Samson

@samson2655

Independent malware researcher.

Spain Katılım Kasım 2022

62 Takip Edilen34 Takipçiler

Samson@samson2655·17 Ara

Interesting document #maldoc 391892a534c5dbe9f20cd8c4effc5b6559a428eedc25ba0470b0a27405772aad IoCs> hxxp://109.248.148.42/office/thememl/2012/main/attachedTemplate[.]dotm @InQuest @James_inthe_box @Ledtech3

English

204

Samson@samson2655·1 Ara

#eyJyZXN1bHRzIjpbIn4iLCJmaXJzdFNlZW4iLDEsIiIsW11dfQ==" target="_blank" rel="nofollow noopener">labs.inquest.net/dfi/search/has…

ZXX

Samson@samson2655·1 Ara

A wave of documents that contains the IcedID library in its body. Link to @InQuest labs. #maldoc 1f5384be6b1f91ad16c33fcc95dec835 Payload > d24053e88149fee100f6d0fd88a5c118 @InQuest @James_inthe_box @Ledtech3

English

Samson@samson2655·29 Kas

Interesting document #maldoc 2f9f4cf6fc4d74634c5152ce02d60b185ba86f0e839b66421ad205d21e7a301c PE: 20bdf25bee1123a126f8c175e39d8f11 IoCs: hxxp://js-hurling.com/ @InQuest @James_inthe_box @Ledtech3

English

Samson@samson2655·24 Kas

Interesting document #maldoc 313a743ed5558caa203fd873c22a178d6e4fed8c3ca75d40f827eeedccf31c37 PE: 180510ab8cde8a3828aa81289895458f IoCs: hxxp://""hxxp://asenal.medianewsonline.com/good/luck/flavor/list.php?query=1"" @InQuest @James_inthe_box @Ledtech3

English

Samson@samson2655·22 Kas

@InQuest @James_inthe_box @Ledtech3 81d77842292a2b26a9340665963f782bab88f4e3f2091cc8a60826e9f3648669

Português

InQuest@InQuest·21 Kas

@samson2655 @James_inthe_box @Ledtech3 What's the maldoc hash?

English

Samson@samson2655·21 Kas

Another interesting document#maldoc 49449720e228b03f82a7d148c4b91d0f136c104c65d0349eb1f349f27d0cf1d1 IoCs: hxxp://185.246.220.65/btc/Order_007136{.}exe @James_inthe_box @Ledtech3 @InQuest

Français

Samson@samson2655·22 Kas

@InQuest @James_inthe_box @Ledtech3 Converting the amount of information into a unique set of characters that is unique to this array of incoming information.

English

Samson@samson2655·21 Kas

Very interesting document similar to Emotet 430d7c853638524e59abe98c593b2ae5 IoCs: "hxxp://midnightsilvercrafters.com/store/wBjNOUw/" "hxxp://tempral.com/NATE_05_22_2009/BI710N4cQ6R3/" "hxxps://redington.karmatechmediaworks.com/wp-content/3JVuVx7QUM/" @James_inthe_box @InQuest

Samson@samson2655·20 Kas

A very interesting #maldoc that downloads and executes AgentTesla. d47f953d6047e670becb5f7bcf57b61b PE:2a5143de160247d04aa1e9f7e6399064 IoCs: hxxp://185.246.220[.]65/lee/Tobpnq[.]bmp hxxp://185.246.220[.]65/lee/IMG-07-94103[.]exe @James_inthe_box @InQuest @Ledtech3 #malware

English

Keşfet

@InQuest @James_inthe_box @Ledtech3 @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates