#quantLoader - Twitter Hashtag

over 6 years ago

#Quantloader serving #zeus as part of the latest campaign. b590755cd6fa8ab3d6c5a8702fa41249d3361749b0a0609dc4c0383c76ad5358 #Malienist

0

3

2

0

Dee

@ViriBack

over 7 years ago

#Malware #quantloader C2 on very.ruvmp[.]ru/admin/ 185.212.130[.]15

1

9

2

0

Dee

@ViriBack

almost 8 years ago

New #quantloader #malware instance on gelmonterom[.]com/admin/ see: https://t.co/JnDdZYCccS

0

5

1

0

James @James_inthe_box

about 8 years ago

@Mesiagh @JAMESWT_MHT @avman1995 @NelsonSecurity @executemalware @HazMalware @pollo290987 @_ddoxer @malware_traffic @neonprimetime @Techhelplistcom @dvk01uk @baberpervez2 @malwrhunterteam #quantloader per @ViriBack https://t.co/klJYxdctjY different domain it seems.

Dee

@ViriBack

about 8 years ago

New #quantloader first seen today. #Malware #opendir on same domain. usuf[.]top/q/admin/ see: https://t.co/Z9cmByE9CV

1

13

8

0

2

18

2

0

Dee

@ViriBack

about 8 years ago

New #quantloader first seen today. #Malware #opendir on same domain. usuf[.]top/q/admin/ see: https://t.co/Z9cmByE9CV

1

13

8

0

Dee

@ViriBack

about 8 years ago

6 Months of #QuantLoader #malware activities - Stats and #IOC see: https://t.co/eEoytfuJrD

2

10

8

0

Dee

@ViriBack

about 8 years ago

#Malware #quantloader C2 first seen today... heroskatopirango[.]com/391f4jda9s/a/admin/ see: https://t.co/ZZxdXEjsfG

0

5

2

0

Dee

@ViriBack

about 8 years ago

New #quantLoader #malware C2 panel seen today: dada.grantflaskparty[.]com/admin/ see: https://t.co/CzAj4TQQfd

1

6

5

0

Paul Burbage @hexlax

about 8 years ago

#Necurs spam botnet actors now using ARS VBS Loader instead of #QuantLoader for #FlawedAmmyy campaigns. ARS C2: hxxp://untorsnot[.]in/voice/gate[.]php FlawedAmmyy C2: 169.239.129[.]38:443 Same URL Zip email attachments, downloads ARS VBS via SMB.

hexlax's tweet photo. #Necurs spam botnet actors now using ARS VBS Loader instead of #QuantLoader for #FlawedAmmyy campaigns.
ARS C2: hxxp://untorsnot[.]in/voice/gate[.]php
FlawedAmmyy C2: 169.239.129[.]38:443
Same URL Zip email attachments, downloads ARS VBS via SMB. https://t.co/gvAUDHB4qb

2

29

23

1

0

Vitali Kremez @VK_Intel

about 8 years ago

4-20-2018: #QuantLoader #malware campaign Spam Theme: “Reciba su Factura electrónica” 🇪🇸 Make Build: [84aec3] Version: [1.53] ✅Block C2: dackdack[.]online krkr44[.]club krkr55[.]club MD5: cd1634599deef00174d1fa3ca74e9ffa (h/t @pollo290987) 1.45 diary -> https://t.co/8eRTmjomPg

VK_Intel's tweet photo. 4-20-2018: #QuantLoader #malware campaign
Spam Theme: “Reciba su Factura electrónica” 🇪🇸
Make Build: [84aec3]
Version: [1.53]
✅Block C2:
dackdack[.]online
krkr44[.]club
krkr55[.]club
MD5: cd1634599deef00174d1fa3ca74e9ffa
(h/t @pollo290987)
1.45 diary ->
https://t.co/8eRTmjomPg https://t.co/E4FZgT3woY

1

27

17

0

Menlo Security @menlosecurity

about 8 years ago

Researchers warning of a new email #phishing campaign that downloads & launches #QuantLoader, capable of distributing #ransomware & stealing passwords; spread via @Microsoft url shortcut files that use a variation of CVE-2016-3353 @LindseyOD123 @threatpost https://t.co/LkYQcJQOxr

menlosecurity's tweet photo. Researchers warning of a new email #phishing campaign that downloads & launches #QuantLoader, capable of distributing #ransomware & stealing passwords; spread via @Microsoft url shortcut files that use a variation of CVE-2016-3353 @LindseyOD123 @threatpost https://t.co/LkYQcJQOxr https://t.co/xsuKwjKwDn

