Another Qbot/Qakbot sample: https://t.co/2ZAXRCaZv2
The sample is signed with a cert given to another totally legit company by @SectigoHQ...
This is boring now.
In 24h, this is the 3rd different signer I seen used to sign Qakbot samples.
This is interesting...
Two very convincing IDN #phishing domains for google and apple resolve to the same IP address (126.96.36.199)
both domains are using @Namecheap
cc: @malwrhunterteam @nullcookies @SteveD3 @JayTHL https://t.co/SsS6h15Hvg
One talks like this when only the money matters and nothing else, but obviously he not want to say it, because that make them look bad (to say the least)...
And you know, revoking the cert after the campaign is over is good for exactly 1 thing: nothing.
@SwitHak @DanielGallagher https://t.co/RgT0ByTWrn