James_inthe_box
@james-inthe-box.infosec.exchange.ap.brid.gy
#malware
[bridged from https://infosec.exchange/@james_inthe_box on the fediverse by https://fed.brid.gy/ ]
[bridged from https://infosec.exchange/@james_inthe_box on the fediverse by https://fed.brid.gy/ ]
#malware not detonating and crashing out? Try my patented "shotgun" method and run like 15 copies at once! Spoiler, it actually does work in many cases ;)
https://app.any.run/tasks/98ee9a03-06d0-4c94-af52-53a84d3a3132
https://app.any.run/tasks/98ee9a03-06d0-4c94-af52-53a84d3a3132
January 26, 2026 at 2:56 PM
#malware not detonating and crashing out? Try my patented "shotgun" method and run like 15 copies at once! Spoiler, it actually does work in many cases ;)
https://app.any.run/tasks/98ee9a03-06d0-4c94-af52-53a84d3a3132
https://app.any.run/tasks/98ee9a03-06d0-4c94-af52-53a84d3a3132
When you distribute your malicious #screenconnect on your c2 🙃
https://app.any.run/tasks/5e815a05-a047-4010-aefc-9d6f95c1127b
https://app.any.run/tasks/5e815a05-a047-4010-aefc-9d6f95c1127b
January 21, 2026 at 10:32 PM
When you distribute your malicious #screenconnect on your c2 🙃
https://app.any.run/tasks/5e815a05-a047-4010-aefc-9d6f95c1127b
https://app.any.run/tasks/5e815a05-a047-4010-aefc-9d6f95c1127b
Finally saw something when installing those malicious #rmm #screenconnect (at https://mkaos.alwaysdata\\.net/eStatementSsaGov.msi)
https://app.any.run/tasks/399383f4-5ab6-4f53-ab93-09d36c891041
https://app.any.run/tasks/399383f4-5ab6-4f53-ab93-09d36c891041
January 20, 2026 at 2:50 PM
Finally saw something when installing those malicious #rmm #screenconnect (at https://mkaos.alwaysdata\\.net/eStatementSsaGov.msi)
https://app.any.run/tasks/399383f4-5ab6-4f53-ab93-09d36c891041
https://app.any.run/tasks/399383f4-5ab6-4f53-ab93-09d36c891041
If you've been experiencing these new #malspam with @Action1corp #action1 RMM, there's a tasty lil file called C:\Windows\Action1\what_is_this.txt that's everything you need to know:
https://app.any.run/tasks/a38ca435-f03f-4e77-aac0-f7446b6fe4df
https://app.any.run/tasks/a38ca435-f03f-4e77-aac0-f7446b6fe4df
January 16, 2026 at 3:07 PM
If you've been experiencing these new #malspam with @Action1corp #action1 RMM, there's a tasty lil file called C:\Windows\Action1\what_is_this.txt that's everything you need to know:
https://app.any.run/tasks/a38ca435-f03f-4e77-aac0-f7446b6fe4df
https://app.any.run/tasks/a38ca435-f03f-4e77-aac0-f7446b6fe4df
January 14, 2026 at 2:19 PM
A short (and late due to vacation) csv formatted list of #malspam campaigns that crossed my path in December to include #malware type, subject, hash, c2, and email exfil addresses:
https://gist.github.com/silence-is-best/720a513ff366780662870bc0dd080ce3
#retrohunt
https://gist.github.com/silence-is-best/720a513ff366780662870bc0dd080ce3
#retrohunt
January 5, 2026 at 3:52 PM
A short (and late due to vacation) csv formatted list of #malspam campaigns that crossed my path in December to include #malware type, subject, hash, c2, and email exfil addresses:
https://gist.github.com/silence-is-best/720a513ff366780662870bc0dd080ce3
#retrohunt
https://gist.github.com/silence-is-best/720a513ff366780662870bc0dd080ce3
#retrohunt
January 5, 2026 at 2:01 PM
Some fresh (2025-12-18) #silverfox #valleyrat
https://app.any.run/tasks/5f8778b4-7a5a-42fc-b814-4951c356c274
