Discover and read the best of Twitter Threads about #malware

Most recents (12)

Let's go step-by-step and do some basic live process forensics for #Linux. Today's contestant is a bindshell backdoor waiting for a connection on Ubuntu. We saw something odd when we ran:

netstat -nalp

#DFIR #threathunting #forensics
netstat -nalp shows a process named "x7" PID with a listening port that we don't recognize. #DFIR
First thing we'll do is list out /proc/<PID> to see what is going on. Our PID is 5805:

ls -al /proc/5805

The current working directory is /tmp. The binary was in /tmp, but was deleted. A lot of exploits work out of /tmp and /dev/shm on Linux. This is a major red flag. #DFIR
Read 13 tweets
#BREAKING: Trump asked the President of Ukraine to investigate @Crowdstrike, a now publicly traded company $CRWD that 1st determined state-sponsored Russian hackers hacked the DNC. There is no server in Ukraine .. but that's beside the point #infosec
Here's our thread on @crowdstrike from 07-24-19 documenting the continued propaganda efforts coming from the Kremlin 2 smear & muddy the waters on something that has been fact 4 a number of yrs & confirmed in the Mueller report #infosec #osint #Hamilton68
This is a good breakdown of the Ukraine call with Zelensky and spells out numerous problematic sections #UkraineTranscript
Read 8 tweets
💣Treason💣

Trump Lawyers claim that any criminal inv’n of Trump is unconstitutional.🙄

Chief of the Major Economic Crimes Bureau is involved in the Mazars Subpoena, not Vance

WB Complaint Is Said to Involve Multiple Acts by Trump —Not just a phone call or single convo.
💣Treason2💣

The WBC goes beyond a commitment that Trump was said to have made to world leader(s), one such instance involves Ukraine.

Giuliani traveled to Ukraine to pressure that gov’t outside of formal diplo channels to effectively help the Trump reelection effort
💣Treason3💣

By investigating Hunter Biden about his time on the board of Burisma, a Ukrainian gas company.

8/28/19 Trump holds up Ukraine military aid meant to confront Russia

9/5/19: Trump tries to strong arm Ukraine to meddle in the 2020 election.
Read 61 tweets
⚠️ MALWARE VIA PEC ⚠️

Falso messaggio PEC che simula la trasmissione di una fattura elettronica proveniente da un reale indirizzo certificato @Arubait pec.it con allegato malevolo. Massima attenzione!
#malware #PEC #fatturaelettronica

Dettagli ⤵️ 1/
- Il mittente è un reale indirizzo pec.it: il messaggio arriva senza anomalie e la firma risulta valida;
- l’oggetto e il testo riprendono (quasi) esattamente quelli delle PEC del SDI;
- in allegato viene trasmesso un file .zip contenente un .pdf e un .vbs;
2/
- è presente la dicitura “mail priva di virus - avast.com” con tanto di logo caricato come contenuto remoto dal sito Avast legittimo.
Il messaggio PEC è molto simile a quello con cui vengono effettivamente trasmesse le fatture, salvo alcuni dettagli (v. foto).
3/
Read 8 tweets
THREAD: French company has created lots of fake domains pretending to be some very popular free software and is using these sites to distribute bundled adware and malware. /1 #malware #spoof #adware #opensource
Company name and information. /2
All domains lead to this ip: 185[.]46[.]229[.]39. First activity seen on March 30th. /3 #IoC #malware
Read 8 tweets
1) 1st #TwitterBot du jour. I have 2wonder if they can read the #INSTABLOCK [ ! ]
2) For those of U that may wonder why I go on about the #TwitterBots, here's one of the pieces of the story of this accounts time & the Bot assaults.
This is what they look like. This is a #BotFarm. Take $100k worth of iPhones, add more tech & a tech orchestrator (coder) & start
3) fake accounts on each one. Add various programs as time passes & release into the #TwitterSphere.
Soon after starting this account, DM's began coming thru that had a #Youtube link. Most often there was nothing else. I won't show the link as text as it could be opened & that's
Read 13 tweets
So I've been researching stalkerware for a while now, and I always had a feeling that a lot of the companies were linked in sort of clusters. Figured I'd go ahead and show one of those clusters now, and this guy "John Nguyen", though I'm pretty sure that is his actual name.
John runs "hellospy", "mobiispy", "maxxspy", "247spy", "1topspy", "spytic" & other companies that sell targeted #malware for surveillance of partners known as "stalkerware". He is not very good at covering his tracks. How bad? He has a youtube channel. youtube.com/channel/UCdxoX…
As well as his youtube channel he had quite the presence on Google+ promoting his various products .
Read 10 tweets
IDA's remote debugger is my go-to for debugging malware so that I never have to restore my VM and lose. If you're interested in trying it, I've attached some instructions on how to set it up to debug a DLL. (1/4) #malware #reverseengineering
1. Copy the remote debugger for your platform from the "dbgsrv" directory in your IDA installation directory to the debugging target and execute. -h will show you other options for configuring a password, port number etc. (2/4)
2. On the machine running IDA, select "Remote Windows Debugger" from the debugger dropdown.
3. Select Debugger -> Process Options from the menu, and fill in the parameters. Below I've included a sample configuration.
4. Select OK, and start the debugger like normal. (3/4)
Read 4 tweets
Just found an unlisted Pastebin shared by @James_inthe_box listing 124 #lokibot URLs. Pastebin.com/SyeXWqQE #osint
If you want to learn more about LokiBot, check out this write up. threatfabric.com/blogs/lokibot_… #malware
If you want to learn more about my method of finding unlisted Pastebin pages, read here. jakecreps.com/2018/10/10/osi… #osint
Read 3 tweets
I’m analysing #KevDroid samples the new #Android #malware discovered several days ago by #ESTSecurity
blog.alyac.co.kr/1587
The samples are available on @koodous_project and @virusbay_io
28c69801929f0472cef346880a295cdf4956023cd3d72a1b6e72238f5b033aca
679d6ad1dd6d1078300e24cf5dbd17efea1141b0a619ff08b6cc8ff94cfbb27e
990d278761f87274a427b348f09475f5da4f924aa80023bf8d2320d981fb3209
Read 13 tweets
ICYMI: Test Your #VPN's Anti #Phishing Protection .@planetscape .@ALT_uscis .@COPicard2017 .@IndivisibleNet #InfoSec
When #Ransomware 1st Appeared, .@FoolishIT Issued #CryptoPrevent - Is Free, Now Updated. Recommended! foolishit.com/cryptoprevent-… #InfoSec
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!