Ali Aqeel

1.5K posts

Ali Aqeel

@aaqeel87

Analyst lead @hatching_io.

Katılım Haziran 2009

437 Takip Edilen761 Takipçiler

Ali Aqeel@aaqeel87·1d

Added extraction update for latest #vidar campaigns v1.1-1.4 are same old config encryption that been seen in v18.x the latest 1.5 is entirely new config encryption sample: tria.ge/260513-xe8pzah… more sample: tria.ge/s/family:vidar For defensive purposes

English

442

Ali Aqeel@aaqeel87·1d

Added extraction support for #Remus_stealer in #triage sandbox sample: tria.ge/260513-ve58qsc… The c2s extracted statically not on runtime dynamic generated. more sample: tria.ge/s/family:remus… For defensive purposes

English

1.4K

Ali Aqeel@aaqeel87·8 May

@malwrhunterteam @1ZRR4H found this tria.ge/260506-zf8gpse…

English

878

MalwareHunterTeam@malwrhunterteam·6 May

"L0G1N - D4R7H V4D3R": http://65.109.55[.]181:8181/login "4CC3SS D3N13D - 1D3NT1FY Y0URS3LF" "0P3R4D0R" "S3NH4" With such texts, it must be the panel of some sophisticated, complex, APT's malware, right? 😂 🤷‍♂️ @1ZRR4H

English

39.2K

Ali Aqeel@aaqeel87·8 May

#netherhound sample tria.ge/260508-r5njtsa… exfiltrator using discord

Yogesh Londhe@suyog41

Netherhound Stealer 9ccf47da8f2175e0add22d45a40826c7 #Netherhound #Stealer #IOC

English

320

Ali Aqeel@aaqeel87·8 May

#govti v4 added extractor sample: tria.ge/260508-r267rsd… more samples tria.ge/s/family:govti

MalwareHunterTeam@malwrhunterteam

A panel with title "GOVTI V4 — Login" here: http://103.79.79[.]21:8899/login In the body: "GOVTIv4 Advanced Threat Intelligence" 🤔 😂 🤷‍♂️

English

1.7K

Ali Aqeel@aaqeel87·8 May

#eimeria RAT sample: tria.ge/260508-n6jeqag… added extractor

Coral Jasmine@Fact_Finder03

85.239.149[.]35 94.26.90[.]139 Eimeria RAT PANEL @500mk500 @ViriBack @AndreGironda @skocherhan #Eimeria #RAT #PANEL #ThreatIntelligence #c2 #CTI #IOC

English

611

Ali Aqeel@aaqeel87·1 May

#spankrat added extractor sample: tria.ge/260501-j1hh1sc… more: tria.ge/s/family:spank…

English

416

Ali Aqeel@aaqeel87·1 May

#RatonRat Added extractor sample: tria.ge/260430-xn996ag… more: tria.ge/s/family:raton…

English

440

Ali Aqeel@aaqeel87·1 May

#enmity stealer Added extractor tria.ge/260501-j1htsah… more samples: tria.ge/s/family:enmity

Yogesh Londhe@suyog41

Enmity Stealer 46b1ec2b6a1c9284fa04653188f9a559 f0c677887d252862fb1d962c73f68912 af55aa78858a6cee47e5ccab50b79319 fe884e30188e2a05a0b5a6958bab7104 29d757d6559b32839efccd8157b293ba C2 futuregroupstar[.lat enmity[.discloud[.app #EnmityStealer #Stealer #IOC

English

806

Ali Aqeel@aaqeel87·24 Nis

#stubworm samples: tria.ge/260424-jckngac… tria.ge/s/family:stubw…

Raaz@solostalking

Stub Worm 193[.233.113.199 77[.91.97.186

English

312

Ali Aqeel@aaqeel87·17 Nis

Added extractor support for #STXRAT sample: tria.ge/260416-trgkgae… more samples: tria.ge/s/family:stxrat

English

632

Ali Aqeel@aaqeel87·17 Nis

#crysome rat tria.ge/260416-tpx5fah… more samples: tria.ge/s/family:cryso…

English

577

Ali Aqeel@aaqeel87·17 Nis

We've added configuration extraction support for #santastealer latest samples tria.ge/260417-ph86xag… more samples: tria.ge/s/family:santa…

English

1.1K

Ali Aqeel@aaqeel87·21 Kas

@James_inthe_box tria.ge/251120-w9sfssa…

QME

James@James_inthe_box·20 Kas

c2: https://api\.telegram\.org/bot6926474815:AAFx9tLAnf5OAVQZp2teS3G2_6T1wCP67xM

939

James@James_inthe_box·20 Kas

#stealerium hosted at: http://31.57.147.77:6464/gethta http://31.57.147.77:6464/getdll hash 88feadbb2f9548d3c0cb9c6519bcea476acf9ac2a3eeccde5655457cbba29db4 on the dll

English

2.2K

Ali Aqeel@aaqeel87·24 Eyl

@Xanderuxsf5 @virustotal tria.ge/250912-f9bv2sh… probably they've another hash.

English

Xanderux@Xanderuxsf5·24 Eyl

🛡️Lazarus Stealer IP : 193.151.108.39 AS 207957( Serv .host Group Ltd ) Low detection on @virustotal more Lazarus servers detected by #C2Watcher on github.com/Xanderux/C2wat…