Kafeine @kafeine - Twitter Profile

Pinned Tweet

Kafeine @kafeine

over 6 years ago

Kafeine's last tweet&post. Choose Again. https://t.co/L6Ve7zUEc7 Over and out.

88

279

65

11

0

Kafeine @kafeine

over 6 years ago

TFW your favorite actor, Sagrid (TA543), does not come back from vacation

4

64

12

2

0

Kafeine @kafeine

over 6 years ago

Is Gootkit gone?

1

8

2

0

Kafeine @kafeine

over 6 years ago

Archeology: Necurs (crap2p) and its distribution. If you are interested in what they were doing in 2011,you might want to look at this FakeRean: 7d5ea317f2d1248386b904301bb19bbde44df3e1c3d8d08cd0644fed24362e2a cc/thx @maciekkotowicz @Antelox

kafeine's tweet photo. Archeology: Necurs (crap2p) and its distribution.
If you are interested in what they were doing in 2011,you might want to look at this FakeRean: 7d5ea317f2d1248386b904301bb19bbde44df3e1c3d8d08cd0644fed24362e2a
cc/thx @maciekkotowicz @Antelox https://t.co/C2T3SsuzID

0

49

15

3

0

Who to follow

Xylitol

@Xylit0l

owner of https://t.co/PVTlUZSWgE and temari.fr - Security/Malware researcher, ethical carder, ex-treasurer of @Hack_Gyver and Temari fan ♥ #DIY #Electronic

The Honeynet Project

@ProjectHoneynet

To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Kimberly

@StopMalvertisin

Security Researcher | Cyber Threat / Malware Analyst | Ex Sr. Threat Analyst @ Proofpoint | Founder of Stop Malvertising

kafeine retweeted

mak @maciekkotowicz

over 6 years ago

I wrote something, it is also first public mention that i have a company and im free to hire ;]

1

53

18

1

0

kafeine retweeted

hadojae @switchingtoguns

over 6 years ago

Posting malware wireshark screencaps is pretty cool, but sharing #pcap with @ET_Labs to help protect the community is even cooler.

1

34

15

2

0

kafeine retweeted

grsecurity @grsecurity

over 6 years ago

@argvee @halvarflake @imaguid @dinodaizovi the future of users not having control of their own systems is a cure worse than the disease

1

37

19

0

kafeine retweeted

Stephen Hilt @sjhilt

over 6 years ago

Today @TrendMicroRSRCH published research that me and my colleges have been hard at work on. For 6 months we ran a factory. https://t.co/KjwbQ5ApuW

1

64

43

7

0

Kafeine @kafeine

over 6 years ago

@yvesago @malwrhunterteam @Malwaredev Hello, it's Ostap into Trickbot "red4" Ostap https://t.co/uTmxzBNqQC C2: http[://185.234.73[.119/0jORh2/OM0n8[.php?sd=s152[...] Trickbot: https://t.co/WjEKDs4Tw9

0

3

1

0

kafeine retweeted

hadojae @switchingtoguns

over 6 years ago

2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules) in the @EmergingThreats OPEN set as of Dec 29th

0

19

18

1

0

Kafeine @kafeine

over 6 years ago

Unsure yet what this comeback/evolution, after 2 years missing, of Zloader/Terdot.A is about...but this is one of the emerging trend in december 2019. cc/thx @tildedennis @threatinsight

kafeine's tweet photo. Unsure yet what this comeback/evolution, after 2 years missing, of Zloader/Terdot.A is about...but this is one of the emerging trend in december 2019. cc/thx @tildedennis @threatinsight https://t.co/eujIGHYDC1

1

44

20

3

0

kafeine retweeted

Fumik0_ @fumik0_

over 6 years ago

Let’s play (again) with Predator the thief https://t.co/3VdtbzNpcf

6

142

54

15

0

Kafeine @kafeine

over 6 years ago

Illustration of some ServHelper distribution for the past year (TL;DR: it's more than one actor)

0

50

22

1

0

Kafeine @kafeine

over 6 years ago

Note:TA505 != Dridex. They were massively spreading it, with, as customer, Necurs. Dridex 125 then 220 and 7200, but also Locky 3, Trickbot mac1 before moving to ServerHelper and FlawedAmmyy. Other actor are spreading Dridex. Smilex was part of the team spreading Dridex 120.

kafeine's tweet photo. Note:TA505 != Dridex. They were massively spreading it, with, as customer, Necurs. Dridex 125 then 220 and 7200, but also Locky 3, Trickbot mac1 before moving to ServerHelper and FlawedAmmyy. Other actor are spreading Dridex. Smilex was part of the team spreading Dridex 120. https://t.co/N8iJossZCH

2

108

48

3

0

kafeine retweeted

U.S. Department of Justice

@TheJusticeDept

over 6 years ago

Russian National Charged w/ Decade-Long Series of Hacking, Bank Fraud Offenses Resulting in Tens of Millions in Losses; 2nd Russian National Charged w/ Involvement in Deployment of “Bugat” Malware. Announced w/ @NCA_UK, @StateINL, @FBI, @WDPAnews, @USAO_NE https://t.co/Qy1cu1gkzB

21

235

184

7

0

Kafeine @kafeine

over 6 years ago

Buer loader - https://t.co/FbD6OoLW5a

0

41

18

1

0

Kafeine @kafeine

over 6 years ago

@BobbyEberle13 @BobbyEberle13 gopusa is compromised. You probably want to get that clean fast. (illustration - redirect to an Exploit Kit (RIG) itself dropping a malware (Trickbot "nev3") )

kafeine's tweet photo. @BobbyEberle13 @BobbyEberle13 gopusa is compromised. You probably want to get that clean fast. (illustration - redirect to an Exploit Kit (RIG) itself dropping a malware (Trickbot "nev3") ) https://t.co/7P47G5KLmx

0

4

2

0

Kafeine @kafeine

over 6 years ago

@BobbyEberle13 Hello, could you follow for a quick DM please ?

1

0

kafeine retweeted

Marc-Etienne M.Léveillé @marc_etienne_

over 6 years ago

I don’t endorse the vocabulary in this tweet but I’d like to share our side of things and perhaps set the records straight. We never really wanted to (and still don’t want to) discredit Dragos publicly, there is really no point. 1/x

3

218

85

12

0

Kafeine @kafeine

over 6 years ago

For the records, sLoad is still dropping Ramnit "fB1oN5frGqf" in Italy. https://t.co/8CYzCEycYj cc/thx @reecDeep @Antelox (cf: https://t.co/n2VqpmxB8n )