Twitter | Search | |
Search Refresh
Cryptolaemus Jun 10
Small Update for and latest C2s for 06/10/19. 122 on E1 and 92 on E2. Since C2 updates are down since Friday, you now can get all of the bots on your infrastructure with these IP/PORT combos being blocked/monitored. Act now!
Reply Retweet Like
Kyle Cucci Jun 15
Here is a huge list of C2 IOC's that were dumped to Pastebin. Unfortunately, I don't know who dumped them so I can't give proper credit.. Check them out, vett them, and block accordingly.
Reply Retweet Like
\_(ʘ_ʘ)_/ 4h
2 weeks ago i saw the last spam campaign, also the C2's of T1/T2 haven't activity. It seems that this week we will not have any related activity.
Reply Retweet Like
McAfee Help 2h
Are you prepared to defend against ? Watch our Emotet Trojan , where we covered behavioral analysis and countermeasures and discussed symptoms, characteristics, and common threats vectors
Reply Retweet Like
marc ochsenmeier Jun 12
Found interesting (unusual, typo?) dos-stub message in samples
Reply Retweet Like
malwaredancer Jun 10
Inside sample, lots of copying hardcoded values. Wondering what it is used for.
Reply Retweet Like
Sophos 17h
Sophos protects against Emotet in multiple ways, at every point in the attack chain, from stopping the threat entering your network in the first place, to preventing it spreading to other parts of the network. Get our guide:
Reply Retweet Like
Joseph Roosen Jun 14
🚨**Reminder**🚨Block/Detect traffic to these Tier 1 C2s now at your perimeter to stop before it starts back up again!! Tier 1 C2 still hasn't come back up and they are vulnerable since the binaries have static for C2 lists! No DGA/dated change, please DO IT NOW!
Reply Retweet Like
Kuluoz Jun 11
Reply Retweet Like
Joseph Roosen Jun 10
C2 Update. Since they had 122 and 92 IP/PORT combos in the binaries for Friday, I am thinking they added 50% to 100% more than normal to last the duration of the outage the expected to happen. I think this outage on T1 C2s is an expected maintenance. Block these now!
Reply Retweet Like
peterkruse Jun 9
I believe that infrastructure just went down?
Reply Retweet Like
Donny Jun 10
Replying to @sandmaxprime
I assume
Reply Retweet Like
malwaredancer Jun 12
How to enumerate all loaded modules used by the process the way? Use PEB structure from ThreadInformationBlock and enumerate through all PEB_LDR_DATA in InMemoryOrderModuleList. Didn't know that PEB structure contains is BeingDebugged variable - could be useful :)
Reply Retweet Like
Command Control Jun 14
When hit by , most companies try to cast a veil of silence over the incident. chose a different path - and published how they were infiltrated by , how they coped w/ the attack & the damage caused. Knowledge sharing is caring!
Reply Retweet Like

Related searches

#bluekeep · #dfir · #cybersecurity · #ransomware · #infosec
malwaredancer Jun 8
Finally I am able to see sample communicating with external server live in a wireshark. Wondering how to decode those messages...
Reply Retweet Like
Sveatoslav Persianov Apr 7
One of samples analysis: Part #1: Part #2: Appreciate any feedback!
Reply Retweet Like
Wayne Crowder Jun 10
You may have noticed a decline in the amount of phishing emails over the last week. This is the calm before the next storm. If you haven't noticed, it's time to take a serious look at reporting and awareness of phishing threats.
Reply Retweet Like
Timo Appenzeller Jun 12
Time to finally use email signatures on a grand scale
Reply Retweet Like
Raashid Bhat Apr 22
Dissecting Emotet’s network communication protocol ~
Reply Retweet Like
Br3akp0int Jan 11
Emotet malware used MS office XML file format and shape Object to run macro, batch command and powershell payload.
Reply Retweet Like