monty

73 posts

monty

@_montysecurity

threat hunter | profile art credit @vxunderground @pancak3lullz

Katılım Şubat 2020

233 Takip Edilen686 Takipçiler

monty retweetledi

Jeremy Wiedner@JeremyWiedner·14 Kas

Just released my modified version of the #OpenCTI connector that imports the data from #C2Tracker by @_montysecurity . Still working on the docker component but the #python script works great. #ThreatIntel, #HuntingAdversaryInfrastructure github.com/cybersheepdog/…

English

291

monty@_montysecurity·5 Haz

C2-Tracker Update ❗️Censys support for C2-Tracker is currently disabled as searches are migrated to the new Platform syntax. Many of the queries will need to be removed in the process. Feel free to contribute new searches by opening an issue at github.com/montysecurity/…

English

1.2K

monty@_montysecurity·25 Oca

Dropped a new tool for malware researchers. It is used to continuously ingest, analyze, and alert on samples given a set of yara rules. Out of the box it works with @abuse_ch MalwareBazaar recent uploads but it's modular so you can add more sources github.com/montysecurity/…

English

135

7.1K

monty@_montysecurity·22 Tem

@pedrinazziM Nice work! Added these two

English

Marco Pedrinazzi@pedrinazziM·4 Tem

@_montysecurity what do you think? Maybe this query can be added to your repo C2 tracker?

English

108

Marco Pedrinazzi@pedrinazziM·4 Tem

Hunting #PoshC2 I think I've found a new methodology. It focuses on the 404 response's body hash of PoshC2. I've included the body hash of its latest version (2023) http.html_hash:855112502 and the previous one (2020) http.html_hash:-1700067737.

English

167

monty retweetledi

Marco Pedrinazzi@pedrinazziM·18 Tem

Happy to have contributed to the great C2 tracker by @_montysecurity github.com/montysecurity/… with a query to hunt Atlandida Stealer on Shodan and Census :)

English

monty@_montysecurity·2 Tem

Big changes to C2 Tracker ‼️ - Added support for Censys searches 🎉 - Updates weekly on Mondays (modeled after Censys/Shodan scanning frequency) - Added multiple new C2s/malware/botnets github.com/montysecurity/…

English

monty@_montysecurity·15 Haz

Dropped a new blog on hunting APT41 🐼 one of my favorite ones to put together, full of hunts for common TTPs and just things you should probably be hunting for anyway 🎯 montysecurity.medium.com/hunting-apt41-…

English

165

13K

monty@_montysecurity·8 May

From #OSINT to Disk: Wave Stealer Analysis montysecurity.medium.com/from-osint-to-… #WaveStealer #MalwareAnalysis #CTI #ThreatIntel

crep1x@crep1x

New #WaveStealer spotted in the wild, possibly a variant of bby stealer. Sold by a French-speaking threat actor "sudry" (aka svvdry) on Telegram/Discord for a few dollars. C2: wavebysudryez.]fr wave-assistant.]com Files created: \Temp\wavestealer\ tria.ge/240423-zzq2rsc… ⬇️

English

4.6K

monty@_montysecurity·27 Nis

Thank you for the support!! 🤘

pancak3@pancak3lullz

.@_montysecurity with the sole @MITREattack APT5 contribution 👏🤙 attack.mitre.org/groups/G1023/

English

monty@_montysecurity·1 Mar

Just released a #Python script for interacting with the @abuse_ch Malware Bazaar collection and finding samples that meet multiple criteria github.com/montysecurity/… I showcase it here hunting #CobaltStrike samples montysecurity.medium.com/hunting-cobalt…

English

1.8K

monty@_montysecurity·15 Şub

Analyzing a Suspected #AgentTesla Sample with #ChatGPT montysecurity.medium.com/analyzing-a-su…

English

2.9K

monty@_montysecurity·7 Oca

@Cyb3rMonk I spent a lot of time on this question in the past. While limited to process/EDR data, the definition I came up with was "any combination of programs, files, and arguments that achieve some [MITRE] technique". Not perfect but it works for me :) montysecurity.medium.com/a-practical-gu…

English

234

Mehmet Ergene@Cyb3rMonk·6 Oca

How do you define "behaviour" in threat hunting or detection engineering context? When it comes to logs, what constitutes a certain behaviour? #DFIR #threathunting #detectionengineering

English

monty@_montysecurity·10 Ara

Hunting Volt Typhoon TTPs montysecurity.medium.com/hunting-volt-t…

English

6.1K

monty@_montysecurity·6 Ara

Put out a post dissecting this file. Used it as an example to learn the very basics of analyzing APK files and share my process along the way. montysecurity.medium.com/stumbling-thro…

MalwareHunterTeam@malwrhunterteam

"WeChat.apk": 1c80567efb0b4ad10c97247862dd32fc8abc9cbb04f7e1e9c6624745d99dbd8c

English

monty@_montysecurity·5 Ara

Good find! Added this to C2 Tracker 🎯 github.com/montysecurity/…

The Brofessor@Glacius_

Hey :) @shodanhq makes the hunting process for Sliver C2 a bit easier than before. You can now search for online servers using the search query product, like so: shodan.io/search?query=p… Happy Hunting 😊

English

389

monty@_montysecurity·5 Ara

Looks like Shodan added "product:Havoc" as a search - CC @C5pider shodan.io/search?query=p…

English

3.8K

monty@_montysecurity·16 Kas

Hunting Sandworm Team's TTPs - montysecurity.medium.com/hunting-sandwo… Happy Hunting 🎯

English

7.8K

monty@_montysecurity·2 Kas

@MicahBabinski Thank you!

English

monty@_montysecurity·2 Kas

Posted a write-up on this and, with some luck, we got the source code of the infostealer that it drops montysecurity.medium.com/from-lnk-paylo… #CTI #ThreatIntel #Malware

MalwareHunterTeam@malwrhunterteam

"FACTORY PURCHASE LIST AND SPECIFICATIONS\.zip": 3bdefe7cb133e9c7d8f3da4343c09bb3c97f755fe09de01286dc27ba859c1e17

English

2.2K

monty@_montysecurity·1 Kas

Big update to C2 Tracker 📢 added 17 new tools/malware and retired some lower fidelity ones github.com/montysecurity/… #CTI #ThreatIntel

English

129

12.1K

Keşfet

@abuse_ch @pedrinazziM @Cyb3rMonk @C5pider @elonmusk @BarackObama @taylorswift13 @cristiano