ShadowOpCode

688 posts

ShadowOpCode

@ShadowOpCode

Malware analyst & reverse engineer 🧠 Threat intel on stealers, RATs, live campaigns 🕵️ Technical analysis. No buzzwords. 📍DM open for research collabs

Katılım Mayıs 2025

169 Takip Edilen1K Takipçiler

Sabitlenmiş Tweet

ShadowOpCode@ShadowOpCode·19 May

🚨 New #JavaStealer “MaksStealer” uncovered! Fully in-memory, FUD, DES–Blowfish runtime decryption, WebSockets on 4025/4028/6662. Author “Max, 17yo” left his signature in the payload 🤯 Full report & IoCs 👉 github.com/ShadowOpCode/M… #infosec #malware #ThreatIntel @malwrhunterteam

English

111

43.6K

ShadowOpCode@ShadowOpCode·6h

@guelfoweb @JAMESWT_WT @illegalFawn @skocherhan I've seen only now @AgidCert already published it some minutes ago :) x.com/AgidCert/statu…

Cert AgID@AgidCert

🇮🇹 Nuova campagna di phishing a tema "rimborso fiscale" ai danni di #AdE 🎯 Il vero obbiettivo dei criminali è impossessarsi dei dati della carte di credito o debito. ℹ️ Info e #IoC (via Telegram)👇 🔗t.me/certagid/1022

English

ShadowOpCode@ShadowOpCode·6h

🚨ALERT🚨 #phishing #AdE 730 📩Comunicazione Ufficiale – Rimborso Imposte 2025–2026 hxxps://tax[.]denzay[.]eu/gov/ hxxps://agenziaentrate[.]grillwestfrentes[.]com[.]ar/rimborso/it/ Exfil credit card number @guelfoweb @JAMESWT_WT @illegalFawn

Italiano

130

ShadowOpCode@ShadowOpCode·3d

@IntesaSP_Help #phishing #scam hxxps://fazexmd[.]com/wordpress/fark/ @illegalFawn @JAMESWT_WT @AgidCert

English

144

ShadowOpCode@ShadowOpCode·4d

⚠️ALERT⚠️ Fake #Booking #Scam #phishing message 🚨REAL RESERVATION USED AS LURE🚨 hxxps://hotel-stay32181[.]com/ Compromised host? @illegalFawn @JAMESWT_WT @AgidCert

English

308

ShadowOpCode@ShadowOpCode·6 May

@anyrun_app @JAMESWT_WT @skocherhan @AgidCert @guelfoweb RELATED x.com/ShadowOpCode/s…

ShadowOpCode@ShadowOpCode

#Booking #ClickFix 📧"General Notification: (5392009143, Complaints Continue to Rise, May, 2026)" 📧info@muraptor[.]com ⛓️‍eml > url > msiexec.exe > #NetSupport 🚫lkhpihf[.]com:443 🚫lkboasprqw[.]com:443 @anyrun_app analysis: app.any.run/tasks/91bbbc07… @JAMESWT_WT

English

208

ShadowOpCode@ShadowOpCode·6 May

🚨ALERT🚨 #Booking #ClickFix #NetSupport Manager RAT seen in Italy. hxxps://admin-extranet[.]com/start/ 👇 ClickFix 👇 hxxp://217.145.226[.]119/book/ 👇 lkhpihf[.]com:443 lkboasprqw[.]com:443 @anyrun_app : app.any.run/tasks/02e8c339…

Deutsch

1.7K

ShadowOpCode@ShadowOpCode·4 May

@anyrun_app @JAMESWT_WT @AgidCert @guelfoweb @illegalFawn @skocherhan stage: hxxp://193.233.113[.]106/book

Deutsch

194

ShadowOpCode@ShadowOpCode·4 May

English

646

ShadowOpCode@ShadowOpCode·4 May

#FSE malspam #phishing campaign hxxps://sfe-2026[.]com/~server10/c/375f4b72-6efb-45f0-a90e-9de7ee504228

256

ShadowOpCode@ShadowOpCode·30 Nis

⚠️ALERT⚠️ #AgentTesla spreading in Italy 📧Purchase Order #10045 📡hxxp://185.29.10[.]77/VbnpIdAHD29.bin ⛔ftp[.]holzbrenzii[.]com ⛔infooo@holzbrenzii.com Bazaar: bazaar.abuse.ch/browse/tag/ftp… @anyrun_app: app.any.run/tasks/f72fc809… Thanks @JAMESWT_WT for the other samples

English

296

ShadowOpCode@ShadowOpCode·29 Nis

🚨ALERT🚨 #Crypto investing scam in #Italy Using #MarioDraghi and @albmatano image hxxps://zolviqhub[.]live/pc/15007/?sub1=7zcKg&pid=2jWO3Tyh0ou @Cloudflare @CloudflareHelp TAKE IT DOWN‼️ @AgidCert @illegalFawn @JAMESWT_WT

English

337

ShadowOpCode@ShadowOpCode·29 Nis

@RussianPanda9xx Have you ever tried ChatGPT plus? What do you think?

