Jammy

Jammy

@jcarndt

Followers612
Following172

Christian, husband, father, IT security, Reverse the malware, click the things

Joined on November 09, 2010
Statistics

We looked inside some of the tweets by @jcarndt and here's what we found interesting.

Inside 100 Tweets

Time between tweets:
19 hours
Average replies
4
Average retweets
40
Average likes
135
Tweets with photos
55 / 100
Tweets with videos
0 / 100
Tweets with links
0 / 100
#zloader #Malware 👾

1⃣https://t.co/EC67MSp0Kt

2⃣https://t.co/B9TUOXO3uy

s://celltee.xyz/wp-keys.php
s://dkf.co.id/wp-keys.php
s://electricpicklemiami.com/wp-keys.php
s://elito-grad.ru/wp-keys.php

@James_inthe_box @jcarndt @malware_traffic @executemalware @Racco42 
 
#infosec https://t.co/HZJIwJUYt2
3

#zloader #Malware 👾 1⃣https://t.co/EC67MSp0Kt 2⃣https://t.co/B9TUOXO3uy s://celltee.xyz/wp-keys.php s://dkf.co.id/wp-keys.php s://electricpicklemiami.com/wp-keys.php s://elito-grad.ru/wp-keys.php @James_inthe_box @jcarndt @malware_traffic @executemalware @Racco42 #infosec https://t.co/HZJIwJUYt2

What about disarming RTF and DOC files? 
Update #Malware Analysis Fundamentals Slides with catdoc #DFIR 
https://t.co/Hviiujo9Z1 https://t.co/jPWvqcTEeK

What about disarming RTF and DOC files? Update #Malware Analysis Fundamentals Slides with catdoc #DFIR https://t.co/Hviiujo9Z1 https://t.co/jPWvqcTEeK

Jammy
4 days ago

Wherein we practice extracting and decoding Equation Editor shellcode on an #AgentTesla .rtf document. https://t.co/o409PXhY2M

Jammy
4 days ago
Gooooooooood morning, #agenttesla!
.rtf > EQNEDT32.exe > URL
://www.arnoldz.xyz/kingx/morganx.exe

https://t.co/nMN1kmxklv https://t.co/5e1hcHyeNJ

Gooooooooood morning, #agenttesla! .rtf > EQNEDT32.exe > URL ://www.arnoldz.xyz/kingx/morganx.exe https://t.co/nMN1kmxklv https://t.co/5e1hcHyeNJ

Quick thanks to @kahusecurity for their API Dumper tool: https://t.co/1xFGLBfVm9 It's a great way to pull IOCs from #maldocs! I also use CMDWatcher a lot as well (same link).

🆕#ZLoader #Malware 🦠

1⃣https://t.co/AY1MlYu6t4

megamaq[.com.ar/wp-keys.php
vietankhe[.com.vn/wp-keys.php
bangrajan[.org/wp-keys.php
noithatthongminhamd[.com/wp-keys.php

2⃣https://t.co/pheuWep9Rz

@abuse_ch @James_inthe_box @jcarndt @malware_traffic @executemalware 
#infosec https://t.co/OzEYMzRn1V
3

🆕#ZLoader #Malware 🦠 1⃣https://t.co/AY1MlYu6t4 megamaq[.com.ar/wp-keys.php vietankhe[.com.vn/wp-keys.php bangrajan[.org/wp-keys.php noithatthongminhamd[.com/wp-keys.php 2⃣https://t.co/pheuWep9Rz @abuse_ch @James_inthe_box @jcarndt @malware_traffic @executemalware #infosec https://t.co/OzEYMzRn1V

Cofense
7 days ago

"AI and automation are insufficient in detecting and thwarting phishing campaigns. Cofense adds a layer of human intelligence to accelerate email analysis at scale and fill the gap left by ineffective secure email gateways." Read more from @EPSecurityMag: https://t.co/LfiDAdElTh

#ZLoader #malspam for today with .xls attachments. Downloader URLs: s://estudiolacazezancarini.com/wp-crunch.php s://germdisruptor.com/wp-crunch.php s://gurukal.in/wp-crunch.php s://indoeducation.com/wp-crunch.php DLL located at: healthhuthlasu[.]cf https://t.co/DIrTsUNxuU

👾#ZLoader #Malware

XLS>VBS

https://t.co/UsnTfTTmex

estudiolacazezancarini,com/wp-crunch.php
germdisruptor,com/wp-crunch.php
gurukal,in/wp-crunch.php
indoeducation,com/wp-crunch.php

