Discover and read the best of Twitter Threads about #IoCs

Most recents (5)

(1/6) To all investigators out there who have heard of #Maltego before, but still looking for more information. Here's what you need to know about Maltego 👇 #OSINT #infosec
(2/6) #Maltego is a link analysis tool that helps you automatically pull and map data from over 70 public data sources (#OSINT) and third-party data providers, and your own imported or custom data integrations. All of this done with a few clicks on the mouse in one interface.
(3/6) You start by providing input information for your investigation (name, alias, domain, IP address, etc.), install the data integrations you want to use, and #Maltego will retrieve relevant Entities from the data integrations and visualize the data connections between them.
Read 6 tweets
About a week ago, @TalosSecurity team shared some insights related to a recent cyber attack on @Cisco. According to Indicators of compromise, mentioned in this article (bit.ly/3K76lFJ), we have known this group of attackers since the beginning of 2022.
Group-IB's researchers has discovered their TTPs in a series of attacks using #CobaltStrike, #Sliver and #Covenant tools. Our internal name of this group is #TridentCrow.
One of the domains that was published by @Cisco (ciscovpn2[.]com) has a self-signed SSL certificate with unique values. According to Group-IB Threat Intelligence database, out of more than 2 billion certificates, only 39 have similar values and mimic well-known IT companies. Image
Read 14 tweets
#Sidewinder #APT

It seems that #Indian APTs have been raging war on #Pakistan with the same payloads over and over again. Meanwhile, Pakistani #Government and #Military is either helpless or over occupied. Following is another new sample that goes ages back.
A variant of this sample has attributed to #Sidewinder #APT by Govt. of Pak. The #malware is deployed using the shared image in a #phishing email using a similar methodology to that of Image
DOCX MD5: 2a6249bc69463921ada1e960e3eea589 Mech 8 ZIRC0N-TSIRK0N.doc
#Exploit: hashcheck[.]xyz/PY8997/yrql/plqs
RTF MD5: 7c11d5125c3fb167cca82ff8b539e3c7 plqs
#C2: sportfunk[.]xyz/topaz/foti
CVE-2017-11882 Image
Read 12 tweets
Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.
Threat hunting means to proactively search for malware or attackers that are hiding in your network — and may have been there for some time.
Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.
Read 19 tweets
#malspam campaign from 2.11 delivers both #LokiBot and #azorult interchangeably, archived in ISO files.
Files are packed with VB6 packer with file size of 524KB.
All C2 domains were active 31.10-2.11.
Sender: finances@ketmarine.nl
Subject: “Roxanne Heijt - Payment Swift Copy FYR”
#LokiBot #IOCs:
virustotal.com/#/file/71156ab… -> jadak[.]cf/minel/fre.php
virustotal.com/#/file/e7e002f… -> barzenkiyader[.]cf/Panel/five/fre.php
#AZORult #IOCs:
virustotal.com/#/file/f559f89… -> welcome2nov[.]ga/mine/index.php
virustotal.com/#/file/75ecba2… -> welcome2novv[.]gq/tuneshi/index.php
virustotal.com/#/file/12da76d… -> goodnovember[.]ml/denyo/index.php
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!