Johannes Bader @viql - Twitter Profile

Johannes Bader @viql

11 months ago

@abuse_ch @andretavare5 Why not 429 (too many requests)?

1

0

81

Johannes Bader @viql

over 1 year ago

@500mk500 👍 Thanks for the suggestion, I just added the blog

1

2

0

67

Johannes Bader @viql

over 1 year ago

Today, I'm releasing the first version of a small web 🚀: https://t.co/WZMsLWpGEK It provides IOCs and YARA rules collected semi-automatically from public blog posts and reports of almost 200 cybersecurity sites. I hope it proves useful to some of you ... 🙏✨ #ThreatIntel

viql's tweet photo. Today, I'm releasing the first version of a small web 🚀: https://t.co/WZMsLWpGEK

It provides IOCs and YARA rules collected semi-automatically from public blog posts and reports of almost 200 cybersecurity sites.

I hope it proves useful to some of you ... 🙏✨ #ThreatIntel https://t.co/Xe75VxDruj

17

372

123

278

32K

Johannes Bader @viql

over 1 year ago

@Cthulhu_Answers 🤣 No def not, Sorry! Should be fixed now.

1

0

345

Who to follow

Deep Malware and Phishing Analysis for Windows, Android, macOS and Linux.

Dee

@ViriBack

#Malware C2 hunter #infosec passionate. Tweets are my own.

viql retweeted

abuse.ch

@abuse_ch

over 1 year ago

According to @GovCERT_CH , an unknown threat actor has sent out postal letters (yes, *postal* letters ✉️) to recipients in Switzerland that pretend to originate from @meteoschweiz, luring the recipient into downloading and installing a rogue App 🔥🕵️‍♂️ The QR code in the letter leads to a malicious App that impersonating the "AlertSwiss" App of the federal administration. However, the App in fact is a version of Coper (aka Octo2) #malware, infecting mobile phones running Android 📱🤖 Payload delivery URL: 🌐 https://t.co/vzAGBkVnLw Malware sample: 📄 https://t.co/lE9k6fcMbR Coper botnet C2: 🔥 https://t.co/91aVy0Lj9X ➡ https://t.co/df528E4EVm

0

78

29

16

28K

viql retweeted

Jesko Hüttenhain @huettenhain

over 1 year ago

What's happening? #FlareOn11 is happening! Time to update #BinaryRefinery and snag some flags! ✨ https://t.co/E20pgo1E4d ✨ https://t.co/EnGsAnDvEm

huettenhain's tweet photo. What's happening? #FlareOn11 is happening! Time to update #BinaryRefinery and snag some flags!
✨ https://t.co/E20pgo1E4d
✨ https://t.co/EnGsAnDvEm https://t.co/5deULwW5U3

0

48

17

11

5K

viql retweeted

ThreatCat.ch @threatcat_ch

almost 2 years ago

We're proud to be a @Quad9DNS partner, helping make the Internet a safer place!

0

14

4

0

6K

Johannes Bader @viql

about 2 years ago

@BlakeDarche @Cloudflare Great, thank you very much.

0

27

Johannes Bader @viql

about 2 years ago

Could you please share your IOCs in any format that is NOT low screenshots @Cloudflare 🙏? https://t.co/sZvC8jecBn

1

0

385

viql retweeted

abuse.ch

@abuse_ch

about 2 years ago

Nice #MooBot botnet caught by @banthisguy9349 😂 Botnet C2 domain: 🔥 putin.zelenskyj .ru Pointing to: 45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪) DNS resolution provided by Cloudflare 🔎 Payload URLs: 🌐 https://t.co/ToX5LhAIwp Payload: 📄 https://t.co/SilCChmsW4

abuse_ch's tweet photo. Nice #MooBot botnet caught by @banthisguy9349 😂

Botnet C2 domain:
🔥 putin.zelenskyj .ru

Pointing to:
45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪)

DNS resolution provided by Cloudflare 🔎

Payload URLs:
🌐 https://t.co/ToX5LhAIwp

Payload:
📄 https://t.co/SilCChmsW4 https://t.co/Zw7H8kU3eB

4

34

9

6

10K

viql retweeted

Daniel Plohmann @push_pnx

about 2 years ago

I wrote a blog post about MalpediaFLOSSed, a collection of ~4 million strings extracted from 1800+ malware families and upgrading its GUI plugin to work with IDA, Ghidra, and Binary Ninja at once! Kudos to @hyun____22 for Hyara, which pioneered such cross-tool compatibility!

