Discover and read the best of Twitter Threads about #WinRar

Most recents (2)

1/ So, site impersonating @Fortinet downloads signed MSI that uses Powershell to run #BatLoader, if the user is connected to a domain (corporate network) it deploys:

1) #Ursnif (Bot)
2) #Vidar (Stealer)
3) #Syncro RMM (C2)
4) #CobaltStrike
And possibly
5) #Ransomware 💥 ImageImageImageImage
2/ For initial deployment they use NirCmd, NSudo and GnuPG (to encrypt payloads) among other utilities.

* Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}" -Recurse
* Remove-Encryption -FolderPath $env:APPDATA -Password '105b' ImageImageImageImage
3/ The websites are boosted through SEO poisoning and impersonate brands such as @Zoom, @TeamViewer, @anydesk, @LogMeIn, @CCleaner, #FileZilla and #Winrar among others.

/teamviewclouds.com
/zoomcloudcomputing.tech
/logmein-cloud.com
/teamcloudcomputing.com
/anydeskos.com ImageImageImageImage
Read 10 tweets
1/5
La #Sicurezza nella P.A. al tempo di #Kaspersky.
@AdmGov (nota agenzia fiscale italiana): riassunto in tre screenshot (vds. tweet successivi) Image
2/5
Sistema Operativo: #Windows7; direi, obsoleto ma, probabilmente, è il meno Image
3/5
Browser: #InternetExplorer 11 (ultimo aggiornamento KB4534251 risalente al 10-03-2020)
Gran parte degli #applicativi in uso girano solo sotto IE

Antivirus: dopo aver disinstallato #Sophos (un paio di mesi fa, probabilmente perché scaduto il contratto) #WindowsDefender
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!