0

1

0

Threatpost

@threatpost

about 8 years ago

Watch out for this new #phishing campaign pushing a #trojan capable of distributing #ransomware and stealing passwords. https://t.co/TzMDjBfFcg #QuantLoader

0

7

8

0

Threatpost

@threatpost

about 8 years ago

Watch out for this new #phishing campaign pushing a #trojan capable of distributing #ransomware and stealing passwords. https://t.co/TzMDjBxgAQ #QuantLoader

0

8

9

0

Dee

@ViriBack

about 8 years ago

#Malware C2 Panel seen for the first time Today: #QuantLoader #Pony #AgentTesla #Azorult #ISRStealer https://t.co/Tmp3GYAraT cc: @benkow_ @Xylit0l @FourOctets

ViriBack's tweet photo. #Malware C2 Panel seen for the first time Today:

#QuantLoader #Pony #AgentTesla #Azorult #ISRStealer

https://t.co/Tmp3GYAraT

cc: @benkow_ @Xylit0l @FourOctets https://t.co/AqukAE6fij

1

16

5

0

James @James_inthe_box

about 8 years ago

@IsraSource @virusbay_io This is #quantloader -> #evilammyy: https://t.co/YgMO77FYLY you can also just http to the same site.

Racco42 @Racco42

about 8 years ago

So, todays "URL" malspam is "Photos from <girl's name>", .url -> .vbs from 169.239.129.25/content or 169.239.129.25/stream. Ibet it will be followed by QuantLoader :-D

1

15

5

0

1

2

0

Chip @b3ard3dav3ng3r

about 8 years ago

#Malicious IP 169.239.128.129 serving #Quantloader and is wierd. Yesterday it had /upload which is down and currently is with /media_source with multiple wsf files

b3ard3dav3ng3r's tweet photo. #Malicious IP 169.239.128.129 serving #Quantloader and is wierd. Yesterday it had /upload which is down and currently is with /media_source with multiple wsf files https://t.co/ZZEhBFrIDI

1

3

5

0

𝘚𝘢𝘭𝘷𝘢𝘵𝘰𝘳𝘦 𝘊𝘢𝘮𝘱𝘰𝘭𝘰 ֎ @Totocellux

about 8 years ago

#Necurs #BotNet #MalSpam Pushes #QuantLoader And Follow-Up #Malware - https://t.co/rjlUXYddQY @malware_traffic ➡️ #CyberCrime #InfoSec #CyberAttacks #MalwareAnalysis #Ransomware #CyberSecurity

0

2

1

0

Microsoft Threat Intelligence

@MsftSecIntel

about 8 years ago

#Pliskal (aka #QuantLoader) is a known family of trojan downloaders. Our analysis of related domains shows that the malware can download a wide range of payloads, including #ransomware, #coinminer, #infostealers, and other threats.

0

6

7

0

Microsoft Threat Intelligence

@MsftSecIntel

about 8 years ago

The #spam campaign that delivers .url files in .zip archives is still very active. Today attackers are using “Voice Message” in subject & email body. Yesterday "discount","sale","coupon","offer","promo" were used. But it's the same campaign that leads to #Pliskal (#QuantLoader).

MsftSecIntel's tweet photo. The #spam campaign that delivers .url files in .zip archives is still very active. Today attackers are using “Voice Message” in subject & email body. Yesterday "discount","sale","coupon","offer","promo" were used. But it's the same campaign that leads to #Pliskal (#QuantLoader). https://t.co/O9aEWugVsP

2

6

11

0

\_(ʘ_ʘ)_/ @pollo290987

about 8 years ago

#QuantLoader VM_04-03-2018_02465.zip 521f052dc581261cb1eef7df1c62f08b Subject: Voice Message from Outside Caller (1m 51s) Payload pfm-traduction,com GET /iUyfemds7??NtmaDOcTl=NtmaDOcTl

pollo290987's tweet photo. #QuantLoader
VM_04-03-2018_02465.zip
521f052dc581261cb1eef7df1c62f08b

Subject: Voice Message from Outside Caller (1m 51s)

Payload
pfm-traduction,com GET /iUyfemds7??NtmaDOcTl=NtmaDOcTl https://t.co/H2Dq3uKqCd

1

6

1

0

Top Tweets for #quantLoader

Last Seen Hashtags on Sotwe

Trends for you

Most Popular Users