#Retefe - Twitter Hashtag

over 3 years ago

@tosscoinwitcher @James_inthe_box @pr0xylife @0xToxin @0n315 ... it has been dropping other bankers like: #Kronos, #Chthonic #Retefe #TrickBot and others, beside known #Stealer campaigns. This lead me to assess this is just another Setup of some TA. I could be wrong of course which is why you could do a code comparison using e.g. #Intezer

1

2

0

124

abuse.ch

@abuse_ch

over 4 years ago

The oldest, active malware distribution site is hosted at Affinity Internet Inc located in Chicago (USA 🇺🇸), spreading #Retefe for 2 1/2 years! 👎 Incredible... how ignorant can an internet service provider be?😕 👉 https://t.co/nhBxs5YQHI

abuse_ch's tweet photo. The oldest, active malware distribution site is hosted at Affinity Internet Inc located in Chicago (USA 🇺🇸), spreading #Retefe for 2 1/2 years! 👎 Incredible... how ignorant can an internet service provider be?😕

👉 https://t.co/nhBxs5YQHI https://t.co/eYHtahsh7C

0

14

5

1

0

OPSWAT

@OPSWAT

almost 6 years ago

Detect, prevent, and analyze ransomware #Retefe in seconds using OPSWAT #MetaDefender Cloud: https://t.co/GC9zNfN5m7 Before you open any suspicious files, scan it first through our #MetaDefender cloud: https://t.co/EIYJY98R6a

0

2

1

0

OPSWAT

@OPSWAT

over 6 years ago

OPSWAT vs. #Retefe Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. See how OPSWAT helps to prevent Retefe ↓

OPSWAT's tweet photo. OPSWAT vs. #Retefe

Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version.

See how OPSWAT helps to prevent Retefe ↓

0

5

2

0

OPSWAT

@OPSWAT

over 6 years ago

OPSWAT vs. #Retefe Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. See how OPSWAT helps to prevent Retefe ↓

0

4

1

0

F5 Labs @F5Labs

over 6 years ago

Recent #RETEFE samples we analyzed contain embedded, obfuscated JavaScript code, which uses tricks like utilizing "https://t.co/olknLz3Lgx" to generate attacks. RETEFE obtains a list of running processes to simulate a user clicking “Yes” on a certificate warning dialog box.

F5Labs's tweet photo. Recent #RETEFE samples we analyzed contain embedded, obfuscated JavaScript code, which uses tricks like utilizing "https://t.co/olknLz3Lgx" to generate attacks. RETEFE obtains a list of running processes to simulate a user clicking “Yes” on a certificate warning dialog box. https://t.co/9nMHW2po8C

1

5

1

0

··• psyL[0]cK  @shainsingh

almost 7 years ago

if you haven't heard of the banking #malware called #retefe, you will soon enough. /cc @f5labs https://t.co/AB1E1cqEQG

0

1

0

F5 Labs @F5Labs

almost 7 years ago

[IN REVIEW] #Retefe uses special sandbox evasion techniques to avoid detection & prevent code from correctly executing when launched from somewhere other than the intended target. #Malware authors check if installed language is only en-US, Retefe exits without proper execution.

F5Labs's tweet photo. [IN REVIEW] #Retefe uses special sandbox evasion techniques to avoid detection & prevent code from correctly executing when launched from somewhere other than the intended target. #Malware authors check if installed language is only en-US, Retefe exits without proper execution. https://t.co/L8te9eVl2o

0

12

7

0

F5 Labs @F5Labs

almost 7 years ago

[IN REVIEW] Recent #Retefe samples contain embedded, obfuscated JavaScript code, which tries to retrieve confidential information from the infected computers. It then writes the log and uploads it to the suspicious server. #malware

F5Labs's tweet photo. [IN REVIEW] Recent #Retefe samples contain embedded, obfuscated JavaScript code, which tries to retrieve confidential information from the infected computers. It then writes the log and uploads it to the suspicious server. #malware https://t.co/ZIRPwq9kPU

1

5

1

0

F5 Labs @F5Labs

almost 7 years ago

[IN REVIEW] #Retefe sample contains an interesting author’s monologue inside the obfuscated and encoded function, which adds the fake certificate to the #Firefox browser.

