Vitali Kremez (@VK_Intel )

Vitali Kremez

Bio Ethical Hacker |Reverse Engineer |Threat Seeker Award |keybase.io/vk_intel |CEO @IntelAdvanced |Founder @VK_DFIR | MalCourse Author Zero2Auto|Gov Cybercrime
Location New York, NY
Tweets 3,8K
Followers 25,5K
Following 99
Account created 25-08-2015 03:03:37
ID 3332934374

Twitter Web App : 2020-07-14: 🔥[Intel Tradecraft | #Zero2Auto ] Intelligence Gain vs Intel Loss📚

Attribution should be left to the LEA agencies. It makes sense *only* after deconfliction & transparency with the agency weighing the intel gain and intel loss.

Learn at #Zero2Auto | cc 0verfl0w twitter.com/VK_Intel/statu…

Twitter Web App : 2020-07-13:🤔[Blog]: "Cybercrime Research: For the Greater Good, or Marketing?" via Mathew Schwartz

🆕Group-IB FXMSP attrib report forced DOJ hand to unseal indictment?

📌Cybercrime research should be for the greater good (always) while assisting the law enforcement efforts. twitter.com/DataBreachToda…

Android : Dridex malspam incoming 📩

XLS:
👉 bazaar.abuse.ch/sample/395ebad…

EXE:
👉 bazaar.abuse.ch/sample/73849ce…

Payload URL (yumicha .xyz):
👉 urlhaus.abuse.ch/url/412443/

Dridex C2s:
213.136.94.177:443
217.20.166.178:4664
37.205.9.252:8443
70.39.251.94:3889

/cc Vitali Kremez

Twitter Web App : If you are serious about learning malware analysis, go ahead and just get it now!
zero2auto.podia.com

Twitter Web App : Danus 0verfl0w Vitali Kremez I love it. The automation part makes me go from frustration to “woho it works” to damn, that broke the next line of code, in a loop. Never had to use Google/Python lib docs this much in my entire life. 😂

Twitter Web App : This is an example of the same TrickBot "grabber" message seen by a user related to the report:

twitter.com/MatePunk/statu…

The Firefox support team also noted:

"This does not appear to be a message generated by Firefox. Please contact your system administrator for assistance."

Twitter Web App : If you call yourself an InfoSec or Cybersecurity Pro, remember that’s short for professional. So act like one. Be an adult.

Twitter Web App : I really want to give a shout out to 0verfl0w and Vitali Kremez for their #Zero2Auto Malware course. Having access to a well organized syllabus which structurally teaches malware analysis, and not to mention automation. I am one happy researcher. 🔥🙅‍♂️🔥🙅‍♂️

Thank you so much!

Twitter Web App : Danus 0verfl0w Thank you so much. We are here to help and share knowledge related to malware analysis and automation.

We are proud to have you and the team as our students. Onwards and upwards! pic.twitter.com/0TC2Axkhxv

Twitter Web App : Danus MalwareHunterTeam It appears to be as there is no need to alert *any* user of the fraud or suspicious activity (especially via browser) during active infection as it might lead to loss of the bot in most of the cases

Twitter Web App : 📌If suddenly observed in the browser, investigate it immediately as it is TrickBot's "grabber"

"Warning
You see this message because the program named grabber gathered some information from your browser.
If you do not know what is happening it is the time to start be worrying." twitter.com/BleepinCompute…

Twitter Web App : 🤔Ops (redacted) intelligence from tech:

👾It is hypothesized If developed by an outsider coder, this test module possibly reveals the nature of the TrickBot operations as leveraging coders with hiring coders under the ruse of legitimate anti-malware activity development.

Twitter Web App : ✅Recommendations & Mitigations

*The immediate disconnect of the affected machine from the network when observed the fraud message as displayed
*Full password reset from browsers for any internal & external assets
*Logged-in session reset to prevent reuse of stolen cookies

Twitter Web App : 2020-07-11: 🆕🔥[Breaking] #TrickBot Group Launches Test Module Alerting on #Fraud Activity?🤔

Module Version 0.6.8 | Browser stealer activity affecting Google Chrome, Internet Explorer, Mozilla Firefox, Microsoft Edge

h/t MalwareHunterTeam
advanced-intel.com/post/trickbot-…

Twitter Web App : Due to the increase in cyber enabled financial crimes, the Secret Service has combined their “Financial Crimes” and their “Electronic Crimes” task forces into one “Cyber Fraud Task Force” to ensure the safety of America’s financial infrastructure. bit.ly/2ZR1Xny

Twitter Web App : 🎛️It is related to this malware chain group tag chil* with the packer "templ.dll" ->

twitter.com/VK_Intel/statu…

Twitter Web App : 2020-07-10:⌛️[Sandbox] #TrickBot PwGrabber: Researcher/Vigilante Takeover?🤔

Pop: You see this message because the program named grabber gathered some information from your browser.
If you do not know what is happening it is the time to start be worrying.

cc MalwareHunterTeam

Twitter Web App : ✅The company trajectory and unprecedented growth with law enforcement support establish the firm as the top intelligence leader in the world.

Assumed duties beginning of June 9, 2020 after a career in .gov and private sector:

prnewswire.com/news-releases/…

Twitter Web App : 2020-07-10:📚 [Favorite Blog] "Cybersecurity & Myself: Opportunity of a Lifetime" | My Career Choice | Ethics in Business

My commitment to making a positive difference in the community which I care about with all my heart is too great to be compromised.

medium.com/@vitali.kremez…