Over the 10k #malware C2 panels on https://t.co/NCtVSQlP6n

zenRAT active on 185[.158.251.148[:4000 Being promoted on TG and \\ #RAT

Currently seeing a surge on #CastleLoader malware being delivered through fake websites impersonating software used in enterprise environments such as Zabbix or RVTools (see photo 1 & 2). IOCS below 👾🔎 Please note that this campaign uses the same exact template lures of

If you want to understand attacker actions on target without being the target yourself, check out DeceptionPro. DeceptionPro creates an enterprise network for you to detonate malware payloads. Check out my blogpost in the thread to learn more about how it works. 🔗👇

Cyber Stealer jerk hiding behind se* shop (LLCPPC you need to do something again 🤣) dorklife[.vip cyberv2[.live https[://176[.65.141.143 fofa icon_hash="-516595605" @500mk500

New Active Panel 31[.58.169.29[:1133/login 151[.243.254.56[:1133/login

Low detection Latrodecus Signed "Ballbusters Oy" 😳 C2: gansroroyfgdst[.]com/work/, triosdoryumkas[.]com/work/ 49c20938fbd31a92a359147b539de76d59be71abf7560801ecc497ca9c8ae809 AnyRun: https://app.any[.]run/tasks/3becb418-0a63-48c5-b54d-adcea0450e45

🛡️Lazarus Stealer IP : 193.151.108.39 AS 207957( Serv .host Group Ltd ) Low detection on @virustotal more Lazarus servers detected by #C2Watcher on https://t.co/od5mNFcggD

#CYBERSTEALER #panel http[://195.177.94[.232/webpanel/panel/login.php https[://arbitrationengine[.com/webpanel/panel/login.php @500mk500 @ViriBack #Stealer #WEBPANEL #THREATINTEL

🕵️‍♂️ SpY-Agent v1.2 IP : 178.16.54[.]226:80 AS 209800( metaspinner net GmbH ) Undetected on @virustotal more Spy-Agent v1.2 servers detected by #C2Watcher on https://t.co/eSMKnpwhzM

🟢 Zerotrace IP : 185.174.135[.]177:8080 AS 59711( HZ Hosting Ltd ) Undetected on @virustotal more Zerotrace servers detected by #C2Watcher on https://t.co/CamTjDYMxD

Since end of August we observe infamous #LummaStealer communicating with DGA-like domain names 🤖👀, for example ⤵️ oneflof .ru georgej .ru bastxtu .top larpfxs .top ... We have seen such domains across 3 distinct IP address, all sharing the same SSL certificate (SHA1

https://t.co/MadDrCji3c cc: @ET_Labs

#malware #kamasers C2 ? MD5: 3337e14626b4d56b6604275de3fbfcc9 URL: 5.206.224[.]85:8080/panel_xyz123/panel.php

This ip is active : #amadey , #diamotrix, #tinyloader

#malware #lumma via #tinyloader 178.16.53[.]7/icoxn/login[.]php #cracked software see: https://t.co/7hMBqEItkv

#malware #fickle C2 Panel s://rivatalk[.]digital/panel/login.php s://soft-gets[.]com/panel/login.php 185.33.86[.]220/panel/login.php

#malware #castle loader C2 panel: 85.158.108[.]135:5050/login 64.52.80[.]44:9999/login re: https://t.co/cLe8wZkM27

We encountered a new loader advertised as "Morpheus" in underground forums 🕵️, recently dropped by #Amadey ⬇️🪲. Morpheus' C2 protocol is based on HTTP and works with tasks, where each task consists of an ID and a command 📣 Botnet C2: sophos-upd-srv .info 🇳🇱 The #malware

🚨 Found C2 login panel of BQTlock / BAQIYATLock RaaS → http[://92.113.146[.56/ @500mk500 @ViriBack #CyberSecurity #Ransomware #ThreatIntel #BQTlock #BAQIYATLock #loginpanel

@ReplitSupport https://t.co/6gxhD2Jxoq