Gi7w0rm

Threat Intelligence Analyst | Interested in everything Malware 😎
| Huge fan of unpac.me

2025-06-02

New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework.
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hulucaptch

2025-06-01

New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊

2025-05-06

Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:

hxxps[:]//baustandards-qs[.]lidl[.]com

Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24

#subdomaintakeover #itw

2025-04-22

So this just happend to me:
gamerhorizon.com/2015/01/28/ps

800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.

2025-04-14

The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.

Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0

2025-04-09

On December 31,2024 @sourcedefense released an article about a #webskimming threat, that used extensive google redirecting to load the fake payment page.
securityboulevard.com/2024/12/
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @uber.

2025-04-06

Message of the day:
Not every North Korean Cyber Threat is #Lazarus or related to Lazarus.
Please get this into your heads...

2025-03-28

"Studio Ghibli" - Gi7w0rm

#AIArt #StudioGhibli #Gi7w0rm

2025-03-27

Homeoffice starting in 4 days, so after roughly 10+ years I upgraded my office desk.
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...

2025-03-23

Small Bugfix in gi7w0rm.github.io/ArrayThisClo
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array while coding.

2025-03-21

Have just been notified that I am featured in:
darkreading.com/cyberattacks-d
Thank you for the honor @DarkReading ❤️

2025-03-14

Happy to share that I have signed a work contract at a CTI company.
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️

2025-02-24

Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^

2025-02-22

Please excuse the lack of content in the last weeks.
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️

2025-02-22

Looking good on the #jobhunt. Hope to sign a contract by the end of next week.
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪

2025-02-12

Happy to have received recognition for being a #TopContributor to the @abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus!

P.S. The hoodie has an amazing quality!

2025-02-06

#Bitcoin #Clipper address:
https://www.blockchain.com/explorer/addresses/btc/1DJ5VetDBuQnmDZjRHRgEiCwYwvc6PSwu8

Attacker gained $12,082.72.
Primary cause:
They stole $10,635.59 in Bitcoin from a single victim.

2025-01-30

Damn, what an awesome feeling to improve the speed of your code.
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥

2025-01-23

Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers"
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
gi7w0rm.medium.com/a-beginner-

2025-01-20

Had a productive evening yesterday :)
#skimming #magecart #hunting

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst