![ctrlaltintel's tweet photo. Cool find from @sysopfb here is a couple of Images from the Panel, This specific panel was delivering a MacOS stealer notnullOSX
http.html:"notnullOSX " - Shodan Search
http://111.90.]143.163:8080/install https://t.co/6Xe38A3SZe](https://pbs.twimg.com/media/HF8IAD_XoAAIWZa.png)
![ctrlaltintel's tweet photo. Cool find from @sysopfb here is a couple of Images from the Panel, This specific panel was delivering a MacOS stealer notnullOSX
http.html:"notnullOSX " - Shodan Search
http://111.90.]143.163:8080/install https://t.co/6Xe38A3SZe](https://pbs.twimg.com/media/HF8H7SHaMAASEuo.jpg)
![ctrlaltintel's tweet photo. Cool find from @sysopfb here is a couple of Images from the Panel, This specific panel was delivering a MacOS stealer notnullOSX
http.html:"notnullOSX " - Shodan Search
http://111.90.]143.163:8080/install https://t.co/6Xe38A3SZe](https://pbs.twimg.com/media/HF8HneyXsAAh-2a.jpg)
Olivia
Online
sysopfb
@sysopfb
Threat Intel as a reverse-engineer in Crimeware domain. Dubbed "Malware Mangler" by TheRegister. [email protected]
Joined August 2016
758 Following
4.3K Followers
952 Posts
Pinned Tweet
Maksim Yakubets was indicted but treasury department also went after Evil Corp, what is really interesting is all the alluding to them being linked to FSB and as it turns out Yakubets is married to the daughter of Eduard Bendersky. w/ Joshua Platt @ WSJPro in Charlotte, NC
1/3
Dumped a bunch of notes surrounding a macos based stealer from etherhiding clickfix https://t.co/7OSGD8l9tM someone also released a blog surrounding pieces of it last night: https://t.co/Z2Gv7uJLoF
Cool find from @sysopfb here is a couple of Images from the Panel, This specific panel was delivering a MacOS stealer notnullOSX
http.html:"notnullOSX " - Shodan Search
http://111.90.]143.163:8080/install
![ctrlaltintel's tweet photo. Cool find from @sysopfb here is a couple of Images from the Panel, This specific panel was delivering a MacOS stealer notnullOSX
http.html:"notnullOSX " - Shodan Search
http://111.90.]143.163:8080/install https://t.co/6Xe38A3SZe](https://pbs.twimg.com/media/HF8IKFlXgAAU4LB.png)
Nice writeup https://t.co/1P5sUB0UlH Of note is a panel: hxxp://65.38.120.]80:8080 they left some tidbits behind in the login page: <<label>Пул доменов (по одному на строку)</label>"oeannon.]com&#10;heethcote.]com&#10;windlrr.]com"
![sysopfb's tweet photo. Nice writeup https://t.co/1P5sUB0UlH Of note is a panel: hxxp://65.38.120.]80:8080 they left some tidbits behind in the login page: <<label>Пул доменов (по одному на строку)</label>"oeannon.]com&#10;heethcote.]com&#10;windlrr.]com" https://t.co/h9MMqD4TuR](https://pbs.twimg.com/media/HF4bVpOWAAAgKNs.jpg)
https://t.co/D79qFw0WRC
https://t.co/JNXpRozK8i
https://t.co/DfWSPeQEZW
https://t.co/g50arBh3qk
https://t.co/H48GQgHevx Kudos to GitHub they were taking stuff down very fast
https://t.co/JRVsEuHZyX
DFIRReport pastebin link also lines up with one of the pastebins I saw in my blog - "cLika3dt"; https://t.co/tStFUVd3VH
Auto decoding IOCs from Arechclient and the onboard browser extension they drop https://t.co/PCIjGz8nE4
Auto decoding IOCs from Arechclient and the onboard browser extension they drop https://t.co/PCIjGz8nE4
https://t.co/PQQO0fTMgQ go through a little of the panel they are using for the fake invites also
https://t.co/pDm0sFnuI2
https://t.co/CZJvZnb2I2
@diego_gg95 Oh well take what I said as a best guess, also don’t feel too bad all the detections from av on vt were less than 5 out of 60+ or however many vt uses nowadays and most were very generic detections
Samples look like stealers. Some of the recent ones being Lumma placekeawe(.my
I got drained, fully drained.
Hi everyone, I'm just coming to share with you all the worst day of my life, and how it happened so that you guys don't ever have to pass through it.
Thread below.
@diego_gg95 The recent ones I’ve seen are LummaC with a c2 of the domain I posted. If you still have yours you can upload it to virustotal and shoot out the link to the file and we can verify if you want.
Maksim Yakubets was indicted but treasury department also went after Evil Corp, what is really interesting is all the alluding to them being linked to FSB and as it turns out Yakubets is married to the daughter of Eduard Bendersky. w/ Joshua Platt @ WSJPro in Charlotte, NC
1/3
Eduard Benderskiy sanctioned: https://t.co/ymQo19iAd9
Last Seen Users on Sotwe
PostgraduateMY
Seen from United States
arul 
Seen from Netherlands
100% TÜRK VİP İFŞA
Seen from Turkey
Rajeev Chandrasekhar 🇮🇳
Seen from United Arab Emirates
nyamnyam
Seen from Indonesia
Fatin
Seen from Brazil
Suka dipaksa
Seen from Malaysia
梦
Seen from Malaysia
La Cà Tứ Phương
Seen from Vietnam
Tvman Chris Dot 🔞
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers