Kafeine

Kafeine's last tweet&post. Choose Again. malware.dontneedcoffee.com/2020/02/Choose… Over and out.

TFW your favorite actor, Sagrid (TA543), does not come back from vacation

Is Gootkit gone?

Archeology: Necurs (crap2p) and its distribution. If you are interested in what they were doing in 2011,you might want to look at this FakeRean: 7d5ea317f2d1248386b904301bb19bbde44df3e1c3d8d08cd0644fed24362e2a cc/thx @maciekkotowicz @Antelox

I wrote something, it is also first public mention that i have a company and im free to hire ;]

Posting malware wireshark screencaps is pretty cool, but sharing #pcap with @ET_Labs to help protect the community is even cooler.

@argvee @halvarflake @imaguid @dinodaizovi the future of users not having control of their own systems is a cure worse than the disease

Today @TrendMicroRSRCH published research that me and my colleges have been hard at work on. For 6 months we ran a factory. trendmicro.com/vinfo/us/secur…

@yvesago @malwrhunterteam @Malwaredev Hello, it's Ostap into Trickbot "red4" Ostap virustotal.com/gui/file/3a77c… C2: http[://185.234.73[.119/0jORh2/OM0n8[.php?sd=s152[...] Trickbot: virustotal.com/gui/file/c8c6b…

#malware VT 7/58 virustotal.com/gui/file/67b5f… #emotet ? ping @malwrhunterteam @Malwaredev

2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules) in the @EmergingThreats OPEN set as of Dec 29th

Unsure yet what this comeback/evolution, after 2 years missing, of Zloader/Terdot.A is about...but this is one of the emerging trend in december 2019. cc/thx @tildedennis @threatinsight

Let’s play (again) with Predator the thief fumik0.com/2019/12/25/let…

Illustration of some ServHelper distribution for the past year (TL;DR: it's more than one actor)

Note:TA505 != Dridex. They were massively spreading it, with, as customer, Necurs. Dridex 125 then 220 and 7200, but also Locky 3, Trickbot mac1 before moving to ServerHelper and FlawedAmmyy. Other actor are spreading Dridex. Smilex was part of the team spreading Dridex 120.

Russian National Charged w/ Decade-Long Series of Hacking, Bank Fraud Offenses Resulting in Tens of Millions in Losses; 2nd Russian National Charged w/ Involvement in Deployment of “Bugat” Malware. Announced w/ @NCA_UK, @StateINL, @FBI, @WDPAnews, @USAO_NE justice.gov/opa/pr/russian…

Buer loader - proofpoint.com/us/threat-insi…

@BobbyEberle13 @BobbyEberle13 gopusa is compromised. You probably want to get that clean fast. (illustration - redirect to an Exploit Kit (RIG) itself dropping a malware (Trickbot "nev3") )

@BobbyEberle13 Hello, could you follow for a quick DM please ?

I don’t endorse the vocabulary in this tweet but I’d like to share our side of things and perhaps set the records straight. We never really wanted to (and still don’t want to) discredit Dragos publicly, there is really no point. 1/x

For the records, sLoad is still dropping Ramnit "fB1oN5frGqf" in Italy. virustotal.com/gui/file/2c096… cc/thx @reecDeep @Antelox (cf: twitter.com/reecdeep/statu… )