Last time we started from VT/hash attributed to badger implant, we grabbed one JARM from BRc4 C2 51.77.112.254 and combined with the HTTP Response hash.
Today we will pivot from another Brute Ratel C4 JARM and we will find more… twitter.com/i/web/status/1…
Hunting process 🧪
from our previous rule, we need to find the HTTP headers hash first👇
Usually, I don't respond to the trolls and shitposters but for that one, I will make an exception.
"Wannabe hero" accused me that I shamed the victims because I dumped TA history logs with scans and burnt a "juicy" source of information accessible for months.
First of all, please go ahead and check the TA logs yourself
When you pay attention you can spot one interesting detail here.
The website logo/name (Model/Remodel) is not matching with URL: facilities-awareness.]com
According to Cisco Talos website is categorized as Real Estate.
Sep 13, 2021 • 9 tweets • 3 min read
I had a look at another hosting provider Reliablesite.]net from CS C2 104.194.10[.]21 to C2 attributed to #CVE202140444