🚨 low VT 2/60

@abuse_ch @James_inthe_box @jcarndt @malware_traffic
 
#infosec #CyberSecurity https://t.co/Yc9LOP8CG9
2

👾#ZLoader #Malware XLS>VBS https://t.co/UsnTfTTmex estudiolacazezancarini,com/wp-crunch.php germdisruptor,com/wp-crunch.php gurukal,in/wp-crunch.php indoeducation,com/wp-crunch.php 🚨 low VT 2/60 @abuse_ch @James_inthe_box @jcarndt @malware_traffic #infosec #CyberSecurity https://t.co/Yc9LOP8CG9

NEW! #Malspam (tracking since January) that typically delivers #ZLoader, delivered #Ostap! DL URLs: s://thepsaokhue.com/wp-keys.php s://metagro.com.br/wp-keys.php s://loughturnperceidrin.ml/wp-keys.php s://joliroomlides.tk/wp-keys.php Payload DL from: unencansatecal[.]ml

Jammy
14 days ago

Gooooooood morning, #netsupport??? They were the last that I saw use .slk files. .slk -> .bat -> URL Dead url: http[:]//membersonlytraining.com/member.php I guess I wasn't a member... https://t.co/kEtSOa6Gmc

🔥Hot #Zloader #Malware 

XLM > VBS

➡️https://t.co/lZ1stE0iPk

thepsaokhue.]com/wp-keys.php
metagro.]com].br/wp-keys.php
loughturnperceidrin.]ml/wp-keys.php
joliroomlides.]tk/wp-keys.php

@abuse_ch  @DissectMalware @jcarndt @JAMESWT_MHT @malware_traffic 
#infosec #CyberSecurity https://t.co/prlbtXzuwC
2

🔥Hot #Zloader #Malware XLM > VBS ➡️https://t.co/lZ1stE0iPk thepsaokhue.]com/wp-keys.php metagro.]com].br/wp-keys.php loughturnperceidrin.]ml/wp-keys.php joliroomlides.]tk/wp-keys.php @abuse_ch @DissectMalware @jcarndt @JAMESWT_MHT @malware_traffic #infosec #CyberSecurity https://t.co/prlbtXzuwC

Quoted @DissectMalware

Recent #Zloader #XLM docs 1⃣Hidden defined names (labels:frm) 2⃣Labels with only null chars 3⃣Duplicate labels (defined names selected with index) 4⃣GOTO with range (jumping to the 1st cell) Update #XLMMacroDeobfuscator & #XLRD2 https://t.co/Npu8zb4i9w https://t.co/Bxe1eLJmf1 https://t.co/Tgf8LWWtEy

Recent #Zloader #XLM docs
1⃣Hidden defined names (labels:frm)
2⃣Labels with only null chars
3⃣Duplicate labels (defined names selected with index)
4⃣GOTO with range (jumping to the 1st cell)

Update #XLMMacroDeobfuscator & #XLRD2

https://t.co/Npu8zb4i9w

https://t.co/Bxe1eLJmf1 https://t.co/Tgf8LWWtEy

@jcarndt @reecdeep Now you can deobfuscate the recent #Zloader with #XLMMacroDeobfuscator https://t.co/KFm077qyJZ

Recent #Zloader #XLM docs
1⃣Hidden defined names (labels:frm)
2⃣Labels with only null chars
3⃣Duplicate labels (defined names selected with index)
4⃣GOTO with range (jumping to the 1st cell)

Update #XLMMacroDeobfuscator & #XLRD2

https://t.co/Npu8zb4i9w

https://t.co/Bxe1eLJmf1 https://t.co/Tgf8LWWtEy
2

Recent #Zloader #XLM docs 1⃣Hidden defined names (labels:frm) 2⃣Labels with only null chars 3⃣Duplicate labels (defined names selected with index) 4⃣GOTO with range (jumping to the 1st cell) Update #XLMMacroDeobfuscator & #XLRD2 https://t.co/Npu8zb4i9w https://t.co/Bxe1eLJmf1 https://t.co/Tgf8LWWtEy

Jammy
15 days ago

Han: Have a cocktail, Chewie, but don’t LOOK like you’re having a cocktail. Chewie: [rawr] Han: I don’t know. Drink casually. #fathersdayplan

Fingolfin challenges Morgoth at the gates of Angband: a scene from Tolkien's The Silmarillion

Trust me to accidentally delete the one tweet of mine with 250+ retweets, and wall to wall glowing praise. Here it is again, hopefully for the last time. Entirely my own work, btw. https://t.co/7LTDQhdUg3

Fingolfin challenges Morgoth at the gates of Angband: a scene from Tolkien's The Silmarillion Trust me to accidentally delete the one tweet of mine with 250+ retweets, and wall to wall glowing praise. Here it is again, hopefully for the last time. Entirely my own work, btw. https://t.co/7LTDQhdUg3

Next Page