com/in/login/
itwicenice[.com
s://avas1t.[de/in/loginq/
cc @58_158_177_102 @felixw3000 @fumik0_ https://t.co/ODYZDJQDmB](https://pbs.twimg.com/media/F0MTXOeXwAEh9mz.jpg)
![JAMESWT_WT's tweet photo. "BRT S.P.A. - Codice cliente 0XXXX (IDXXXX)
spam email spread #ursnif #gozi #italy
EML>Pdf>url>zip>js>url>dll
Samples
https://t.co/vfOQWIdOwC
Domain
s:/exeseria[.]com/
C2
s:/avas1ta.[com/in/login/
itwicenice[.com
s://avas1t.[de/in/loginq/
cc @58_158_177_102 @felixw3000 @fumik0_ https://t.co/ODYZDJQDmB](https://pbs.twimg.com/media/F0MTVbdWAAIK0us.jpg)


![JAMESWT_WT's tweet photo. "Secondo Sollecito di Pagamento del 27/04/2023: IT-xx"
#DHL spam email spread #ursnif #Gozi
Botnet 5050 Build 250257
Email>pdf>js>js>dll
Run
https://t.co/Tcl5BeNZk9
Samples backup
https://t.co/JJCE1C4tZE
C2
91.215.85.]222
Plugin (old samples)
94.140.115.]190/c64.jpg - sk64.jpg https://t.co/LbgbTH3a0r](https://pbs.twimg.com/media/FutXw45WwAAcCTA.jpg)
![JAMESWT_WT's tweet photo. "Secondo Sollecito di Pagamento del 27/04/2023: IT-xx"
#DHL spam email spread #ursnif #Gozi
Botnet 5050 Build 250257
Email>pdf>js>js>dll
Run
https://t.co/Tcl5BeNZk9
Samples backup
https://t.co/JJCE1C4tZE
C2
91.215.85.]222
Plugin (old samples)
94.140.115.]190/c64.jpg - sk64.jpg https://t.co/LbgbTH3a0r](https://pbs.twimg.com/media/FutWRz_WcAEKqvt.jpg)
![JAMESWT_WT's tweet photo. "Secondo Sollecito di Pagamento del 27/04/2023: IT-xx"
#DHL spam email spread #ursnif #Gozi
Botnet 5050 Build 250257
Email>pdf>js>js>dll
Run
https://t.co/Tcl5BeNZk9
Samples backup
https://t.co/JJCE1C4tZE
C2
91.215.85.]222
Plugin (old samples)
94.140.115.]190/c64.jpg - sk64.jpg https://t.co/LbgbTH3a0r](https://pbs.twimg.com/media/FutWRTzWcAMqXAC.jpg)
![JAMESWT_WT's tweet photo. "Secondo Sollecito di Pagamento del 27/04/2023: IT-xx"
#DHL spam email spread #ursnif #Gozi
Botnet 5050 Build 250257
Email>pdf>js>js>dll
Run
https://t.co/Tcl5BeNZk9
Samples backup
https://t.co/JJCE1C4tZE
C2
91.215.85.]222
Plugin (old samples)
94.140.115.]190/c64.jpg - sk64.jpg https://t.co/LbgbTH3a0r](https://pbs.twimg.com/media/FutWQcUX0AMlNz5.jpg)



![JAMESWT_WT's tweet photo. "Ricevuta di pagamento-Transazione n. " 29_03_2023
#agenziaentrate spread #ursnif #gozi Botnet 5050
Email > PDF >Url >Zip>JS>Url>Dll
Samples
https://t.co/kADezqnWmA
Urls
https://dobcia.]com/ora
http://dobcia.]com/
C2
91.215.85.[186
@58_158_177_102 @felixw3000 @fumik0_ https://t.co/FvkCeTwSvQ](https://pbs.twimg.com/media/FsYC9GYWwAIPD9q.jpg)
![JAMESWT_WT's tweet photo. "Ricevuta di pagamento-Transazione n. " 29_03_2023
#agenziaentrate spread #ursnif #gozi Botnet 5050
Email > PDF >Url >Zip>JS>Url>Dll
Samples
https://t.co/kADezqnWmA
Urls
https://dobcia.]com/ora
http://dobcia.]com/
C2
91.215.85.[186
@58_158_177_102 @felixw3000 @fumik0_ https://t.co/FvkCeTwSvQ](https://pbs.twimg.com/media/FsYCXhNXsAIzk8g.jpg)
![JAMESWT_WT's tweet photo. "Ricevuta di pagamento-Transazione n. " 29_03_2023
#agenziaentrate spread #ursnif #gozi Botnet 5050
Email > PDF >Url >Zip>JS>Url>Dll
Samples
https://t.co/kADezqnWmA
Urls
https://dobcia.]com/ora
http://dobcia.]com/
C2
91.215.85.[186
@58_158_177_102 @felixw3000 @fumik0_ https://t.co/FvkCeTwSvQ](https://pbs.twimg.com/media/FsYCXB5X0AE-LTo.jpg)
![JAMESWT_WT's tweet photo. #Ursnif #Gozi #Isfb Botnet 7716
24_03_2023 🇮🇹
a tema #MISE/#MEF/#AGENZIAENTRATE
via #SMB \Agenzia\Server.exe
46.8.19[.242
46.8.210[.86
Samples
https://t.co/kADezqnWmA
C2
193.233.175.]115
185.68.93].20
62.173.140].250
46.8.210.]133
@felixw3000 @58_158_177_102 @fumik0_ https://t.co/e21ujJMcLS](https://pbs.twimg.com/media/Fr93w7kWwAEBEgD.jpg)
![JAMESWT_WT's tweet photo. #Ursnif #Gozi #Isfb Botnet 7716
24_03_2023 🇮🇹
a tema #MISE/#MEF/#AGENZIAENTRATE
via #SMB \Agenzia\Server.exe
46.8.19[.242
46.8.210[.86
Samples
https://t.co/kADezqnWmA
C2
193.233.175.]115
185.68.93].20
62.173.140].250
46.8.210.]133
@felixw3000 @58_158_177_102 @fumik0_ https://t.co/e21ujJMcLS](https://pbs.twimg.com/media/Fr93wPqXwAIrzei.jpg)
