Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
TG Soft Profile picture
TG Soft
@VirITeXplorer
Italian Software House active in antimalware research and antivirus development since 1992. VirIT eXplorer is the name of our antivirus suite.
Oct 14, 2021 4 tweets 3 min read
#Proxyshell in #tortillas recipe #ransomware
We have seen a new actor named tortillas abusing proxyshell to run ransomware.
The ransomware maybe born from the leaked #Babuk code.
The attack is originated by the IP: 185.219.52.]229
@58_158_177_102 @sugimu_sec Image Chain: proxyshell -> webshell (a lot) -> certutil -> download and execute the payload.
The encrypted files has .babyk extension and end with "choung dong looks like hot dog!!" string that is typical from #Babuk, but the ransom note are different.
So we guess they used Babuk code. ImageImage