andrew danis
@andrewdanis
Followers
2K
Following
30K
Media
948
Statuses
24K
DFIR | threat intel | detection engineering. @halo player for @Vyrus_eSports. vocalist. views are my own.
Joined March 2011
Covered "Silent Season" off the latest @ThousandBelow record. First cover in 2 years, hope you enjoy!.
0
2
9
Was seeing this as of 7/17, check for IIS process w3wp.exe spawning child processes.
We are observing active global exploitation of critical Microsoft SharePoint vulns CVE-2025-49704 and CVE-2025-49706. Orgs worldwide are being targeted. Patch immediately. The exploits are real, in-the-wild and pose a serious threat. IoCs we've seen:
0
2
3
Reoccurring theme of bullshit PDF Editing software, signed, probable credential harvester:. Name: ECHO INFINI SDN. BHD. Serial Number: 3F EB AE 41 89 68 85 E9 1F DB 20 E0 95 0C 60 54. https://appsuites[.]ai.
0
0
1
RT @Malinowski: A career FBI agent who did everything right is driven out of the Bureau because of a personal friendship with someone on Ka….
0
3K
0
Signed likely Oyster C2 sample:. Signer: Shanxi Jiusheng Tongtai Trading Co., Ltd. Serial: 3C 7F 0B 3E 22 B1 57 2B 71 88 3C 94.
0
1
1
RT @TirahAtt: Pam Bondi has just told the American Bar Association it will no longer have access to vet judicial candidates. I assume this….
0
4K
0
Here's a sample in case the above get taken down:. Signer: "DECISION CONSULTANT SOLUTIONS LTD".Will be reporting this + all others, thanks @SquiblydooBlog for certReport!.
1
0
1
Bunch of interesting recently uploaded signed malware samples hosted at: https://gitlab[.]com/softwarecloud/filestorage/. Looks similar to ChromeLoader samples, drops an electron app + dependencies, points at https://software-intallation.netlify[.]app for a fake loading bar.
2
0
2
malicious domain freecad-software[.]com - distributing signed fake CAD software downloads which drops an infostealer, certificate info:.KABA SAFARIS LIMITED.Thumbprint: 9C4F91294F57D3F77DEC413B8995F80FA73BB313.Currently FUD on VT:.
1
1
8
RT @hutchinson: There is a deep rot in the heart of this administration. This from Vance is chilling, profoundly un-American rhetoric. I….
0
180
0
RT @adamscochran: Trump has done *a lot* of criminal, horrible, impeachable shit. But, if the Trump administration fails to return Garcia,….
0
13K
0
RT @hutchinson: Recall that for years Republicans fumed over the completely unsubstantiated claim that Obama personally directed the IRS to….
0
55
0