F5Labs's tweet photo. [IN REVIEW] #Retefe sample contains an interesting author’s monologue inside the obfuscated and encoded function, which adds the fake certificate to the #Firefox browser. https://t.co/H7G5BSWKTj

1

23

2

0

Proofpoint

@proofpoint

about 7 years ago

2019: The Return of #Retefe. https://t.co/kS098U72Zh via the Proofpoint @threatinsight research team.

0

1

0

Proofpoint

@proofpoint

about 7 years ago

2019: The Return of #Retefe. https://t.co/kS098U72Zh via the Proofpoint @threatinsight research team.

0

2

0

IT Finanzmagazin

@ITFinanzmagazin

about 7 years ago

Seit April gibt es einen massiven Anstieg der Angriffe mit dem Online-Banking-Trojaner #Retefe. Im Fokus stehen vor allem deutsche und Schweizer Nutzer. https://t.co/glFfWvgsaS

0

Pierluigi Paganini - Security Affairs @securityaffairs

about 7 years ago

#Retefe #Banking #Trojan resurfaces in the threat landscape with innovations https://t.co/aW1OxVCot8 #securityaffairs #malware #hacking

0

1

0

Pierluigi Paganini - Security Affairs @securityaffairs

about 7 years ago

@MalwarePatrol @Malwageddon @proofpoint @_odisseus @zlab_team @Marco_Ramilli @yoroisecurity #Retefe #Banking #Trojan resurfaces in the threat landscape with innovations https://t.co/aW1OxVCot8 #securityaffairs #malware #hacking

0

3

1

0

JaromirHorejsi @JaromirHorejsi

about 7 years ago

#retefe #banker #config #norway #switzerland

1

5

4

1

0

Antelox @Antelox

about 7 years ago

@James_inthe_box @malwrhunterteam Confirmed #Retefe dropper. The javascript payload extracted: https://t.co/1jHpcwGnSw C&Cs: hxxp://3bbbccvomp5uhznz.onion hxxp://auybplpgam3c62tc.onion hxxp://hiv3dylycjbvgrxr.onion hxxp://m2pgzofn4w6ttgbb.onion hxxp://n6g66hecwbnf7bg4.onion

2

10

4

0

James @James_inthe_box

about 7 years ago

A possible #retefe signed sample (via TTP's) found by @malwrhunterteam; drops socat, tor, 7zip, sadly fizzles out on execution. hash a33080f16c9386a4fbe9e678cca13907d6ab141e698d05728681e6d7e94e213b just about everywhere by now.

James_inthe_box's tweet photo. A possible #retefe signed sample (via TTP's) found by @malwrhunterteam; drops socat, tor, 7zip, sadly fizzles out on execution.

hash a33080f16c9386a4fbe9e678cca13907d6ab141e698d05728681e6d7e94e213b just about everywhere by now. https://t.co/AMG4fINbNn

2

40

9

3

0

JR @JR0driguezB

over 7 years ago

@avman1995 @James_inthe_box @nao_sec @VK_Intel Maybe related with #Retefe ? https://t.co/UTQy6A05bn

JR @JR0driguezB

almost 8 years ago

@JaromirHorejsi Diferent Proxy on my side, but seeing them as well! #Retefe banking trojan

0

5

2

0

1

2

1

0

Artilllerie ☣ @Artilllerie

over 7 years ago

#Retefe > Low detected payload (8/70): https://t.co/K8uAmab91L > Number of C&C: ~5 > Conf: /3bbbccvomp5uhznz.onion /auybplpgam3c62tc.onion /hiv3dylycjbvgrxr.onion /m2pgzofn4w6ttgbb.onion /n6g66hecwbnf7bg4.onion @malwrhunterteam

0

4

3

0

Top Tweets for #Retefe

Last Seen Hashtags on Sotwe

Trends for you

Most Popular Users