Felipe Duarte

1.7K posts

Felipe Duarte

@dark0pcodes

Malware researcher, CEH, GREM, electronics geek, IoT enthusiast, programmer, drone lover and machine learning fan. Just hunting malware for fun... and profit!

Bogotá, D.C., Colombia Joined Ağustos 2017

745 Following2.8K Followers

Felipe Duarte retweeted

Nicolas Krassas@Dinosn·14 Mar

I built an open-source library of 700+ cybersecurity skills for AI coding agents -- covers DFIR, threat hunting, cloud security, and more github.com/mukul975/Anthr…

English

590

3.1K

187.4K

Felipe Duarte retweeted

Panos Gkatziroulis 🦄@ipurple·1 Oca

Agentic-SOC-Simulation: AI-powered SOC simulation platform github.com/SafelineMan/Ag…

English

213

15.2K

Felipe Duarte retweeted

0b1d1@_0b1d1·18 Kas

🚨 SOC Playbook Complete Phishing Investigation Guide 🚨 🎯 From Inbox to Incident Closure: Mastering Phishing Defense Phishing continues to be the leading initial compromise method in modern cyber breaches 📧Comment PDF for full Guide

English

648

186

1.1K

96.2K

Felipe Duarte@dark0pcodes·8 Kas

@colCERT Campaña activa de Phishing. Redirect: hxxps://pgsmit[.]fi/multas Phishing: simit-pago[.]cc Ataque inicia con un mensaje de texto que contiene el nombre de la victima.

Español

214

Felipe Duarte@dark0pcodes·23 Kas

esentire.com/blog/the-case-…

ZXX

340

Felipe Duarte@dark0pcodes·23 Kas

Things that you only see in malware analysis 🤯 I just unpacked Lumma Stealer, and the first sign to know I nailed it: a warning pop up! A debug message to remind rookie attackers not to self-infect 😂 #MalwareAnalysis #Cybersecurity

English

2.9K

Felipe Duarte@dark0pcodes·22 Eki

@threatactress Thanks for reporting. Let me check what happened.

English

Felipe Duarte@dark0pcodes·21 Eki

Check out! Our latest research were we exposed several tools found during an incident response involving APT41. securityjoes.com/post/the-silen…

English

5.5K

Felipe Duarte@dark0pcodes·22 Eki

@JParticle0 Thanks for reporting. Let me check what happened.

English

JParticle 🇨🇦🇺🇦@JParticle0·22 Eki

@dark0pcodes not sure what's going on with the page but same article organized a little differently cybersrcc.com/2024/10/22/chi…

English

104

Felipe Duarte@dark0pcodes·21 Eki

@Myrtus0x0 Qbot, I analyzed it so hard one time that it would be nice to validate all my conclusions with the source code.

English

118

Myrtus@Myrtus0x0·21 Eki

If you could see the source code of any malware family, what would it be? 🤔 (full git history too if you want)

English

2.8K

Felipe Duarte@dark0pcodes·5 Eki

@rucko24 @1ZRR4H @malwrhunterteam Si como fake vulnerability assessment.

Italiano

Rub´n 🇺🇦 F#ck WAR@rucko24·5 Eki

@dark0pcodes @1ZRR4H @malwrhunterteam Y llegan enlaces por mail suplantando el.correo de github

Español

Felipe Duarte@dark0pcodes·3 Eki

¡Atención! 🚩 Están circulando campañas de distribución del malware Lumma Stealer, usando una técnica tan simple (y estúpida) como peligrosa. Esta campaña afecta especialmente en sitios de streaming llenos de anuncios.

Español

125

15.6K

Felipe Duarte retweeted

Merl@Merlax_·5 Eki

#Malware RAT Operador 🇧🇷 posible Ousaban🤔 - Objetivos 🇧🇷 y posible 🇦🇷 - El panel web parece loguear la actividad al congelar el equipo de la víctima 🤦‍♂️

Español

9.4K

Felipe Duarte retweeted

RussianPanda 🐼 🇺🇦@RussianPanda9xx·4 Eki

You can also leverage @virustotal Enterprise to search for potential C2s related to #LummaC2 based on the redirect page.

WatchingRac@RacWatchin8872

#Lumma Possible Lumma C2: -assaultxnh[.site -febnceokwi[.site -jealouskfnn[.site -mountainywj[.site -sunhsinkujh[.site -throaatyinpak[.site -witnesjwuka[.site All nginx default page, all have /api and all Namecheap + Cloudflare Thanks @g0njxa for helping me in this crazy idea

English

12.1K

Felipe Duarte retweeted

Who said what?@g0njxa·4 Eki

Quick changes on this reCAPTCHA malware campaign now abusing @digitalocean S3 buckets and CDN to still deliver #Lumma Stealer. Similar behavior, Detonation: app.any.run/tasks/02afc68d…

Who said what?@g0njxa

reCAPTCHA malware campaign is now abusing @Vultr S3 buckets and CDN to deliver #Lumma Stealer Detonation: app.any.run/tasks/ccf381f1… Also loading another unidentified binary from /onefreex.com/api/download that only downloads with a custom User Agent: app.any.run/tasks/d9d21810…

English

14.5K

Felipe Duarte@dark0pcodes·4 Eki

@Hackeadonoti Jajaja si parece

Español

Ciber Conciencia Digital@ciberconciencia·4 Eki

@dark0pcodes Perdón, pero me acorde del primer virus gallego:

Español

Felipe Duarte retweeted

WatchingRac@RacWatchin8872·4 Eki

#Lummac2 With this simple query is possible to find more Lumma C2: #hash%3A51280dabfbc880cdc5f92cc2f4f22c8032de5aba401c3268250a11eeb2df1f73%20AND%20page.url%3A%22%2Fapi%22" target="_blank" rel="nofollow noopener">urlscan.io/search/#hash%3… CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev

Fox_threatintel@banthisguy9349

@RussianPanda9xx I have seen a change! They are not using only .shop domain extensions!

English

11.7K

Discover

@colCERT @JParticle0 @Myrtus0x0 @rucko24 @1ZRR4H @malwrhunterteam @virustotal @digitalocean