![ClearskySec's tweet photo. Iranian #Oilrig campaign decoy: "User list must change password.xls", target in Saudi Arabia.
C2: coldflys[.]com
Further analysis:
https://t.co/v3QUrtI0zI
Leads and analysis with @ImPureMotion and @blu3_team https://t.co/RnpdrydRZX](https://pbs.twimg.com/media/DOwahIhXkAApLsM.jpg)
![ClearskySec's tweet photo. Iranian #Oilrig campaign decoy: "User list must change password.xls", target in Saudi Arabia.
C2: coldflys[.]com
Further analysis:
https://t.co/v3QUrtI0zI
Leads and analysis with @ImPureMotion and @blu3_team https://t.co/RnpdrydRZX](https://pbs.twimg.com/media/DOwagb0XUAAjSwC.jpg)
![ClearskySec's tweet photo. Iranian #Oilrig campaign decoy: "User list must change password.xls", target in Saudi Arabia.
C2: coldflys[.]com
Further analysis:
https://t.co/v3QUrtI0zI
Leads and analysis with @ImPureMotion and @blu3_team https://t.co/RnpdrydRZX](https://pbs.twimg.com/media/DOwafIDX0AAWYiB.jpg)
Olivia
Online
ImPureMotion
@ImPureMotion
The Cyberz
Joined February 2015
622 Following
194 Followers
110 Posts
@Kostastsale Awesome stuff - good recent use case from (https://t.co/pD0zru6vZb) where xcopy was used to rename rundll32 to entails.exe
tweaking the regex a bit if you have cmdline parsed out:
(xcopy|copy|copy-item|cp)\s+c:\\windows\\(system32|syswow64)\\[a-zA-Z0-9_\-]{1,}\.exe\s\w:\\.*\\?
![ImPureMotion's tweet photo. @Kostastsale Awesome stuff - good recent use case from (https://t.co/pD0zru6vZb) where xcopy was used to rename rundll32 to entails.exe
tweaking the regex a bit if you have cmdline parsed out:
(xcopy|copy|copy-item|cp)\s+c:\\windows\\(system32|syswow64)\\[a-zA-Z0-9_\-]{1,}\.exe\s\w:\\.*\\? https://t.co/UZjOxtC5nQ](https://pbs.twimg.com/media/F51PMWLa4AAiwoq.jpg)
@TheDFIRReport Fantastic stuff
HTML Smuggling Leads to Domain Wide Ransomware
➡️Initial Access: Thread-Hijacked Email > HTML Attachment
➡️Credentials: LSASS Access, SessionGopher
➡️Lateral Movement: RDP, PsExec
➡️C2: IcedID, Cobalt Strike
➡️Impact: Nokoyawa Ransomware
https://t.co/ncnD7VdKDI
1/X
Who to follow
Fafner [_KeyZee_]
@F_kZ_
Reverser, Malware Analyst. Mushrooms Killer ! (Unstoppable Pandaluche) Vambigilante ! #MalwareMustDie! #MMD! @circl_lu official OSS beta-testeur \o/
JaromirHorejsi
@JaromirHorejsi
malware researcher, reverse engineer, blogger, conference speaker, programmer, IT security professional
Anna Miaśkiewicz
@devnullek
@msuiche Scanning inbound email
@elonmusk Can we add folders to organize bookmarks?
@securitydoggo The tattoo should read "I <3 Active Lists"
@securitydoggo Have them try to beat you at Regex Golf:
https://t.co/5AXIsKsyTV
@securitydoggo Would be me exiting after no VT
@securitydoggo no more VT? :(
@ItsReallyNick @securitydoggo @James_inthe_box @lotus_ruan @PureReactions @_jsoo_ @bartblaze @blu3_team Hash for it: c22937cee87b45ba18c16318533648fb
@ItsReallyNick @securitydoggo @James_inthe_box @lotus_ruan @PureReactions @_jsoo_ @bartblaze @blu3_team Another one:
講座登入檢視意見回饋操作說明.doc
Lecture Login View Feedback Feedback Instructions .doc
Iranian #Oilrig campaign decoy: "User list must change password.xls", target in Saudi Arabia.
C2: coldflys[.]com
Further analysis:
https://t.co/v3QUrtI0zI
Leads and analysis with @ImPureMotion and @blu3_team
![ClearskySec's tweet photo. Iranian #Oilrig campaign decoy: "User list must change password.xls", target in Saudi Arabia.
C2: coldflys[.]com
Further analysis:
https://t.co/v3QUrtI0zI
Leads and analysis with @ImPureMotion and @blu3_team https://t.co/RnpdrydRZX](https://pbs.twimg.com/media/DOwahmpXUAAZ0dc.jpg)
#AridViper uses pastes on https://t.co/UqejdoARjB for second stage scripts delivery
Recent sample: محضر اجتماع اليوم - (Minutes of today 's meeting)
Details and Indicators in Raw Threat Intelligence:
https://t.co/5pPpv1cQyA
Credit @ImPureMotion
Last Seen Users on Sotwe
am delisi
Seen from Turkey
Mery 
Seen from Turkey
Çılgın şey
Seen from Turkey
beach sex
Seen from Turkey
柊_湊(MMD中)
Seen from Japan
ชะนีจริง
Seen from Thailand
ของเล่น 🎯 แก้เหงา By Rimuru Tempest
Seen from Thailand
แม่ยาย คนสวย
Seen from Thailand
🔞TÜRK İFŞA ADRESİ🔞
Seen from Turkey
Ahsan with Owais
Seen from Qatar
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers
✨
⭐
💫