#andeloader - Twitter Hashtag

8 months ago

🚨We continue to see new lines in #CryptersAndTools #Steganography Fuzzed two possible URLs delivering the same malware 1013.txt and 1012.txt #AndeLoader used to load Agent Tesla in RegAsm.exe mail@detarcoopmedical[.]com photos@detarcoopmedical[.]com 🇵🇹 used #TA558 ? SAMPLE BELOW

ShadowOpCode's tweet photo. 🚨We continue to see new lines in #CryptersAndTools #Steganography
Fuzzed two possible URLs delivering the same malware
1013.txt and 1012.txt
#AndeLoader used to load Agent Tesla in RegAsm.exe
mail@detarcoopmedical[.]com
photos@detarcoopmedical[.]com
🇵🇹 used
#TA558 ?
SAMPLE BELOW https://t.co/NMbQtjDyJe

2

27

11

4

13K

Cipher Tech @ciphertech

10 months ago

Next ACCE release is available. See the updates for #CVE20258088 #AndeLoader #INCRansomware #KitsuneRat #MythicAgentsPoseidon https://t.co/nDVLkx9rWp

0

2

3

0

2K

Simplicio Sam L. @marsomx_

11 months ago

@JAMESWT_WT @guelfoweb @AndreaDraghetti @VirITeXplorer @1ZRR4H @Max_Mal_ @fr0s7_ similar to what we saw few days ago #andeloader via stego image injects #purelogs into aspnet_compiler.exe and it seems they like strozzapreti 🍝 https://t.co/ykyHlHYIcb

marsomx_'s tweet photo. @JAMESWT_WT @guelfoweb @AndreaDraghetti @VirITeXplorer @1ZRR4H @Max_Mal_ @fr0s7_ similar to what we saw few days ago #andeloader via stego image injects #purelogs into aspnet_compiler.exe

and it seems they like strozzapreti 🍝

https://t.co/ykyHlHYIcb https://t.co/tMIF7pJJVJ

Simplicio Sam L. @marsomx_

12 months ago

@anyrun_app @JAMESWT_WT @k3dg3 @500mk500 @skocherhan @VirITeXplorer @guelfoweb @DPesolo @AndreaDraghetti @Certego_Intel @1ZRR4H @c_APT_ure @0xToxin @pr0xylife final payload #purelogs 📡212.23.222[.56: 20341 #purerat injected into aspnet_compiler.exe, downloads #purelogs dubbed ClassLibrary4.dll from c2, which in turn sends stolen info back malware version: 4.0.1 NEW DAY @abuse_ch please adjust c2 tag accordly

marsomx_'s tweet photo. @anyrun_app @JAMESWT_WT @k3dg3 @500mk500 @skocherhan @VirITeXplorer @guelfoweb @DPesolo @AndreaDraghetti @Certego_Intel @1ZRR4H @c_APT_ure @0xToxin @pr0xylife final payload #purelogs

📡212.23.222[.56: 20341

#purerat injected into aspnet_compiler.exe, downloads #purelogs dubbed ClassLibrary4.dll from c2, which in turn sends stolen info back
malware version: 4.0.1 NEW DAY

@abuse_ch please adjust c2 tag accordly https://t.co/KyX2GEtMfN

1

10

3

2

1K

0

4

1

0

328

Simplicio Sam L. @marsomx_

about 1 year ago

@MalGamy12 @cod3nym Awesome work, thanks for sharing! Just a little detail: .net #loader seems related to #andeloader. similar infection chain covered here: https://t.co/F68FpwNlJg sample analyzed more deeply here: https://t.co/xDJqmpJBGR

RussianPanda 🐼 🇺🇦

@RussianPanda9xx

almost 2 years ago

Check out my recent writeup on #AndeLoader delivering #0bj3ctivityStealer. It's been some time since we last saw AndeLoader popping up ☺️ Link: https://t.co/i8TqvYDUT9

