James_inthe_box

@[email protected]
594 Followers
179 Following
1.1K Posts
#malware
James_inthe_box2h ago

#reverseloader #remcos #opendir at:

http://107.172.235\.213/95/ also img dir

c2: 173.231.188\.244:14641

James_inthe_box1d ago

#reverseloader #xworm #opendir at:

http://172.245.209\.253/203/

c2: 172.245.106\.54:3333

James_inthe_boxJun 5

From #clickfix to #stealc

https://app.any.run/tasks/9cd9a0f0-bf6f-4a23-9bf0-4d804f816b07

c2: https:// pas. canamrent .com/

James_inthe_boxJun 1

A csv formatted list of #malspam campaigns that crossed my path in May to include #malware, subjects, hashes, c2's, and email exfil addresses:

https://gist.github.com/silence-is-best/9b7365532f5ceb3b963bbc2dc3d8e876

#retrohunt

James_inthe_boxJun 1

A new one on me.. #overlord rat at:

https:// localgolf\.globalmerx\.es/ssa/Windows/utility.php

https://app.any.run/tasks/f0336476-584b-4970-9ab7-fb4e6882f896

James_inthe_boxMay 18

Fresh #gostealer :

https://app.any.run/tasks/ffd0507e-40e2-4ec4-8b87-ac90ef081889

Analysis gs_v2.exe (MD5: B4EF00CD345371CA3393145EFA464376) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxMay 5

Couple #reverseloader -> #xloader #opendir at:

http://107.175.246 .42/25/
http://89.40.31 .143/img/

James_inthe_boxMay 1

An on time (yay) csv formatted list of #malspam campaigns that crossed my path in April to include #malware type, c2, hash, subject, and email exfil addresses:

https://gist.github.com/silence-is-best/bc95a949f272f8c5487d057bbd74d14f

#retrohunt

James_inthe_boxApr 30

#nanocore......#ransomware ..?

https://app.any.run/tasks/0f06cf0b-8417-4e7d-83db-0fd384472772

No files actually encrypted though 🤔

James_inthe_boxApr 30
Much hatred for the latest #Wireshark