https://app.any.run/tasks/5f8778b4-7a5a-42fc-b814-4951c356c274
ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run
December 19, 2025 at 2:41 PM
Some fresh (2025-12-18) #silverfox #valleyrat
https://app.any.run/tasks/5f8778b4-7a5a-42fc-b814-4951c356c274
https://app.any.run/tasks/5f8778b4-7a5a-42fc-b814-4951c356c274
Someone playing around with a fresh (2025-12-18) #ransomware / #cryptor
https://app.any.run/tasks/776a8c9a-61f3-4593-b166-a60e3eb65f2f
https://app.any.run/tasks/776a8c9a-61f3-4593-b166-a60e3eb65f2f
December 18, 2025 at 5:52 PM
Someone playing around with a fresh (2025-12-18) #ransomware / #cryptor
https://app.any.run/tasks/776a8c9a-61f3-4593-b166-a60e3eb65f2f
https://app.any.run/tasks/776a8c9a-61f3-4593-b166-a60e3eb65f2f
pdb path for the win on this #stealerium run:
https://app.any.run/tasks/489d6268-d719-4f6f-9de1-798d1c26467a
https://app.any.run/tasks/489d6268-d719-4f6f-9de1-798d1c26467a
December 18, 2025 at 2:57 PM
pdb path for the win on this #stealerium run:
https://app.any.run/tasks/489d6268-d719-4f6f-9de1-798d1c26467a
https://app.any.run/tasks/489d6268-d719-4f6f-9de1-798d1c26467a
December 15, 2025 at 6:55 PM
#lokibot (believe it or not) at:
https://ballotlinllc\\.top/kellymnb/ENCRYPTED.ps1
c2: http://91.92.243.\254/kelly/five/fre.php
65312b1b16f7928cbd0fa79bc12fe75dac2f610d13a54848a8b6f52d035f870d on the ps1
https://ballotlinllc\\.top/kellymnb/ENCRYPTED.ps1
c2: http://91.92.243.\254/kelly/five/fre.php
65312b1b16f7928cbd0fa79bc12fe75dac2f610d13a54848a8b6f52d035f870d on the ps1
December 12, 2025 at 3:18 PM
#lokibot (believe it or not) at:
https://ballotlinllc\\.top/kellymnb/ENCRYPTED.ps1
c2: http://91.92.243.\254/kelly/five/fre.php
65312b1b16f7928cbd0fa79bc12fe75dac2f610d13a54848a8b6f52d035f870d on the ps1
https://ballotlinllc\\.top/kellymnb/ENCRYPTED.ps1
c2: http://91.92.243.\254/kelly/five/fre.php
65312b1b16f7928cbd0fa79bc12fe75dac2f610d13a54848a8b6f52d035f870d on the ps1
A csv formatted list of #malspam campaigns that crossed my path in November to include #malware type, c2, hash, subject, and some email exfil addresses:
https://gist.github.com/silence-is-best/b0eed8c8a6d6f6381a30d17047603726
#retrohunt
https://gist.github.com/silence-is-best/b0eed8c8a6d6f6381a30d17047603726
#retrohunt
December 1, 2025 at 6:18 PM
A csv formatted list of #malspam campaigns that crossed my path in November to include #malware type, c2, hash, subject, and some email exfil addresses:
https://gist.github.com/silence-is-best/b0eed8c8a6d6f6381a30d17047603726
#retrohunt
https://gist.github.com/silence-is-best/b0eed8c8a6d6f6381a30d17047603726
#retrohunt
An unusually large, moments ago #botnet scan all from source port 19000 (not the "usual" Amazon sourced scans that I see every morning like clockwork at 06:45). Raw logs and source IP's:
https://gist.github.com/silence-is-best/65c9fe419f8b0551b5f1ce9356e9d13f
https://gist.github.com/silence-is-best/65c9fe419f8b0551b5f1ce9356e9d13f
November 28, 2025 at 2:02 PM
An unusually large, moments ago #botnet scan all from source port 19000 (not the "usual" Amazon sourced scans that I see every morning like clockwork at 06:45). Raw logs and source IP's:
https://gist.github.com/silence-is-best/65c9fe419f8b0551b5f1ce9356e9d13f
https://gist.github.com/silence-is-best/65c9fe419f8b0551b5f1ce9356e9d13f
Maybe I'm crazy, but I always thought explorer.exe ran at boot regardless?
