Olivia
Online
Kryptos Logic
@kryptoslogic
Los Angeles, CA
Joined May 2017
0 Following
5.6K Followers
60 Posts
Following up on our last analysis of Trickbot's web inject module we are now publishing a deep dive into the module:
https://t.co/kCJeP4vcWw
Telltale now has data on the Log4j 2 (CVE-2021-44228) vulnerability, over the coming days this data will expand as we find new ways to scan for this complex attack surface.
CERTs and Orgs with their assets added will see data in real time as we find it.
https://t.co/Am1pbVIO4W
We're hiring! Come join our growing threat research team developing new and interesting capabilities to automate analysis of threats and help improve the victim discovery/notification process.
https://t.co/8cxl2ONnzQ
We've just scanned for CVE-2021-41773 and found at least 12,000 vulnerable hosts on the internet, likely more out there. Make sure you patch! The list of vulnerable hosts has been loaded into Telltale (https://t.co/caXU7r95M8).
Who to follow
Steve YARA Synapse Miller
@stvemillertime
AI threat intelligence @google
writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Bad Packets by Okta
@bad_packets
We provide cyber #threatintel on emerging threats, DDoS botnets, and network abuse.
SpecterOps
@SpecterOps
Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
We observed changes to AnchorDNS & an interesting new component - read more about it here:
https://t.co/W18hnQsQPa
We recently discovered some changes TrickBot made to their webinjects module, read about our finding here: https://t.co/A6K1i789ue
ProxyLogon stats: 250k uniq IPs scanned, 29796 vulnerable, 97827 shells across 15150 unique IPs. This data has been loaded into Telltale (https://t.co/caXU7rqHaI). Please patch and run Microsoft's MSERT tool to clean up any webshells
Out of the 237496 exchange servers we just scanned, 31454 were vulnerable to ProxyLogon/CVE-2021-26855. This list has been loaded into Telltale (https://t.co/caXU7rqHaI). Please patch and run Microsoft's MSERT tool to clean up any webshells
Second run of yesterday's Special Report containing data from a later (2021-03-14 23:30:00 UTC) run of @kryptoslogic's potentially vulnerable MS #Exchange server Internet-wide scan just sent out. Increases data from 59142 to 73555 unique IPs, in 6501 to 7254 ASNS, 211 to 212 geos
Special Report just re-run containing updated data on web shells dropped on compromised MS #Exchange servers, again courtesy of @kryptoslogic. 2021-03-15 edition covers 22731 easily found web shells exposed on 20437 unique IP addresses - all requiring urgent remediation
We just finished another scan for webshells. This time we looked at double the number of paths and found 22731 shells across 12861 unique source IPs. This list has been loaded into Telltale (https://t.co/DSlRPzD6SZ).
Out of the 231084 exchange servers we just scanned, 62018 were vulnerable to ProxyLogon/CVE-2021-26855. Once again this list has been loaded into Telltale (https://t.co/caXU7rqHaI). Please patch and run Microsoft's MSERT tool to clean up any webshells
Over the next few days we'll be fine tuning our scanning and gathering more data - we think there's probably a bunch more based on other people's data but this is what we have tonight. 2/2
We've just loaded 60k~ IPs into Telltale (https://t.co/caXU7rqHaI) which we've found vulnerable to ProxyLogon/CVE 2021-26855 - this is being exploited in the wild - please patch and run Microsoft's MSERT tool to look for signs of compromise. We suspect there are more then 60k 1/2
With many un-patched MS #Exchange Servers still being rapidly compromised, we have partnered with @kryptoslogic to provide another Special Report covering 6720 exposed webshells that could be used to deploy ransomware, etc. Please remediate urgently!
https://t.co/Ya6AqhEljY
We've just discovered 6970 exposed webshells which are publicly exposed and were placed by actors exploiting the Exchange vulnerability. These shells are being used to deploy ransomware. If you're signed up to Telltale (https://t.co/caXU7rqHaI) you can check you're not affected
We came across a new Trickbot module used for network reconnaissance - read more here:
https://t.co/UvUGyubGFB
As a result of the law enforcement takedown of Emotet we're able to distribute alerts to victims via our platform:
https://t.co/Am1pbVIO4W
Read more about the takedown here:
https://t.co/ELK7CBQhfq
Faster Poly1305 key multicollisions https://t.co/jqCQRsXuY2
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers