Fred HK

595 posts

Fred HK

@fr3dhk

/* Security & Malware Research | Poking holes in everything & writing about it | Read here: https://t.co/pw6Fny0k27 */

Katılım Nisan 2015

265 Takip Edilen2.6K Takipçiler

Sabitlenmiş Tweet

Fred HK@fr3dhk·13 Oca

Indtroducing: What is this stealer? A new repository that allows for you to identify Stealer malware by the system information text file format commonly included in stealer malware exfiltration. We encourage everyone to check it out and contribute! github.com/MalBeacon/what…

English

144

466

38.3K

Fred HK@fr3dhk·11 Nis

@vxunderground Betabot 1.8 still has to be one of the best MaaS I’ve see

English

703

vx-underground@vxunderground·11 Nis

A or A+ malware is exceptionally rare. Also, the A or A+ category kind of depends on the timeline. For example, A+ malware from the 90's may not be A+ malware in 2026. Regardless, here is some malware I consider A or A+ - ZMist - Stuxnet - Operation Triangulation - BlackEnergy 3 - Pegasus Spyware (not PegasusRAT) - SUNBURST - Linux/Kobalos - GrayFish - Drovorub - ShadowPad ... There is more, but this is off the top of my head. There is a lot of malware that truly blew my mind.

C:/5ah3@ThmsOne

@vxunderground Ok now you got me interested. In your opinion which malware is A or A+?

English

1.4K

92.1K

Fred HK@fr3dhk·24 Ara

His work was absolutely incredible and a great person to work with!

Silas Cutler (p1nk)@silascutler

You may not know Dave Stern, but you should. The Pre-Ransomware Notification Initiative (PRNI) effort by CISA prevented an estimated $9 billion in damages by working with industry to notify companies of ransomware attacks before attackers lock systems. It is disheartening to see Dave leave CISA, but this is an incredible legacy to leave behind and a model we should look to replicate in the future. cybersecuritydive.com/news/cisa-rans…

English

266

Fred HK@fr3dhk·18 Eki

When the eCrime forum doesn’t have paid access

English

193

Fred HK retweetledi

Squiblydoo@SquiblydooBlog·22 May

@vxunderground Can't stop, won't stop justice.gov/usao-cdca/pr/1…

English

1.8K

Fred HK retweetledi

LoaderInsightAgency@LIA_Intel·5 May

On May 1st LIA turned 1 year 🥳🎂 The first official task was from an Amadey botnet to download & execute Lumma Stealer: loaderinsight.agency/?p=task_view&f… LIA has since received >9300 tasks from botnets, netting 51327 payloads. Big thanks to everyone who has contributed to the project!

English

Fred HK@fr3dhk·3 Mar

@DaveLikesMalwre @JAMESWT_MHT That’s MagicPOS a POS machine sniffer

English

116

DaveTheResearcher@DaveLikesMalwre·3 Mar

🚫Fake HMRC Self Assessment -> ScreenConnect 🎮 🌐URLs: hxxp[://]86[.]54[.]42[.]88/Downloads/HMRC_Self_Assessment[.]pdf[.]lnk hxxps[://]apps-actions[.]com/HMRC_Self_Assessment Noted that the above "apps-actions" domain has a login with the host title of "Magic" where I pivoted off the @ValidinLLC body hash leading to additional domains with a similar login page.... (Pic 2+3) Anyone seen this login page before? I'm not sure if they correlate as it could be a generic login page so any insight is welcome. 🔎Validin Query: d8dfe22c8569a8260d310010956bda1d39a67f38 @anyrun_app Analysis: https://app.any[.]run/tasks/7b88537c-fd48-409c-9e0a-949647e36037 CC: @500mk500

English

4.2K

Fred HK@fr3dhk·3 Mar

Bring it back

Coins@Coins

Remember when webpanels for botnets used to look like this..

