dmpdump
@G60930953
Followers
492
Following
10K
Media
33
Statuses
802
RT @x64dbg: We're excited to announce a major new release of x64dbg!. The main new feature is support for bitfields, enums and anonymous ty….
0
243
0
Looks like a variation of activity from earlier this year:.
army-mil.zapto[.]org, army-mil.b-cdn[.]net,.207b27f4f17802dc951b6300eaeeaed181ee7567526325f940e66242f54d3add.
0
1
3
I took a look at modified #XWORM RATs with the #Underbyte version distributed via trojanized installers using Donut #shellcode loaders.27.124.2[.]138:6000.
1
6
27
Related samples identified by @malwrhunterteam before.
"MIIT-CIETC-IIE-函.pdf .IMG": 88a67b1b0875495b30e93ec925908ed2fade26005f5d50f59f8c45f51e2fc01b.🤔
1
1
4
Sample originally found by @malwrhunterteam:
Some FUD on VT Linux sample: ea41b2bf1064efcb6196bb79b40c5158fc339a36a3d3ddee68c822d797895b4e.Seen from China and Singapore, with a few seconds difference in submission time. 🤔.43.159.18[.]135
0
1
3
Likely Chinese Threat Actor Uses Low Detection Linux Backdoor and NHAS Reverse SSH.C2: 119.42.148[.]187:2443.Proxy: 43.159.18[.]135:2333.#backdoor.
2
15
80
RT @thezedwards: Our team at Silent Push has been hard at work on the largest report we’ve ever made public – and along with Reuters – toda….
0
42
0
I took a look at this LNK uploaded from Taiwan. It leads to a simple Python backdoor:.C2: https://eip.netask.workers[.]dev.
Suspicious LNK uploaded from Taiwan (🇹🇼). f4bb263eb03240c1d779a00e1e39d3374c93d909d358691ca5386387d06be472(. downloads setup[.]exe . 4e256572e001b76872074878f8ecd2be3f237c9b3a18d0059e2f4a3888579b5b. from: hxxps://mail[.]9kyd[.]com . @malwrhunterteam @AzakaSekai_ @smica83.
1
11
49
"Letter to SHQs - SOPs for outsourcing of sevices by defense services.desktop": a2ffcaf180400a332d5ad06338b3528cf22a16486d8027ee21be503a9690aefb
0
4
7
RT @_CPResearch_: Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we intr….
0
107
0
@500mk500 Also:.Залишки централізованого постачання на 26.03.2025.rar.25a1b69aa52789c8cd44e85b8ef9b306.
0
0
2
договір на закупівлю дизельного палива.rar (VB File Stealer uploaded from Ukraine).2d0426e274912de7e2bdad281011ed74 .185.105.188[.]13 (used).145.224.94[.]134 (not used).62.16.0[.]50 (not used).45.10.90[.]95 (not used).@500mk500 is this #gamaredon?
3
3
6
Originally found by @malwrhunterteam .
Possible interesting "CNP_MFA_Meeting_Documents.zip" seen from Cambodia: a2c128fc040ed2db7634134f0577b3267164b71f692fc9b37c08e48b168d89e6.->."Meeting_Staff_List.lnk": 7e0da1399ff99e41493db489159668db566b6b00cd367e770619b774ec515809
0
1
4
2
8
45
#WinOS #ValleyRAT.DLL Hijacking.Shellcode decryption + EnumFontsW callback function.8010.helloqu[.]com:7777.8010.helloqu[.]com:80
"票根.zip": d391016b69bd9b8f23412c16538e1527948375212014af88eb0be28738b5d6cb.From: http://matearestobar[.]com/ -> http://iahdixoc.homekitchenthings[.]com/票根.zip.192.238.134[.]101
1
24
105
