@seism0saurus LOL

Hear me out..."vibe admining":

"This directory kinda has a lot of files...let's delete some"
"That account feels like too much access...let's remove some..."
"This server seems unhappy...let's reboot it"

A csv formatted list of #malspam campaigns that crossed my path in April to include #malware type, c2, hash, subject, and email exfill addresses:

https://gist.github.com/silence-is-best/413e27ccb3b5dfe3d2260b94968d8c73

#retrohunt

@cR0w @mttaggart @wdormann Betting this means brand new client machines....ergo nothing is tied to the client (cert, etc...).

@da_667 Never forget:
https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

It's why I stopped taking .*RSA.* seriously after that.

@da_667 Also, @jane_0sint has this as #strrat

@SwiftOnSecurity This is what I use...good on the phone as well in an always open tab...one less app on the device is a good thing.

@da_667 C2 "header" of the first 5 bites is the same though...so that's something.

@Ichinin Haha...ouch ;)

cc @da_667 on traffic

I have no idea what this is:
https://app.any.run/tasks/0dfd03de-7006-43e3-bead-8d3888a11c9a

@GossiTheDog $50 US

@GossiTheDog Wonder what the price will be...

@GossiTheDog Pretty excited for this...but not excited enough to:

1. Pre-order
2. Buy on release day
3. Buy full price

@mttaggart I feel like I was ahead of the curve by just closing that browser tab and not opening it again a couple months ago. Bluesky was just not impressive.

@r3dbU7z LoL

#malware #opendir ultimately #venomrat + #hvnc:

https://carltonsfile\.com/mor1/ -> https://paste\.ee/d/c7nSA2yM/0

c2: 109.248.144.175:4449

4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61

@r3dbU7z Good find.

@jgreig Good.

@wdormann Spellcheck/formcheck/AI check?