SomeSecurityPlease

SomeSecurityPlease

@SecSome

Followers538
Following267

InfoSec Analyst | I share what I find | #BEC | #credentialharvester | #malware | Ready for when #emotet comes back |

Milwaukee, WI
Joined on January 03, 2019
Statistics

We looked inside some of the tweets by @SecSome and here's what we found interesting.

Inside 100 Tweets

Time between tweets:
5 days
Average replies
1
Average retweets
13
Average likes
42
Tweets with photos
16 / 100
Tweets with videos
0 / 100
Tweets with links
0 / 100

#ursnif s://send[.firefox[.com/download/82793c02d33dc91f/ https://t.co/MowMhB1pTs Password for archive: 7777

s://sites[.google[.com/site/case000491/googledrive/share/downloads/file/storage https://t.co/qDEAFg2o2N #loader #gozi #ursnif #dreambot #trojan

p://irosen[.net/blog/wp-content/themes/hatch/images/index1[.php whole lotta bad here https://t.co/WaQMvnfPJH #opendir #autoit @anyrun_app

#credentialharvester hosted on "s://storage[.googleapis[.com/aonedrive-topiaria-809561517/index[.html" https://t.co/QqeRQEHVD5

O365 #credentialharvester s://friendly-stonebraker-12bd85[.]netlify[.]app/ https://t.co/EvxsIKsupC

#trickbot redirect hosted on s://docs[.google[.com/document/d/e/2PACX-1vRiRwW7EIZPb13qXP62SHkZM8gQvNYzF7gEmDFzBJckhRco_6y2dWVfo876XJUtK0odNutjlxKdZn1c/pub https://t.co/Pzqz2rs1ds

If you want to see which processes have networking functionality (that's most of them BTW), use "tasklist /m ws2_32.dll" to show programs that import the DLL and hence have some networking capability.

Useful when a vendor says "we don't talk on the network at all" #DFIRtips https://t.co/fkbOAivoAg

If you want to see which processes have networking functionality (that's most of them BTW), use "tasklist /m ws2_32.dll" to show programs that import the DLL and hence have some networking capability. Useful when a vendor says "we don't talk on the network at all" #DFIRtips https://t.co/fkbOAivoAg

Quoted @Cryptolaemus1

#emotet C2 update - binaries released ~15:25 UTC 20200413 no spamming seen, but additional modules are dropping https://t.co/GZmZElQUc3 https://t.co/snEzz5O54i

#Emotet Daily summary for 2020/04/13: Looks like there are signs of returning back to normal business for Emotet with the dropping of additional network spreader modules today. Be prepared for them to restart soon. Once spam module drops we will tweet it ASAP. Latest C2s here: https://t.co/HmZbMomWQs

s://www[.bourtonhouse[.com/wp-admin/MyOwnPo/voiceprojectPDFSERVLET20BA28012357989011897430pdfc37f33601e632893bfbad20190930155933566760Attachment https://t.co/An7zXAa4wM #credentialharvester

Look at the Analysis of "Payment copy[.]zip" with malicious activity. https://t.co/6Oc1d31bXV

Sender address: worldhealth@adbilverkstad[.]se Sender hostname: smtp2[.]outgoing[.]loopia[.]se Sender IP: 93.188.3.37 Subject: Incomming Secure Document via Dropbox (COVID-19)

#COVID-19 themed #phishing link redirects to DropBox Credential Harvester s://masikini[.]com/includes/dr0pb0x/ https://t.co/tsYUFxWxqF

Next Page