lc4m(@luc4m) 's Twitter Profileg
lc4m

@luc4m

(っ◔◡◔)っ @[email protected]

ID:468672899

calendar_today19-01-2012 19:53:06

6,9K Tweets

4,2K Followers

930 Following

Fox_threatintel(@banthisguy9349) 's Twitter Profile Photo

found in a zip file that i have no idea where i got it.

see samples:
57ed772081790cd3c0993b754c9241660c640d52a3d2be86fc6e9981c7b577f1

8bb509402f8f41b53d83b77979a9f09085b8766021ee1918b1b8e86efc126cc4

2594c63e40c0f752386b7a066f1aa86a36568d40cffc7ab67a268f5e7b706167

#ransomware found in a zip file that i have no idea where i got it. see samples: 57ed772081790cd3c0993b754c9241660c640d52a3d2be86fc6e9981c7b577f1 8bb509402f8f41b53d83b77979a9f09085b8766021ee1918b1b8e86efc126cc4 2594c63e40c0f752386b7a066f1aa86a36568d40cffc7ab67a268f5e7b706167
account_circle
3xp0rt(@3xp0rtblog) 's Twitter Profile Photo

The leader of Alphv Ransomware stated that all people make mistakes, thanked LockBit for the support, and supported LockBit's view of uniting against the FBI.

The leader of Alphv Ransomware stated that all people make mistakes, thanked LockBit for the support, and supported LockBit's view of uniting against the FBI.
account_circle
Akamai Security Intelligence Group(@akamai_research) 's Twitter Profile Photo

Did you hear that?

Akamai researcher Ben Barnea has discovered two vulnerabilities within Windows.

Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.

Full write-up:
akamai.com/blog/security-…

Did you hear that? Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows. Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook. Full write-up: akamai.com/blog/security-…
account_circle
reecDeep(@reecdeep) 's Twitter Profile Photo

Mentioned sample by JAMESWT and found by Artilllerie ☣ is as fake AnyDesk

✅Searches for sec-apps while performing system reconnaisance
✅High modular
✅Remote Command Execution
✅Keylogging
🔥c2 8.218.159.17

x.com/Artilllerie/st…

Mentioned sample by @JAMESWT_MHT and found by @Artilllerie is #Zegost #malware #spyware as fake AnyDesk ✅Searches for sec-apps while performing system reconnaisance ✅High modular ✅Remote Command Execution ✅Keylogging 🔥c2 8.218.159.17 #CyberSecurity x.com/Artilllerie/st…
account_circle
Gi7w0rm(@Gi7w0rm) 's Twitter Profile Photo

Potential new PHP campaign spotted.
hxxps://videocallgirl[.]top/alb/ -> Auto Download .zip file -> .exe posing as images with DLL sideloading -> downloading real images and payloads, then stealing data.

:
github.com/Gi7w0rm/Malwar…

via: youssef

Potential new #DuckTail PHP #stealer campaign spotted. hxxps://videocallgirl[.]top/alb/ -> Auto Download .zip file -> .exe posing as images with DLL sideloading -> downloading real images and payloads, then stealing data. #IoC: github.com/Gi7w0rm/Malwar… via: @nobodydontknow4
account_circle
Kostas(@Kostastsale) 's Twitter Profile Photo

I don't care what the haters say; I managed to create some good detections and hunts for the activity reported by BlackBerry Cybersecurity. See the Sigma detection rule below. This is just one of many:

I don't care what the haters say; I managed to create some good detections and hunts for the activity reported by @BlackBerrySpark. See the Sigma detection rule below. This is just one of many:
account_circle
Germán Fernández(@1ZRR4H) 's Twitter Profile Photo

Ransomware 👺

C2: 79.133.51.208 (check-in)
Live Support: krjv3wondknwdrlvzp6ktqcqkrlvpme2xjt3fu7ojqpaqgl3sm33bdqd[.]onion

Some strings:
LAMBDA_README.txt
{'disk_name': '%hc', 'disk_type': '%s', 'free_size': '%llu', 'total_size': '%llu'}
/c ping 127.0.0.1 -n 5 > nul &…

