Alex. Turing Profile
Alex. Turing

@TuringAlex

Followers
940
Following
376
Media
66
Statuses
219

Kernel Developer | Security REsearcher | Basketball Fan {Botconf | VirusBulletin | Kaspersky SAS} Speaker Current: @Xlab_qax EX: @360Netlab @Kaspersky AKA 渣兔

Joined December 2014
Don't wanna be here? Send us removal request.
@TuringAlex
Alex. Turing
3 hours
Some #bots related to this campaign. Who's the mysterious figure behind "symtee"?🤔
Tweet media one
0
0
0
@TuringAlex
Alex. Turing
6 hours
🚨Mission from my big brother @SethKingHi: The payload in the sample is encrypted with AES_CBC and compressed with LZMA. The decryption key is derived from a parameter in Python. The final payload abuses a #Zulip chat room as its #C2. Happy hunting 🍷 & Stay vigilant⏰@Xlab_qax
Tweet media one
@SethKingHi
SKII
1 day
#OceanLotus #APT32 #PyPi. New version, supports Linux. /terminate.dll.1995682d600e329b7833003a01609252.c697848015bb8c2cbb7cc1502905ba23. colorinal-0.1.7-py3-none-xxxx.whl.ba2f1868f2af9e191ebf47a5fab5cbab.c5f0425dabd01d7ba80dfc3d5ca19841. /terminate.so
Tweet media one
Tweet media two
Tweet media three
1
0
6
@TuringAlex
Alex. Turing
1 month
🚨#APT #Higaisa Another intriguing discovery was the file 91f0ebb41949f14d16f1c70a4086cb45 utilized #AppImage as a "packing mechanism" to evade static detection🤔. It had only 7/66 on VT, while its extracted payload scored 27/66😅. Happy hunting 🍷 & Stay vigilant⏰ @Xlab_qax
Tweet media one
Tweet media two
Tweet media three
0
5
12
@TuringAlex
Alex. Turing
1 month
🚨 #IOC #Backdoor Identified low-detection #ELF samples on VT with a VMP-like shell, 🤔. Analysis of the dumped config confirms they are #NoodleRAT . #C2 📸{ 107.148.33.2 | 43.246.209.83 }📸. Ip 43 affiliated with #APT #Higaisa. Happy hunting 🍷 & Stay vigilant⏰@Xlab_qax
Tweet media one
Tweet media two
0
6
21
@TuringAlex
Alex. Turing
2 months
#IOC @rubick_ai Your servers are pwned! Attackers are leveraging them to serve up downloads for the #PickAI #backdoor. The #C2's detection rate is practically nonexistent right now. Happy hunting 🍷 & Stay vigilant! 📷@Xlab_qax
Tweet media one
Tweet media two
Tweet media three
@rai_india
Retailers Association of India (RAI)
2 months
Win the retail e-commerce game with an AI-powered ecosystem. We are excited to have as our Event Partner for the Bengaluru Retail Summit 2025!. is an AI-driven e-commerce platform that automates cataloguing, content creation, and
Tweet media one
0
2
4
@TuringAlex
Alex. Turing
2 months
很艰难的一次法国之旅,一落地就病倒了;很有意思的一次聚会,总是惊叹于大佬们的奇思妙想
Tweet media one
Tweet media two
Tweet media three
0
0
6
@TuringAlex
Alex. Turing
3 months
🚨 #IOC Identified zero-detection #ELF samples on VT with a VMP-like shell, featuring two uncommon sections🤔. Analysis of the dumped config confirms they are #APT41 #WINNTI #Backdoor. 📸 #C2 👉 {linux|rk|win}.tklolasi.com. Happy hunting 🍷 & Stay Stay vigilant! ⏰ @Xlab_qax
Tweet media one
Tweet media two
Tweet media three
Tweet media four
3
17
63
@TuringAlex
Alex. Turing
3 months
哈哈哈
Tweet media one
Tweet media two
Tweet media three
Tweet media four
1
0
0
@TuringAlex
Alex. Turing
3 months
🚨#IOC #ELF sample (cafbe0a19de0401d895c6d7c7c37f79b) with low detection 4/65 on VT, decrypted to reveal a payload consistent with the classic #Rekoobe #Backdoor, using get.astrarepository[.]com as its #C2. C2 is zero detections.Happy hunting 🍷 & Stay vigilant ⏰,@Xlab_qax
Tweet media one
Tweet media two
1
1
7
@TuringAlex
Alex. Turing
4 months
#IOC Some cool Easter eggs from #DDoS #Botnet 5FA0454DB32325C42EE70186CD5760C2: .📸"dick surgey isn't cheap" & 🚨"Arrest Alex".Bro—oh wait, I guess I should call you sis now 🤣. Did the surgery hurt? Also, please don’t arrest Alex.🙏 Happy hunting 🍷 & Stay vigilant ⏰,@Xlab_qax
Tweet media one
0
5
11
@TuringAlex
Alex. Turing
4 months
