Explore tweets tagged as #Modiloader
@kienbigmummy
m4n0w4r
2 years
Tweet media one
Tweet media two
0
4
26
@karol_paciorek
Karol Paciorek
1 year
🔓#opendir 147.50.253[.30. 🔑Abotihy.exe - #PHEMEDRONE. 🔗C2:.💬/bot5358754228:AAE42HAGW1bzIPxU7iVRC_96iDuHcwSjjVo/sendMessage?chat_id=5556872222. 🖥️8888.exe - #MODILOADER -> 147.50.253[.30:8888 -> Process.exe. 🖥️Client.exe - #NJRAT -> 147.50.253[.30:6522 -> WindowsServices.exe
Tweet media one
2
9
41
@karol_paciorek
Karol Paciorek
1 year
🚨 Suspicious IP #opendir:.209.126.87[.92:8888. 🌐 Domain:.premiere-coal-tonight-procedure.trycloudflare[.com . 🔗 File chain:.iz.exe - #modiloader #remcos.🔽.onedrive[.live.com/download?resid=F4D24344D7B13420%21110&authkey=!AL5-vxbOzO8Bd8E.🔽.255_Sraomttecbk. 📝 1/2
Tweet media one
4
13
33
@d4rksystem
Kyle Cucci
1 year
Dropping a #Yara rule for a new variant of #DBatLoader/#ModiLoader in the wild:. #100DaysOfYara
Tweet media one
0
6
24
@skocherhan
ܛܔܔܔܛܔܛܔܛ
1 month
taqareer[.]tech.#modiloader #Remcos
Tweet media one
1
1
3
@sans_isc
SANS.edu Internet Storm Center
2 years
ISC Diary: @malware_traffic saw #GuLoader or #ModiLoader/#DBatLoader style traffic for #RemcosRAT
Tweet media one
1
22
37
@kienbigmummy
m4n0w4r
5 years
Recently, I have been investigating a malware loader which is ModiLoader. This loader is delivered through the Malspam services to lure end users to execute malicious code. #VinCSS #ModiLoader #MalwareAnalysis #Z2A
Tweet media one
Tweet media two
Tweet media three
Tweet media four
1
21
69
@kienbigmummy
m4n0w4r
3 years
🔥#maldoc sample spread #ModiLoader(#DBatLoader) was submitted from VN. 🐛hash:797ad98c5e34adaf78da488638b1bfe724d2750844e2d67725b0e84a2aa14c06.☠️external link->#mal rtf->contain #sc->download #ModiLoader payload (1/2)
Tweet media one
Tweet media two
3
18
50
@ankit_anubhav
Ankit Anubhav
4 years
Tweet media one
1
3
5
@sans_isc
SANS.edu Internet Storm Center
2 years
ISC Diary: @malware_traffic reviews #Formbook from possible #ModiLoader (#DBatLoader)
Tweet media one
0
21
62
@0xToxin
Ne0ne | Igal
3 years
"Pre_Procurement Verification (Mog Energy)_Ref_TR0029388827772_10_27_2022". malspam mail -> sharepoint URL -> password protected 7z -> 3 #modiloader -> #AveMaria executables. C2: pentester0.accesscam[.org. Bazaar:. check comments for #modiloader opendir
Tweet media one
Tweet media two
Tweet media three
1
8
13
@ankit_anubhav
Ankit Anubhav
3 years
#Modiloader / #Dbatloader . The .z archive leads to exe, which uses lVali UserAgent to download encrypted file from Onedrive ( so MS doesn't take it down ). Post decryption its injected in legit MS process like sndvol to do the C2 comms on 42020 port.
Tweet media one
Tweet media two
1
19
37
@securityonion
Security Onion
2 years
Today's quick #malware analysis with #SecurityOnion:. FORMBOOK from possible MODILOADER pcap from 2023-06-16. Thanks to @malware_traffic for sharing this #pcap!. More screenshots:. #infosec.#infosecurity.#CyberSecurity.#ThreatHunting.#IncidentResponse
Tweet media one
Tweet media two
Tweet media three
Tweet media four
1
10
19
@skocherhan
ܛܔܔܔܛܔܛܔܛ
2 months
32ba1ee78874a80a23a0d09427d52af6.05ef4ca659965c1d3faa58077b0f9943.#FormBook #ModiLoader #DBatLoader
Tweet media one
Tweet media two
@marsomx_
Simplicio Sam L.
2 months
[4/4].drop url:.176.65.144[.23/ff/kkinng.txt.sha256: .954b611a8e8163b42691ec83d4ff0077ef6f80505a434d03e04c9ae19494ea13.
0
0
1
@phage_nz
Chris
3 years
ModiLoader/Netwire RAT with UAC bypass script. OneDrive host: tgkzva.db.files.1drv[.]com C2 hosts: 213.152.162[.]181 184.75.221[.]171 199.249.230[.]27 185.103.96[.]143 185.104.184[.]43 C2 Port: 5133 Sample:
Tweet media one
Tweet media two
Tweet media three
0
19
52
@sans_isc
SANS.edu Internet Storm Center
2 years
ISC Diary: @malware_traffic reviews a malspam-based #ModiLoader infection for #RemcosRAT
Tweet media one
0
31
65
@virusbtn
Virus Bulletin
2 months
AhnLab's ASEC team identify and analyse cases of the ModiLoader (DBatLoader) malware being distributed via emails impersonating a Turkish bank and leading to SnakeKeylogger.
Tweet media one
1
13
27
@TheHackersNews
The Hacker News
3 months
🚨 Europol's Operation Endgame just busted 5+ SmokeLoader customers linked to ransomware, spyware, and crypto theft. Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks. 🔗 Full story:
Tweet media one
2
34
75
@skocherhan
ܛܔܔܔܛܔܛܔܛ
1 month
lightstone[.]ae.#modiloader @userlolxxl @AbuseAE
Tweet media one
2
2
6
@sans_isc
SANS.edu Internet Storm Center
2 years
Email Spam with Attachment Modiloader
Tweet media one
1
14
18