English

RussianPanda 🐼 🇺🇦@RussianPanda9xx·28 Nis

This is why you should not rely on AI to analyze malware

English

165

11.8K

ShadowOpCode@ShadowOpCode·24 Nis

🚨ALERT🚨 There is a #DarkCloud #malspam campaign started in novembre 2025 and still active "Quotation - Labmate Scientific USA" eml > rar > DarkCloud (UPX packed) 📡C2: mail[.]mokasco[.]com (turkish company) Sender IP: 31[.]57[.]184[.]57 🇮🇷🦁 bazaar: bazaar.abuse.ch/browse/tag/mai…

English

434

ShadowOpCode@ShadowOpCode·23 Nis

@JAMESWT_WT @serverplan @smica83 @guelfoweb @marsomx_ @Certego_Intel @D3LabIT @struppigel @c_APT_ure @James_inthe_box @VirITeXplorer @Max_Mal_ username: backup@corella[.]ro password: I won't tell you 🥱

English

119

JAMESWT@JAMESWT_WT·23 Nis

{'#AgentTesla': {'Protocol': ['#FTP'], 'C2': ['ftp://ftp.omamontaggi.it'], 'Username': ['olay@omamontaggi.it'] @serverplan Samples bazaar.abuse.ch/browse/tag/oma… Extra cc @smica83 #PhantomStealer 'C2': ['ftp.corella.]ro'] ⚠️Config? who can check please? bazaar.abuse.ch/browse/tag/ftp…

Français

885

ShadowOpCode@ShadowOpCode·23 Nis

Threat actors are abusing branded PDFs to deliver phishing via malicious QR codes. 📩"Employee Pay Raise and Bonus Allocation" The QR code redirects users outside the corporate perimeter to a credential harvesting page. 🎣hxxps://crioralo[.]ru

English

699

ShadowOpCode@ShadowOpCode·22 Nis

@JAMESWT_WT @anyrun_app @guelfoweb @AgidCert @skocherhan @marsomx_ @VirITeXplorer @D3LabIT @Certego_Intel @James_inthe_box @c_APT_ure @struppigel @Max_Mal_ exactly! Seems like a stealer also, it searches for Crypto Wallets and cookies in the system

English

166

JAMESWT@JAMESWT_WT·22 Nis

@ShadowOpCode @anyrun_app @guelfoweb @AgidCert @skocherhan @marsomx_ so malicious Zip from https://lkgkdsjd.]com/jpn.7z Password "pzp" Related Samples bazaar.abuse.ch/browse/tag/lkg…

English

410

ShadowOpCode@ShadowOpCode·22 Nis

#booking #clickfix #HijackLoader 📧"New notification" hxxps://admin[.]booking[.]com-complete-captcha[.]info 👇 hxxps://lkgkdsjd[.]com/s.php 👇 hxxps://pulse-srvc[.]com @anyrun_app : app.any.run/tasks/3dca8cf3…

English

1.1K

ShadowOpCode@ShadowOpCode·21 Nis

@JAMESWT_WT @AgidCert @guelfoweb @jamieantisocial @skocherhan @marsomx_ @AndreaDraghetti RELATED 👇 x.com/ShadowOpCode/s…

ShadowOpCode@ShadowOpCode

#phishing hxxps://company[.]seamlesssuccessfu[.]help/voice/ @JAMESWT_WT @guelfoweb @illegalFawn

English

311

ShadowOpCode@ShadowOpCode·21 Nis

🚨ALERT🚨 Threat actors tries to exfiltrate your O365 account with a simple trick. 👇 "new voicemail" 👇 hxxps://voicem[.]poprexahiugui[.]help/voice/

English

1.2K

ShadowOpCode@ShadowOpCode·19 Nis

@Yahiamice Hey @MaksRAT_Off is this RATting?

English

yahiamice.@Yahiamice·17 Nis

🚨 NEW DISCORD HACK/PHISHING METHOD 🚨 hackers are getting a little too advanced at this... someone who took over a friend's account seems to have taken note of how much i play Minecraft and made a rogue modpack with a credentials stealer in it BE WARY!!!

English

327

7.5K

43.3K

2.5M

Keşfet

@guelfoweb @JAMESWT_WT @illegalFawn @skocherhan @AgidCert @IntesaSP_Help @anyrun_app @albmatano