Discover and read the best of Twitter Threads about #TIBERIUS

Most recents (2)

A) My cat Tiberius and his Christmas present: a car ride with Mommy and Daddy, and no one else. Just the three of us! #thread #mycats #tiberius Image
B) Now, I should warn you! Mr. Tiberius Cat is nothing like Lila! Lila Cat loves car rides and begs us to drive everywhere, all day long. Look at her! She's posing for you as we speed along a major highway! Image
C) Not my cat Tiberius. Image
Read 6 tweets
🆕 Microsoft.Workflow.Compiler sample with low VT detection!
1⃣C:\ProgramData\ccm_deploy.xml 🧐
MD5 fb98cddfa2e13334989d27d1b5b7cdda
VT (0/56): virustotal.com/gui/file/8b6d8…
2⃣Loads C:\ProgramData\package.xml
MD5 a916ca1d57d9c3b2627907ab68a264fe
VT (1/58): virustotal.com/gui/file/9a8b5…
[1/4] Image
I uploaded both to @virusbay_io: beta.virusbay.io/sample/browse/…

and the extracted payload to @anyrun_app: app.any.run/tasks/35c09520…

STDOUT:
Injection Target Process = %ProgramFiles%\Internet Explorer\iexplore.exe
PPID Spoof Parent = True
PPID Spoof Process = explorer
Returned true
[2/4] Image
@virusbay_io @anyrun_app More info on @mattifestation's method:
1⃣ My favorite implementation uploaded publicly is this Excel file (probably authored by @egyed_laszlo):
2⃣ The first workflow VT sample uploaded was ~1 year ago:

^plus background & links
[3/4]
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!