Why, hello there, #solarmarker.

Website: certReport has been updated to 3.2: you can use an API key and "-p" to submit reports to the database. Read more here: We can handle submitting your reports too. See the website for more details. :)

@JAMESWT_MHT @salmanvsf @1ZRR4H @VirITeXplorer @marsomx_ @ffforward @0xToxin @Max_Mal_ @pr0xylife @guelfoweb @malwrhunterteam @AndreaDraghetti Thank you for your report. The code-signing certificate has been reported.

@malwrhunterteam @globalsign Certificate has been reported for revocation. Thank you for the report.

@smica83 @malwrhunterteam Awesome. Thanks for the tag. The certificate has been reported for abuse.

RT @SquiblydooBlog: @g0njxa @deepseek_ai Thanks for the tag, the certificate has been reported. Apparently DeepSeek and OpenAI aren't mad…

@g0njxa @deepseek_ai Thanks for the tag, the certificate has been reported. Apparently DeepSeek and OpenAI aren't made by a Vietnamese construction company. Who knew? Currently low detection. @JAMESWT_MHT @malwrhunterteam

@malcat4ever @smica83 Nice. Thanks for digging into it. Posting the IPs for convenience for others but there are some domains in there for anyone interested (see image). 216.245.184.181 212.237.217.182 168.119.96.41 @johnk3r for vis, looks like you both were digging in at the same time.

I am working on a public platform to make it even easier for people to report code-signing certificates. My goal is to continue to raise awareness on the abuse and the impact revocation has on malware distributors. Keep an eye on my socials for more news.

@JAMESWT_MHT @500mk500 @guelfoweb @James_inthe_box @AndreaDraghetti @ffforward @VirITeXplorer @0xToxin @pr0xylife @RussianPanda9xx @c_APT_ure @Max_Mal_ Certificate "MANH THAO NGUYEN COMPANY LIMITED" has been reported. Thanks for tagging me.

#Signed #Reported "44.211.848 NICOLAS SAMUEL DE ALMEIDA" Fake Open AI Sora downloads. User receives file "video_for_you.mp4 - openai\.com" You always know it is going to be a special time when the VT comments are stories.

Signer "DRSSOFT INC" is pushing a lot of fake meeting software. Teams, Wechat, Zoom, etc RemcosRAT 185.42.12.75, 90MB "calc" 🥲 Their files use a CloudFlare CAPTCHA before unpacking.

@skocherhan @Weixin_WeChat Why do you say "APT"? I reviewed the other files from this code-signer "DRSSOFT INC" and have reported it for revocation. Their files all show a CAPTCHA, which may account for the low VT score. At least one was RemcosRat: 185.42.12.75

Anyone know what is up with the stealers that someone keep uploading as "random[#]"? #Signed PREMERA LLC #Reported Talks with telegram, installs netsupport, flagged as "RustyStealer"

@smica83 @abuse_ch @JAMESWT_MHT Thanks for your report. The certificate has been reported for revocation.

@smica83 @abuse_ch @JAMESWT_MHT Thanks for tagging me. The certificate has been reported for revocation.

@smica83 @abuse_ch @JAMESWT_MHT Thanks for tagging me. The certificate has been reported for revocation.

Low detection CobaltStrike masquerading as MS_Teams installer. Connects to C2: 217.148.142.17 #Signed "ANALYZER ENTERPRISES LLP" #Reported

@dez_ Nice. Definitely an interesting attack technique. And you reported the code-signing cert, right? 😉 cc. @JAMESWT_MHT @malwrhunterteam