#Lambda Ransomware 👺 C2: 79.133.51.208 (check-in) Live Support: krjv3wondknwdrlvzp6ktqcqkrlvpme2xjt3fu7ojqpaqgl3sm33bdqd[.]onion Some strings: LAMBDA_README.txt {'disk_name': '%hc', 'disk_type': '%s', 'free_size': '%llu', 'total_size': '%llu'} /c ping 127.0.0.1 -n 5 > nul &…
account_circle
RussianPanda 🐼 🇺🇦(@AnFam17) 's Twitter Profile Photo

I wrote the C2 extractor script. Since I am terrible at Regex, I found Yara pattern matching much more merciful 😅

You can access the C2 extractor here:
github.com/esThreatIntell…

I wrote the #PikaBot C2 extractor script. Since I am terrible at Regex, I found Yara pattern matching much more merciful 😅 You can access the C2 extractor here: github.com/esThreatIntell…
account_circle
Will(@BushidoToken) 's Twitter Profile Photo

My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at is live! pretalx.com/bsides-london-…

My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at #BSidesLondon2023 is live! pretalx.com/bsides-london-…
account_circle
Xavier Mertens 🇧🇪(@xme) 's Twitter Profile Photo

I've a Win11 VM running with on my Mac. I upgraded to Sonoma a few weeks ago, and today, when I tried to boot it, it asks me for a password, pretending that the VM is encrypted!? Any idea/tip?

account_circle
Chris Duggan(@TLP_R3D) 's Twitter Profile Photo

🚨 Cybersecurity Alert 🚨 Phishing domains indirectly linked to Ransomware detected! IP 51.250.13.110 located in Russia. Domains appear to target Canada Financial Services.

· simplihl[.]help - Spoofing Simplii Financial
· bmo-importantnotice[.]com - Spoofing Bank of…

🚨 Cybersecurity Alert 🚨 Phishing domains indirectly linked to #Snatch Ransomware detected! IP 51.250.13.110 located in Russia. Domains appear to target Canada Financial Services. · simplihl[.]help - Spoofing Simplii Financial · bmo-importantnotice[.]com - Spoofing Bank of…
account_circle
vx-underground(@vxunderground) 's Twitter Profile Photo

Parents, now is the time to be on guard. We are once again reminding you to be diligent about checking your child's candy throughout the Halloween season. vx-underground recently discovered THREE ransomware affiliates from ALPHV ransomware group inside of a Snickers.

Parents, now is the time to be on guard. We are once again reminding you to be diligent about checking your child's candy throughout the Halloween season. vx-underground recently discovered THREE ransomware affiliates from ALPHV ransomware group inside of a Snickers.
account_circle
Azim Khodjibaev(@AShukuhi) 's Twitter Profile Photo

“This LockBit incident serves as a reminder that shared intelligence and collaboration among cybersecurity professionals are our most potent weapons against the dark forces of the digital world.” securityaffairs.com/151862/breakin…

account_circle
Will(@BushidoToken) 's Twitter Profile Photo

lc4m Brad Michael Koczwara Soufiane The DFIR Report abuse.ch Igal Lytzki🇮🇱 CERT-Bund Overlapping hostnames/machineIDs is a curious one for infrastructure analysts. I believe these types of overlaps are mostly due to some reseller that rents from multiple VPS providers.

Here’s some other hostnames to help with any future investigations: gist.github.com/BushidoUK/00cd…

account_circle
lc4m(@luc4m) 's Twitter Profile Photo

New research out! Investigation on affiliate infrastructure led to the discovery of a >100 server for exfiltration.. and wider criminal connections.

cc Brad Michael Koczwara Soufiane The DFIR Report abuse.ch Igal Lytzki🇮🇱 CERT-Bund

medium.com/@lcam/lighting…

New research out! Investigation on #LockBit affiliate infrastructure led to the discovery of a >100 server for exfiltration.. and wider criminal connections. cc @malware_traffic @MichalKoczwara @S0ufi4n3 @TheDFIRReport @abuse_ch @0xToxin @certbund medium.com/@lcam/lighting…
account_circle