james-inthe-box.infosec.exchange.ap.brid.gy - Profile | ThreadSky | a Reddit-style client for Bluesky

james-inthe-box.infosec.exchange.ap.brid.gy

#malware [bridged from https://infosec.exchange/@james_inthe_box on the fediverse by https://fed.brid.gy/ ]

32 posts 8 followers 0 following

Posts 18 Comments 15

Huh...first time I've seen threat actor's using @ThinkstCanary : https://assistance-newton-adam-indiana.trycloudflare\\.com

submitted 2 days ago • 1 comment

Badness at: http://144.91.79.54/10022025/ https://app.any.run/tasks/70b515d1-ba84-4eb3-aba1-247e09eec4bb Ultimately #darkcloud (the txt file); c2 juguly\\.shop

submitted 2 days ago • 0 comments

I wonder if this threat actor's #phishing roundcubemail is up to date... 🤨 http://mr\\.cbzpfc7.sa\\.com/roundcubemik/

submitted 8 days ago • 0 comments

If you're not blocking trycloudflare\\.com at the perimeter, now's the time: #opendir 's: https://em-ash-announcements-alpha.trycloudflare\\.com/1DSAHJKSA/ -> https://did-efficiency-than-lenses.trycloudflare\\.com -> https://reached-theoretical-regular-impact\\.trycloudflare.com

submitted 8 days ago • 1 comment

#phishing #opendir: https://dmc.otarvesq\\.com/POST/

submitted 11 days ago • 0 comments

http://account\\.empireaccelerate.com:9200/empire_account/account/account.do 🤨

submitted 16 days ago • 0 comments

When the threat actor REALLY wants it to run... #venomrat c2: 176.65.142.172:4449

submitted 21 days ago • 0 comments

A csv formatted list of #malspam campaigns that crossed my path in January to include subjects, hashes, c2's, #malware type, and email exfil addresses: https://gist.github.com/silence-is-best/4a3558425ea7057e0e4e00d14a9cde78 #retrohunt

submitted 25 days ago • 0 comments

When #windows decides it's had enough of you blocking it's update/telemetry processes (going to wd-prod-cp-us-west-2-fe\\.westus.cloudapp.azure.com) and just yeats out the lookup over #netbios 🤷

submitted 26 days ago • 0 comments

A fairly sizable distributed port scan (all source port 19000) about 30 minutes ago; raw logs and sources here: https://gist.github.com/silence-is-best/40fa2842ad8122411fa2a7241f8c65ac

submitted 35 days ago • 0 comments

If you're....you know...bored... https://app.any.run/tasks/365f8969-106d-4fa0-8587-7d2593731a67

submitted 36 days ago • 0 comments

We're hiring a Senior Software Engineer on the @securedrop team at @freedomofpress. SecureDrop is open source whistleblowing software. The project is at a critical inflection point as we get ready to build the next-gen version based on a modern cryptographic protocol. 100% remote, full-time […]

submitted 37 days ago • 1 comment

#webshell #opendir #netsupport #rat at: https://appointedtimeagriculture\\.com/wp-includes/blocks/post-content/ GatewayAddress=95.179.158.213:443 RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA

submitted 37 days ago • 0 comments

As much as I was excited about #telegram cooperating with LE...I haven't noticed much of a change: https://app.any.run/tasks/694cb94f-3ab9-48c4-b860-c9eab82b14a9

submitted 43 days ago • 0 comments

Hey @da_667 ...you seen this UA with #xloader yet? <url method="POST" uri="/k2i2/" host="www\\.gayhxi\\.info" user_agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1"/>

submitted 45 days ago • 0 comments

Good presentation @da_667

submitted 50 days ago • 0 comments

#opendir at: https:// superior-somalia-bs-leisure.trycloudflare\\.com -> http:// jsnybsafva\\.biz:8030

submitted 50 days ago • 1 comment

A late (due to holiday vacation) and sparse csv formatted list of #malspam campaigns that crossed my path in December to include subjects, #malware, hashes, c2's, and email exfil addresses: https://gist.github.com/silence-is-best/80e7b20f37e8ba6212144d4a37fb714d #retrohunt

submitted 53 days ago • 0 comments