November 26, 2025 at 7:57 PM
Maybe I'm crazy, but I always thought explorer.exe ran at boot regardless?
#snakekeylogger at:
https://intesmak\\.com/obitwo
c2: https://api.telegram\\.org/bot8099843793:AAGeYKMLti1IpyT9o6bz7OtgdXF9md25uXA
https://intesmak\\.com/obitwo
c2: https://api.telegram\\.org/bot8099843793:AAGeYKMLti1IpyT9o6bz7OtgdXF9md25uXA
November 24, 2025 at 2:10 PM
#snakekeylogger at:
https://intesmak\\.com/obitwo
c2: https://api.telegram\\.org/bot8099843793:AAGeYKMLti1IpyT9o6bz7OtgdXF9md25uXA
https://intesmak\\.com/obitwo
c2: https://api.telegram\\.org/bot8099843793:AAGeYKMLti1IpyT9o6bz7OtgdXF9md25uXA
A new one on me... #mercury32 #loader (but still kinda #darkcloud)
https://app.any.run/tasks/67c44d06-c643-4998-af77-05fd6261168f
https://app.any.run/tasks/67c44d06-c643-4998-af77-05fd6261168f
November 21, 2025 at 9:37 PM
A new one on me... #mercury32 #loader (but still kinda #darkcloud)
https://app.any.run/tasks/67c44d06-c643-4998-af77-05fd6261168f
https://app.any.run/tasks/67c44d06-c643-4998-af77-05fd6261168f
Evil #logmeinrescue at:
https:// connectme-1ke.pages. dev/LogMeInResolve_Unattended.msi
e56e5f1f37b6c2ae9f4f1b2e7ab2f7aee9ca91c4c84334dd5bb49675de619736
Company ID: 8400521075231559185
https:// connectme-1ke.pages. dev/LogMeInResolve_Unattended.msi
e56e5f1f37b6c2ae9f4f1b2e7ab2f7aee9ca91c4c84334dd5bb49675de619736
Company ID: 8400521075231559185
November 21, 2025 at 7:54 PM
Evil #logmeinrescue at:
https:// connectme-1ke.pages. dev/LogMeInResolve_Unattended.msi
e56e5f1f37b6c2ae9f4f1b2e7ab2f7aee9ca91c4c84334dd5bb49675de619736
Company ID: 8400521075231559185
https:// connectme-1ke.pages. dev/LogMeInResolve_Unattended.msi
e56e5f1f37b6c2ae9f4f1b2e7ab2f7aee9ca91c4c84334dd5bb49675de619736
Company ID: 8400521075231559185
#stealerium hosted at:
http://31.57.147.77:6464/gethta
http://31.57.147.77:6464/getdll
hash 88feadbb2f9548d3c0cb9c6519bcea476acf9ac2a3eeccde5655457cbba29db4 on the dll
http://31.57.147.77:6464/gethta
http://31.57.147.77:6464/getdll
hash 88feadbb2f9548d3c0cb9c6519bcea476acf9ac2a3eeccde5655457cbba29db4 on the dll
November 20, 2025 at 6:44 PM
#stealerium hosted at:
http://31.57.147.77:6464/gethta
http://31.57.147.77:6464/getdll
hash 88feadbb2f9548d3c0cb9c6519bcea476acf9ac2a3eeccde5655457cbba29db4 on the dll
http://31.57.147.77:6464/gethta
http://31.57.147.77:6464/getdll
hash 88feadbb2f9548d3c0cb9c6519bcea476acf9ac2a3eeccde5655457cbba29db4 on the dll
November 17, 2025 at 5:22 PM
