🎉
#TweetFeed
is back! 🎉
After some months, I could bring it back to life again!
Easily grab IOCs shared by the
#infosec
community at 𝕏 / Twitter:
• URLs
• Domains
• IPs
• SHA256 hashes
• MD5 hashes
All served in a FREE feed or via API.
➡️
Presenting "TweetFeed"
Public repo that collects IOCs posted on Twitter in order to search them in your environment.
Interesting for
#BlueTeam
members, contains:
- URLs
- Domains
- IPs
- MD5/SHA256 hashes
Also includes queries for MS Defender.
🔗
• Hay certificados accesibles y gratuitos desde 2016 (
@letsencrypt
)
• Las webs falsas pueden tener logos e imágenes de calidad como cualquier otra ()
• El footer de cualquier web también puede falsificarse
Cuenta oficial de la GC (~2M seguidores) 👍
Para detectar una web de venta falsa, mira:
- El navegador no tiene certificado de seguridad.
- El logo y las imágenes no son de calidad.
- El pie no contiene información de la empresa, ni sellos de confianza o certificados.
@osiseguridad
@INCIBE
+ 👇
🎉 is now available at OpenCTI 🎉
The connector has been added to the official repo, complete with documentation on how to use it.
This has been an awesome job done entirely by
@aaarghhh
🔥
➡️
🚨 MUCHO OJO
📱 Están enviando SMS maliciosos en el mismo hilo de mensajes legítimos del banco.
Por eso SIEMPRE hay que comprobar el enlace al que accedemos.
Ejemplo 👇🏻
Good news!
🎉 has been added to
@intel_owl
🎉
IntelOwl is an
#OpenSource
solution for management of Threat Intel.
Another platform that integrates TweetFeed 🔥
Thanks
@matte_lodi
& team!
➡️
🔍 Now check indicators against WarningList by
@MISPProject
¹
It's a great resource of well-known indicators in order to avoid potential false positives
Hope there will be less FPs on the Feed now 👌🏼
___
¹
🚨 Ejemplo de inyección de código
#JavaScript
para realizar ataque DDoS.
Al visitar la web vulnerada el usuario lanzará múltiples peticiones a distintos recursos relacionados con 🇺🇦
El código funciona perfectamente😅
Phishing activo contra
@Correos
🔗 /servicio-distribucion-correos.com
🔗 /gestion-aduanera-correos.com
Alojado en
@Microsoft
Dominio registrado con
@Google
Bunch of fake domains that seems to have been used on this:
➡️ /riotgames-inc.com
➡️ /riotgames-sso.com
➡️ /riot-sso.com
➡️ /riot-inc.net
➡️ /riot-inc.dev
➡️ /riotgames.network
➡️ /riotgames.team
Someone was looking for free LoL/Valorant skins.
Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.
⚠️ Cuidado con los SMS suplantando a
@Haciendagob
Ejemplo de caso activo:
🔗 /projud.com.br/wp-content/infos/terileeze/terileeze/terilee/teril/Triib/tributaria/cc.php
Llega un nuevo SMS:
✅ Buen dominio
✅ Layout perfecto
✅ Ningún error de ortografía
✅ Ningún aviso de GSB/Cloudflare o similar
✅ Entra en el mismo hilo de los mensajes legítimos
Lo raro es no caer, te dediques a ciber o no.
➡️ /es.bbva-soportes-inicio.com
#phishing
|
#scam
🔴 Han comprometido el canal de YouTube del streamer
@IbaiLlanos
🇪🇸 (10.5M suscriptores) para difundir estafas relacionadas con criptomonedas.
➡️ /elontesla.org
#Remcos
#Malware
targeting huge amount of european mailboxes right now, using DHL template as a lure. Attachment is r20 archive file!
Sub: Your latest DHL invoice
MD5: FE7E530636C29B5ABCC08FA7D708CBAF
🔥c2: blackwealth001[.duckdns.[org:59085
#infosec
#security
#cybersecurity
Okay, today I will not spent a single second searching for examples. If after the past weeks' countless examples not only from me but
@1ZRR4H
@wdormann
& others were not enough for someone to realise Google is a fucking criminal gang, some more examples wouldn't do it anyway...
Squid's game infosec version:
One of these 2 domains is Microsoft's legit site, the other one can be used for bad purposes.
Which one would you choose?
A.
B.
#scam
#phishing
Couple of scams impersonating
@TrustWallet
support team.
- Through fake support email via
@gmail
- Requesting wallet's seed via
@googledocs
/docs.google.com/forms/d/e/1FAIpQLSeLjRlxAhjprlR09ePelgtwyLSjO19SE4eIU-lLTTGhXHbXPQ/viewform
🚨 New company being used as lure in SMS campaigns:
@UPS
Sample:
451a696c54ba75865e3fa795975d619659c7f26d2e8ab40049326df78809c2fc
Some sources:
🌐 /tsbl.in/dhl/
🌐 /nucleisense.com/dhl/
🌐 /envolve.adv.br/dhl/
cc
@malwrhunterteam
@JosepAlbors
@alberto__segura
@malwrhunterteam
@dubstard
@CloudflareAbuse
@1ZRR4H
@JCyberSec_
Interesting example of the scams related to the verified accounts. Two steps:
1. Fake Twitter login page:
🔗 /fudbot.hu/login1/i/flow/login.php
2. Fake giveaway:
🔗 /fudbot.hu/BTC/
Same domain for both steps.
Seen from:
El Grupo de Delitos Telemáticos tendrá mejores cosas que hacer que publicar tuits, pero los consejos del CM en la cuenta oficial quizás deberían revisarse.
Recientes smishings donde la URL final incluye:
• Nombre
• Apellidos
• Email
• Teléfono
• Dirección física
de la persona que recibe el SMS.
➡️ /aselun.com
➡️ /message.pluscactus.com
#phishing
|
#scam
⚠️ Verified account spreading an
@elonmusk
theme
#scam
👤
🔗 /linktr.ee/emgiving
🔗 /space-bonus.com
Spambots (verified or not) are still alive on Twitter😐
@malwrhunterteam
and another one from today:
006084004aea1cf26a5227fc2ce07997cf86796ffe820dcbe5e592263c895fc4
Some fresh sources:
🌐 /chonjunmo.com/track/
🌐 /tianyun.info/trck/
🌐 /luyihe.com.cn/trck/
🌐 /luohu101.com/track/
🌐 /dr-saadoun-dentiste.fr/track/
#TweetFeed
update
I've been trying to fix it with the API sub (Yes I paid 100 USD to Elon).
Seems impossible to maintain even paying due to the 10K monthly cap. Screenshot below is the result of just a couple of days.
TweetFeed is in halt for now...
Phishings activos contra la Agencia Tributaria (
@informaticaaeat
) 🎯
➡️ /agenciatnrbutaries.netlify.app
➡️ /agenciatributaria.top
Engaña con posible reembolso de 263€
#phishing
|
#scam