English

437

Fred HK retweetledi

Josh@passthehashbrwn·19 Şub

> be elite TAO operator > never op on holidays or past 5pm (Fort Meade time) > fuck up commands and expose your hostname They're just like us for real

inversecos@inversecos

How the NSA (Equation Group) allegedly hacked into China's Polytechnical University 👀 I analysed intelligence reports from Chinese cyber firms (360, Pangu, CVERC) to aggregate TTPs attributed to Equation Group. 🔗inversecos.com/2025/02/an-ins…

English

539

40.8K

Fred HK retweetledi

Squiblydoo@SquiblydooBlog·10 Şub

Cert Central .org is live! We track and report abused code-signing certs. By submitting to the website, you contribute to the DB of >800 certs—a DB you can access and view. Want to get more involved? Check out the Training and Research pages to learn more. 1/2

English

160

17K

Fred HK@fr3dhk·24 Oca

@osint_barbie That panel is for amos (atomic macOS) stealer

English

xiu@osint_barbie·1 Eki

4/5: Digging deeper, I discovered a login panel at http://85[.]209[.]11.155/compremo. The /assets and /assets2 directories contain logos for 🇪🇪 🇩🇪 🇺🇸 🇲🇩 🇰🇷 flags. Several scripts hint at how the panel functions. One detail stands out: a logousericon with the FSB (🇷🇺) abbreviation

English

1.6K

xiu@osint_barbie·1 Eki

1/5: My friend @Cipher0091 sent me a Triage link with a report on an HTML file. Inside, I found typical #macOS #stealer commands like osascript, ditto, curl, etc👇tria.ge/240930-a1fjzsy…

English

4.5K

Fred HK@fr3dhk·24 Oca

@RussianPanda9xx A bit of karaoke and it’s a done deal

English

257

RussianPanda 🐼 🇺🇦@RussianPanda9xx·24 Oca

Would you use my Panda MDR service? I offer 24/7 365 protection at a very low cost; all I need is sushi and Korean hot pot & bbq dinners 😅

English

5.9K

Fred HK retweetledi

MalBeacon@malbeacon·15 Oca

Introducing: What is this stealer? A new repository that allows you to identify Stealer malware by the system information text file format commonly included in stealer malware exfiltration. Yara Rules included! Check it out and contribute! github.com/MalBeacon/what…

English

1.6K

Fred HK@fr3dhk·14 Oca

@RussianPanda9xx I don't think the stealers feel the same way towards you 😂

English

272

RussianPanda 🐼 🇺🇦@RussianPanda9xx·14 Oca

I love me some stealers ❤️

Fred HK@fr3dhk

English

2.4K

Fred HK retweetledi

Thomas Roccia 🤘@fr0gger_·14 Oca

Pretty cool repo from @malbeacon with a bunch of YARA rules to identify stealers. Also a cool use case for the #100daysOfYara 👇 github.com/MalBeacon/what… #threatintel #infosec

English

4.6K

Fred HK@fr3dhk·23 Ara

@bryceabdo Wake up, new Bryce meme just dropped

English

102

Fred HK@fr3dhk·15 Ara

@aaronsdevera @HushCon 2nd one got an audible snort

English

Fred HK@fr3dhk·12 Ara

@RussianPanda9xx I’ll tell you in private

English

RussianPanda 🐼 🇺🇦@RussianPanda9xx·12 Ara

@fr3dhk Tell me more @fr3dhk 🥹

English

134

RussianPanda 🐼 🇺🇦@RussianPanda9xx·12 Ara

What is going on with #LegionLoader / #RobotDropper? I am seeing a significant drop from over 200 samples to 15... Did they go on vacation?

English

3.3K

Fred HK retweetledi

Lena@LambdaMamba·10 Ara

I’ve designed a few more new Malmons, and here’s the latest list! ✍️ Gen 1 Malmons: - GaboonGrabber - Raspberry Robin - Noodle RAT - LitterDrifter - Gh0st RAT - Stuxnet - FakeBat - PoisonIvy - WannaCry - Slammer - Petya - NotPetya - ILOVEYOU - SugarGh0st RAT - Rhadamanthys - Flame - BFOD (Blue Falcon of Death) - Olympic Destroyer Gen 2 Malmons: - Sick Anubis (Inspired by @likethekings MARC I submission!) - WhiteSnake - TrickBot - Raccoon - BootKitty - WarmCookie - PurpleFox - Industroyer - Pegasus The Gen 1 Malmons merch is now available on the @MalwareVillage store! 🛍️ malwarevillage.myshopify.com Malmons aka Malware Monsters © 2024 Lena Yu aka LambdaMamba. All rights reserved. #malmons #malwaremonsters

English

2.8K

Keşfet

@vxunderground @DaveLikesMalwre @JAMESWT_MHT @ValidinLLC @anyrun_app @500mk500 @osint_barbie @Cipher0091