🚨#IOC #Backdoor New low detection #AutoColor samples found on VT, initially exposed by @Unit42_Intel , leverage a zero-detection #C2: update[.]dateplugs[.]com. Happy hunting 🍷 & Stay vigilant ⏰, @Xlab_qax
Tweet media one
Tweet media two
0
5
31
@TuringAlex
Alex. Turing
5 months
🫡Fox, you’ve got a keen eye for detail,👍. The bot isn’t actually leveraging the A record. The threat actor deliberately pulled an IP from the #FBI’s ASN infras —a bold, in-your-face provocation. The real #C2 communication is happening via the TXT record.Stay vigilant,@Xlab_qax
Tweet media one
Tweet media two
@banthisguy9349
Fox_threatintel
5 months
@TuringAlex @Xlab_qax That domain going to: Originated by AS25996.AS Name: FBI Criminal Justice Information Services. 😬😬😬.
0
4
17
@TuringAlex
Alex. Turing
5 months
A new #botnet rolls into town. The ciphertext quotes love song lyrics, what a sentimental threat actor,🤣. We’ve got another song for the actor, “Let It Go.”.#C2 👉 re.santasbigcandycane[.]ru. "santasbigcandycane" is clearly a nod to #Mirai. Have Fun and Stay vigilant @Xlab_qax
Tweet media one
Tweet media two
Tweet media three
2
0
13
@TuringAlex
Alex. Turing
5 months
🚨#Speculoos #Backdoor 3db8e26f059e8b1fd3bbb96c052cfe4a belongs to #APT41 #WINNTI, has stayed undetected since 2023.04.23. #IOC #C2 is sshc.webtechnovelty[.]com. Comparing with @Unit42_Intel samples, function names alone reveal expanded capabilities. Stay vigilant, ⏰@Xlab_qax
Tweet media one
Tweet media two
Tweet media three
3
25
89
@TuringAlex
Alex. Turing
5 months
Absolutely loved this #RE challenge—#Vo1d is a clever foe! If you’re into it, check out the Codomain & ASR_XXTEA parts—you won’t be disappointed. Oh, and if you want #DGA details , pls follow @Xlab_qax & DM—My boss’ll share u code.(他太闲了,给他找点活干,🤣)🍷"LONG LIVE THE RE"🍷.
@Xlab_qax
Xlab
5 months
Our latest blog dives into a new variant of #Vo1d #botnet. C2 sinkhole data reveals it has infected 1.6M Android TVs across 200+ countries. Now leveraging RSA , its network can remains secure even if researchers register DGA C2s
1
3
11
@TuringAlex
Alex. Turing
5 months
Back from Spring Festival🍷, finished a new blog on #Vo1d variant infected ~160m TV. For RE fans, the coolest bit is how the Vo1d author messed with the XXTEA , ditching LSR for ASR,total genius move👏! You can bet some #DDoS #botnets will nab this trick. Stay vigilant, @Xlab_qax
Tweet media one
0
2
10
@TuringAlex
Alex. Turing
6 months
January 20th is a special day. Let's take a look at a few #C2 domains: {trump2024.oss & liberalretard.libre}. It seems the botnet is run by #Trump supporters, but ironically, they launched a #DDoS attack on the Trump-#Musk Livestream in 2024. "Money is the root of. "🤣 @Xlab_qax
Tweet media one
Tweet media two
Tweet media three
3
1
6
@TuringAlex
Alex. Turing
7 months
🚨Initially thought to be a new #IOCONTROL sample from Germany on VT, turned out to be a UPX magic tweak—"ABC!" to "GBC!". Despite this minor tweak, the detection plummeted from 32/63 to just 3/63. #C2 points to a new IP: 3.127.232.142. who’s behind this update?@Xlab_qax @Claroty
Tweet media one
Tweet media two
Tweet media three
2
12
48
@TuringAlex
Alex. Turing
7 months
🚨🚨Recently caught the latest update from the #vo1d #android #botnet—still boasting an impressive scale of 1.3 million bots. Stay vigilant,⏰⏰!@Xlab_qax
Tweet media one
0
0
1
@TuringAlex
Alex. Turing
8 months
Haha, 英雄所“见”略同,😁.I dropped a Chinese analysis on this malware back on 11.28. I had a hunch there was some background to it, but didn’t realize it was this big, "a cyberweapon". The background and impact analysis in @Claroty's report is pure gold,🫡.
@Claroty
Claroty
8 months
🔬 Read #Team82's analysis of a new cyberweapon called #IOCONTROL that's been uncovered and used in attacks against the U.S. and Israel. The weapon is custom-built and its modular configuration allows it to be used against #IoT, #OT, and #SCADA systems.
Tweet media one
0
0
6