RussianPanda9xx's tweet photo. Check out my recent writeup on #AndeLoader delivering #0bj3ctivityStealer. It's been some time since we last saw AndeLoader popping up ☺️

Link: https://t.co/i8TqvYDUT9 https://t.co/2HIHhMGP4H

3

63

14

7K

0

4

0

152

Simplicio Sam L. @marsomx_

about 1 year ago

[1/3] multi stage #stego campaign vs #italy 🇮🇹 leads to #xworm rat via #andeloader (h/t @abuse tag: spam-ita @JAMESWT_WT ) mail > 7z > js > ps1 > ande loader from #stego image from archive[.org > b64 #xworm payload from paste[.ee > msbuild.exe possible #BlindEagle apt-c-36 ? 🤔

marsomx_'s tweet photo. [1/3] multi stage #stego campaign vs #italy 🇮🇹 leads to #xworm rat via #andeloader (h/t @abuse tag: spam-ita @JAMESWT_WT )

mail > 7z > js > ps1 > ande loader from #stego image from archive[.org > b64 #xworm payload from paste[.ee > msbuild.exe

possible #BlindEagle apt-c-36 ? 🤔 https://t.co/ZTcb3Nw8Z9

2

17

8

2

2K

Aaron Jornet

@RexorVc0

over 1 year ago

#BlindEagle APT-C-36 #DcRAT #Threat #Malware 📍🇨🇴 💥🇨🇴🇪🇨🇵🇦🌎 ⛓️ #Phishing > UEE|ZIP > EXE > Fake DOC > #vbs > Task Persistence > Download dll + execution > dll download #AndeLoader + #DcRAT > Inject #RAT into RegSvcs > #C2 🔗360 Threat Intelligence: https://t.co/dWLBn3GBNQ

RexorVc0's tweet photo. #BlindEagle APT-C-36 #DcRAT #Threat #Malware

📍🇨🇴
💥🇨🇴🇪🇨🇵🇦🌎

⛓️ #Phishing > UEE|ZIP > EXE > Fake DOC > #vbs > Task Persistence > Download dll + execution > dll download #AndeLoader + #DcRAT > Inject #RAT into RegSvcs > #C2

🔗360 Threat Intelligence: https://t.co/dWLBn3GBNQ https://t.co/q99eHANCj7

1

48

18

13

4K

Threat Intelligence @threatintel

almost 2 years ago

#ThreatProtection New #phishing attack deploys #0bj3ctivity Stealer via #Discord CDN and #AndeLoader. Read More about Symantec's protection: https://t.co/7YCg8gZQAP #InfoStealer

0

3

2

1

0

RussianPanda 🐼 🇺🇦

@RussianPanda9xx

almost 2 years ago

Check out my recent writeup on #AndeLoader delivering #0bj3ctivityStealer. It's been some time since we last saw AndeLoader popping up ☺️ Link: https://t.co/i8TqvYDUT9

3

63

14

7K

ReconBee @ReconBee

over 2 years ago

Ande Loader Malware Targets Manufacturing Sector in North America https://t.co/TuGpXYtTfH #Andeloader #loadermalware #malware #manufacturer #northamerica #CyberSecurity #cybersecurite #CybersecurityNews #CyberSecurityAwareness

0

1

0

20

RussianPanda 🐼 🇺🇦

@RussianPanda9xx

over 2 years ago

Checkout my writeup on #PhantomControl delivering #AndeLoader and #SwaetRAT via ScreenConnect. And no, I didn’t misspell SwaetRAT 🤭 https://t.co/lMcyObSxQR @esthreat

RussianPanda9xx's tweet photo. Checkout my writeup on #PhantomControl delivering #AndeLoader and #SwaetRAT via ScreenConnect. And no, I didn’t misspell SwaetRAT 🤭

https://t.co/lMcyObSxQR

@esthreat https://t.co/5qpJwlIG7W

2

84

23

12

8K

Top Tweets for #andeloader

Last Seen Hashtags on Sotwe

Trends for you

Most Popular Users