Mastodawn

idk why, but the performance of #AzireVPN, especially its stability, has decreased significantly (reddit users would say "since the acquisition by #Malwarebytes / #FiveEyes" ). There are non-stop disconnects, and even when the connection is up, the overall throughput and RTT are laughable.

back to #Mullvad it is and... wow, 50% lower median RTT 🤡

the actually sad part is that everybody hosts at #Datapacket, #31173, #xtom, and #M247, which comfortably covers #FourteenEyes

mhmm.. probably nobody remembers or even knows about #ovpnTO (not to be confused with #ovpnCOM) #MrNice #timeflies

ps: please ignore the packet loss, as the step size is 5min and I just reconfigured and restarted everything - thx

#vpn #opnsense #smokeping #homelab

Show thread

@infosec_jcp 🐈🃏 done differently Sep 11, 2024

@stevenrosenthal @KamalaHarrisWin

Old Man yells at #DataPacket ☁️.

@infosec_jcp 🐈🃏 done differently Jul 20, 2024

#GammaGroup #FinFisher #FinSpy #SystemApp callback caught #CALEA #malware #GreyMarket #investigations

💻🤝☣️🤝🤳 🎣🔍🧐

on #BunnyNet's CDN from #DataPacket

Interesting vectors... Quite the pointers this scan. Was scanned last 1yr ago. Showed up as malicious. Scans clean now except for the #malware found as a #GammaGroup shim caught nao. 🎣

Caught a bit o' Meta also in the callback graph. Huh.

#VirusTotal
https://www.virustotal.com/graph/embed/g7ee0dd48fe8e4dbbaf440955ee7bfbf57af12ca1c14543e08671f514fafb75be

Virustotal Graph

@infosec_jcp 🐈🃏 done differently Jul 3, 2024

Aggregation of my #GammaGroup #FinFisher attaccc nodes logged for the past 2+yrs. #RTDNA #CALEA #GreyMarket #malware #licensing #investigations ☣️🔍🧐 #infosec

¹ #BunnyCDN / #DataPacket
https://infosec.exchange/@infosec_jcp/112719219876040798

² #AWS in #AMER & #EU
https://infosec.exchange/@infosec_jcp/112724625585749421

³ #Google
https://infosec.exchange/@infosec_jcp/112724771286452381

⁴ #Akamai
https://infosec.exchange/@infosec_jcp/112724939254649507

⁵ #CloudFront
https://infosec.exchange/@infosec_jcp/112725394617753232

⁶ #FastLy #Twitter & Misc IPs ( LARGE LIST )
https://infosec.exchange/@infosec_jcp/112725566169727889

@eff
@citizenlab
@[email protected]
@aclu
@unofficial_aclu
@acluva

@infosec_jcp 🐈🃏 done differently (@[email protected])

Attached: 3 images · Content warning: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket

Infosec Exchange

@infosec_jcp 🐈🃏 done differently Jul 2, 2024

Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.

#FinFisherCom🤝#EnemyOfTheInternet

#CALEA #greymarket #CALEAmalware 🔍🧐#infosec

¹
143-244-49-183.bunnyinfra.net

²
143-244-50-83.bunnyinfra.net

³
169.150.221.147

⁴
143-244-50-88.bunnyinfra.net

⁵
143-244-50-211.bunnyinfra.net

⁶
169-150-249-163.bunnyinfra.net

⁷
169-150-221-147.bunnyinfra.net

⁸
143-244-50-82.bunnyinfra.net

⁹
143-244-50-213.bunnyinfra.net

¹⁰
143-244-50-209.bunnyinfra.net

¹¹
143-244-49-180.bunnyinfra.net

¹²
143.244.50.214

¹³
185-93-1-251.bunnyinfra.net

¹⁴
unn-169-150-249-163.datapacket.com

¹⁵
unn-169-150-249-165.datapacket.com

¹⁶
unn-169-150-249-164.datapacket.com

¹⁷
unn-169-150-249-166.datapacket.com

Cities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/

²
https://en.wikipedia.org/wiki/FinFisher

³
https://www.spiegel.de/netzwelt/netzpolitik/finfisher-ueberwachungssoftware-hersteller-ist-insolvent-a-399e29e2-a7ae-4966-8d26-fc3c4f92db64

⁴
https://netzpolitik.org/2022/nach-pfaendung-staatstrojaner-hersteller-finfisher-ist-geschlossen-und-bleibt-es-auch/

⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/

⁶
https://www.bloomberg.com/news/articles/2022-03-28/spyware-vendor-finfisher-claims-insolvency-amid-investigation

#RTDNA #StateSponsoredMalware™ #SSM™ #malware

@infosec_jcp 🐈🃏 done differently Jun 20, 2024

New #BunnyNet #GammaGroup #FinFisher #FinSpy #Finsky shim for #SystemApp found. #StateSponsoredMalware™✓

This host hasn't been scanned in over 1yr until today.

Initially scanned and found nothing. Dug in a bit further and found some interesting vectors for wot compromised #DataPacket's #BunnyCDN #BunnyNet though #blueteam at #DataPacket ⚠️👉☣️

#VirusTotal
https://www.virustotal.com/graph/embed/gdb48e1efd4a845b9951dcef691fdf3a2f8c56309a9ef445b8f0b7767a351a0e4

Virustotal Graph

@infosec_jcp 🐈🃏 done differently Jun 11, 2024

Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.

One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.

#Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin

Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.