Bex
@4n6bexaminer.bsky.social
Livin' the DFIR Lyfe | Incident Response Manager @ Canva | CuratedIntel Member | Stubborn Western Australian working in infosec | Thoughts are my own
I had my suspicions 🤣
November 15, 2024 at 11:04 AM
I had my suspicions 🤣
After mucking around a bit finally got a working Dropbox URL and file for the #Clearfake distributed #AtomicStealer fake Chrome sample urlscan.io/result/376ad... tria.ge/240806-sahwj... and now it's a different IP 45.134.26[.]7 for the c2
August 6, 2024 at 3:06 PM
After mucking around a bit finally got a working Dropbox URL and file for the #Clearfake distributed #AtomicStealer fake Chrome sample urlscan.io/result/376ad... tria.ge/240806-sahwj... and now it's a different IP 45.134.26[.]7 for the c2
Secondary "grabber" payload urlscan.io/result/c1276...
July 29, 2024 at 11:37 AM
Secondary "grabber" payload urlscan.io/result/c1276...
Malware host/lure: tneunarchiver[.]com
First stage payload: TheUnarchiver.dmg (MD5: c720feef0092cfce7a54951beacfc02d)
www.virustotal.com/gui/file/116...
Second stage: cryptomac[.]dev/download/grabber.zip (MD5: 03db09912b4b7bec98410d276bd2409a)
www.virustotal.com/gui/file/a08...
First stage payload: TheUnarchiver.dmg (MD5: c720feef0092cfce7a54951beacfc02d)
www.virustotal.com/gui/file/116...
Second stage: cryptomac[.]dev/download/grabber.zip (MD5: 03db09912b4b7bec98410d276bd2409a)
www.virustotal.com/gui/file/a08...
July 29, 2024 at 11:37 AM
Malware host/lure: tneunarchiver[.]com
First stage payload: TheUnarchiver.dmg (MD5: c720feef0092cfce7a54951beacfc02d)
www.virustotal.com/gui/file/116...
Second stage: cryptomac[.]dev/download/grabber.zip (MD5: 03db09912b4b7bec98410d276bd2409a)
www.virustotal.com/gui/file/a08...
First stage payload: TheUnarchiver.dmg (MD5: c720feef0092cfce7a54951beacfc02d)
www.virustotal.com/gui/file/116...
Second stage: cryptomac[.]dev/download/grabber.zip (MD5: 03db09912b4b7bec98410d276bd2409a)
www.virustotal.com/gui/file/a08...
Nice feature of urlscanio live browsing is having the file download available with the scan for context urlscan.io/result/e25eb... … I thought this was going to be #atomicstealer or #poseidon / #rodstealer / #rodmacer (or not-amos as I'm calling it cos there are too many names lol)
tneunarchiver.com - urlscan.io
urlscan.io - Website scanner for suspicious and malicious URLs
urlscan.io
July 29, 2024 at 11:34 AM
Nice feature of urlscanio live browsing is having the file download available with the scan for context urlscan.io/result/e25eb... … I thought this was going to be #atomicstealer or #poseidon / #rodstealer / #rodmacer (or not-amos as I'm calling it cos there are too many names lol)
Thanks! I used Gephi.
August 28, 2023 at 8:47 AM
Thanks! I used Gephi.
No time for glass. Just swig.
August 13, 2023 at 6:36 AM
No time for glass. Just swig.
Yeh telling war stories is getting harder 🤣 it was a part of becoming of age on the internet... what has happened 😢
August 7, 2023 at 8:13 AM
Yeh telling war stories is getting harder 🤣 it was a part of becoming of age on the internet... what has happened 😢
Screenshot from the desktop app of part of a timeline I'm working on. Spans a decade of activity 😳
July 24, 2023 at 2:01 PM
Screenshot from the desktop app of part of a timeline I'm working on. Spans a decade of activity 😳
Thanks Marco! And no videos either to use as an alternative 😮
July 21, 2023 at 5:23 AM
Thanks Marco! And no videos either to use as an alternative 😮
Thank you! So many great people!!!
July 21, 2023 at 5:22 AM
Thank you! So many great people!!!