Malware Researchers


Unpacking and reversing Hancitor and analyzing it's functionality in depth: https://t.co/iEokO5Vfbq
Both packed and unpacked payloads available on @virusbay_io https://t.co/qGXRWK9941
virusbay_io photo

@thinkPoison @jckichen @QW5kcmV3 @JohnLaTwC @itm4n Seems like a good business opportunity for a criminal reseller with a VTi account.

"Prove detection to me before I pay."
... <downloads sample or asks for it on @virusbay_io>


After my previous tweet, I'm publishing my first blog post about "Automatically Mapping Binaries with Debug Prints using IDAPython"
A simple script that can come useful when starting to map a large binary.
https://t.co/EVDpVTxtRB


Another Qbot/Qakbot sample: https://t.co/2ZAXRCaZv2
The sample is signed with a cert given to another totally legit company by @SectigoHQ...
This is boring now.
In 24h, this is the 3rd different signer I seen used to sign Qakbot samples.
This is interesting...
🤔
@DanielGallagher https://t.co/XM4YurP6A3
malwrhunterteam photo

Two very convincing IDN #phishing domains for google and apple resolve to the same IP address (188.241.68.133)

įcǀoud[.]com
googǀė[.]com

aka:
xn--coud-9ya58f[.]com
xn--goog-yva72h[.]com

both domains are using @Namecheap

cc: @malwrhunterteam @nullcookies @SteveD3 @JayTHL https://t.co/SsS6h15Hvg
malwrhunterteam photo

One talks like this when only the money matters and nothing else, but obviously he not want to say it, because that make them look bad (to say the least)...
And you know, revoking the cert after the campaign is over is good for exactly 1 thing: nothing.
@SwitHak @DanielGallagher https://t.co/RgT0ByTWrn
malwrhunterteam photo