1

88

32

31

13K

Johannes Bader @viql

over 2 years ago

@Artilllerie @malwrhunterteam @JAMESWT_MHT Nice catch! There is indeed a DGA behind the .life domain names, but for now they use a time-independent seed. https://t.co/uDcLWdb9KX

1

9

2

3

855

Johannes Bader @viql

almost 3 years ago

@joyofcodedev Very nice! @Rich_Harris also created an emoji matching game for his excellent "Svelte Fundamentals" course on @FrontendMasters. His course is paywalled, but you find the game on Vercel / GitHub. 🎮: https://t.co/DGA1DG0RqJ 📺: https://t.co/fGCzDyqk4H 📄: https://t.co/H5gYxXhLxs

0

2

0

1

146

viql retweeted

ThreatCat.ch @threatcat_ch

almost 3 years ago

New blog post: https://t.co/xI4rW74gfq #nuclei

0

2

3

0

824

viql retweeted

Daniel Plohmann @push_pnx

almost 3 years ago

I wrote a short blog post on MCRIT, the one-to-many code similarity analysis framework that we released as open source recently at @Botconf.

1

37

23

5

5K

Johannes Bader @viql

about 3 years ago

@_mostwanted002_ This is the #khalesi info stealer. The DGA picks 10 random alphanumeric characters with a common Mersenne Twister implementation. Unfortunately, the seed is just the current tick count, so unpredictable for both the attackers and analysts.

viql's tweet photo. @_mostwanted002_ This is the #khalesi info stealer. The DGA picks 10 random alphanumeric characters with a common Mersenne Twister implementation. Unfortunately, the seed is just the current tick count, so unpredictable for both the attackers and analysts. https://t.co/NfQkgXVRB2

1

0

32

viql retweeted

Jesko Hüttenhain @huettenhain

about 3 years ago

#BinaryRefinery 0.5.10 can deobfuscate this sample with little effort. Only had to add one new unit for StrReverse constant folding. Not a silver bullet, obviously, but why write those regular expressions yourself when you can make me do it for you?

huettenhain's tweet photo. #BinaryRefinery 0.5.10 can deobfuscate this sample with little effort. Only had to add one new unit for StrReverse constant folding. Not a silver bullet, obviously, but why write those regular expressions yourself when you can make me do it for you? https://t.co/cuoo9cnE2o

1

14

5

6

3K

viql retweeted

ThreatCat.ch @threatcat_ch

about 3 years ago

🛠️ .NET malware decompiling challenges: Obfuscations of strings/constants can be tedious. Automate w/ IDA Pro's Python 🐍 interface for MSIL binary patching, even for simple cases: https://t.co/CDLfXbfmg8 #CyberSecurity #MalwareAnalysis #IDAPro #DotNET

threatcat_ch's tweet photo. 🛠️ .NET malware decompiling challenges: Obfuscations of strings/constants can be tedious. Automate w/ IDA Pro's Python 🐍 interface for MSIL binary patching, even for simple cases: https://t.co/CDLfXbfmg8
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET https://t.co/FFyaSpNmRr

0

86

27

23

11K

viql retweeted

ThreatCat.ch @threatcat_ch

about 3 years ago

New video on the Domain Generation Algorithm of the file infector m0yv. We've sinkholed multiple domains & show how infections dramatically increased in the last 400+ days 📈. #m0yv #DGA https://t.co/OW3P0tk05s

threatcat_ch's tweet photo. New video on the Domain Generation Algorithm of the file infector m0yv. We've sinkholed multiple domains & show how infections dramatically increased in the last 400+ days 📈. #m0yv #DGA

https://t.co/OW3P0tk05s https://t.co/8UDMwYXRf2

1

6

5

3

1K

viql retweeted

Nils Kuhnert @0x3c7

over 3 years ago

Just updated the "malwarebazaar" Python module to include a Python and CLI client for @abuse_ch #YARAify and added a "richer" output. You can find it on Github (https://t.co/xOj5B6JkmD) and on PyPI (via "malwarebazaar"). #threatintel #malware

0x3c7's tweet photo. Just updated the "malwarebazaar" Python module to include a Python and CLI client for @abuse_ch #YARAify and added a "richer" output. You can find it on Github (https://t.co/xOj5B6JkmD) and on PyPI (via "malwarebazaar").
#threatintel #malware https://t.co/t1GyuOncn6

2

113

34

19

17K

Johannes Bader

@viql

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users