Posts by ankit_anubhav@infosec.exchange
(DIR) Post #APZ63LwLqEe961xBGy by ankit_anubhav@infosec.exchange
2022-11-13T14:30:15Z
0 likes, 0 repeats
If you know someone at ioc.exchange, please let them know about these terrible attackers, who abuse its infrastructure.I hope they get de-activated.The attackers put the real next stage C2 communications in the "about me" tab, and then the malware connects to ioc.exchange on the fly to fetch actual C2.As a result, some people block the whole ioc.exchange domain itself.The abuser profile https://ioc.exchange/@xiteb15011There are a couple more, and I can update on this thread as soon as I see them again.Once they can see that their C2 fronting technique is killed fast, likely they will stop abusing mastodon.Evidence :https://tria.ge/221108-hts6hachh8/behavioral2cc @seb @jerry @SwiftOnSecurity #Malware #Cybersecurity #hacking
(DIR) Post #APZ63NMcY3FnVnFfrE by ankit_anubhav@infosec.exchange
2022-11-13T14:41:17Z
0 likes, 0 repeats
@alkampfer I will use this thread now to report abuse these people.I hope these will get taken down.Thanks for the motivation.
(DIR) Post #APZ74WD5FAqjBvtq1w by ankit_anubhav@infosec.exchange
2022-11-13T15:39:24Z
0 likes, 0 repeats
@seb @jerry @SwiftOnSecurity Thanks a lot for your quick action, I am bit new here. I will read about it and use it the next time it happens.
(DIR) Post #APbER7CnSqzEISPJnU by ankit_anubhav@infosec.exchange
2022-11-14T10:17:18Z
1 likes, 0 repeats
Today, a #Smokeloader #malware campaign is observed, which is sending emails with links to hacked sites. The malware is hidden in the "contract" folder created by the hacker. The next stage download link is not a normal one as the IP is in decimal notation, which makes it look tricky.@3236135985 = 192.227.132.49Evidence - https://tria.ge/221114-lpyrzabe9scc @da_667 @Myrtus @th3_protoCOL #cybersecurity
(DIR) Post #APiflFf5n6SlBUBj5k by ankit_anubhav@infosec.exchange
2022-11-18T06:19:24Z
0 likes, 0 repeats
Last week, I mentioned about ioc.exchange used for c2 fronting , where attackers put the next stage in "about me" and the abusing profile was taken down asap by the moderators.This doesnt' by any chance show a security issue on the platform.Here is a malware communicating to twitter , where the hacker has posted malicious URL as twitter status as base 64, and its up since *7+ years* without fail.Hence the key takeaway, as long as the report abuse is taken action on, all is good.cc @jerry @campuscodi @seb @Myrtus @charlesdardaman @gossithedog
(DIR) Post #APilxeUrscR5PPhaVM by ankit_anubhav@infosec.exchange
2022-11-18T07:06:54Z
0 likes, 0 repeats
@avuko @jerry @campuscodi @seb @Myrtus @charlesdardaman @gossithedog I do not have evidence to confirm/deny it.However I know of the domain being sadly on blocklists ( both public / enterprise specific ) for this reason.The abuse predates Elons' takeover when many people including me havent' heard about mastodon.Probably people thought, its a rare domain, connects to c2 and very few people use it for legit, so block it.
(DIR) Post #AQKioSS2LOsyVnbnLU by ankit_anubhav@infosec.exchange
2022-12-06T14:53:43Z
0 likes, 0 repeats
@seb @alaric @cstromblad Thanks for the great work 🙏
(DIR) Post #AZhj2srjMqg27lVuMq by ankit_anubhav@infosec.exchange
2023-09-12T15:00:19Z
1 likes, 0 repeats
It's always useful to do your due dillgence in analyzing file. Do not blindly trust verdict of others. For example - See the comments on the hash of a 0 byte file and how people are confidently claiming that it's #malware. #infosec #cybersecurity https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/community
(DIR) Post #AZtZqhYoDvkmFNXfSC by ankit_anubhav@infosec.exchange
2023-09-18T14:43:23Z
2 likes, 2 repeats
I don't port X content here but this one is an exception#microsoft #ai #cybersecurity #rip #infosec #breachhttps://twitter.com/wiz_io/status/1703759418507026663
(DIR) Post #AugB07KunKvp9LHFvE by ankit_anubhav@infosec.exchange
2025-06-01T06:58:23Z
3 likes, 1 repeats
#cybersecurity