monty
@_montysecurity
Followers
662
Following
69
Statuses
71
threat hunter | @CuratedIntel member | @MITREattack contributor | posts = mine | DM me if I post bad intel
Joined February 2020
Dropped a new tool for malware researchers. It is used to continuously ingest, analyze, and alert on samples given a set of yara rules. Out of the box it works with @abuse_ch MalwareBazaar recent uploads but it's modular so you can add more sources
1
32
139
RT @pedrinazziM: Happy to have contributed to the great C2 tracker by @_montysecurity with a query to hunt Atlandidβ¦
0
9
0
Big changes to C2 Tracker βΌοΈ - Added support for Censys searches π - Updates weekly on Mondays (modeled after Censys/Shodan scanning frequency) - Added multiple new C2s/malware/botnets
0
23
97
Dropped a new blog on hunting APT41 πΌ one of my favorite ones to put together, full of hunts for common TTPs and just things you should probably be hunting for anyway π―
0
32
169
New #WaveStealer spotted in the wild, possibly a variant of bby stealer. Sold by a French-speaking threat actor "sudry" (aka svvdry) on Telegram/Discord for a few dollars. C2: wavebysudryez.]fr wave-assistant.]com Files created: \Temp\wavestealer\ β¬οΈ
0
7
16
Thank you for the support!! π€
0
0
10
Just released a #Python script for interacting with the @abuse_ch Malware Bazaar collection and finding samples that meet multiple criteria I showcase it here hunting #CobaltStrike samples
1
6
33
@Cyb3rMonk I spent a lot of time on this question in the past. While limited to process/EDR data, the definition I came up with was "any combination of programs, files, and arguments that achieve some [MITRE] technique". Not perfect but it works for me :)
0
1
5
Put out a post dissecting this file. Used it as an example to learn the very basics of analyzing APK files and share my process along the way.
"WeChat.apk": 1c80567efb0b4ad10c97247862dd32fc8abc9cbb04f7e1e9c6624745d99dbd8c
0
5
14
Good find! Added this to C2 Tracker π―
Hey :) @shodanhq makes the hunting process for Sliver C2 a bit easier than before. You can now search for online servers using the search query product, like so: Happy Hunting π
0
0
3
Big update to C2 Tracker π’ added 17 new tools/malware and retired some lower fidelity ones #CTI #ThreatIntel
1
34
132
Added #Meduza Stealer to C2 Tracker π― Shodan Search http.html_hash:1368396833 IOCs:
#Meduza Stealer is not dead! Search for C2 panels on @fofabot : icon_hash="-559608920" Some New panels: 193.233.133.81 146.70.161.13 77.105.147.136 185.106.94.31 212.113.116.56 89.185.85.132 95.181.173.235 95.181.173.8 95.181.173.233 89.185.85.34 ππ
1
5
22
Posted a small write up on extracting the LNK payload from this one. "Evasion by Annoyance: When LNK Payloads Are Too Long"
"npp_Installer_58627.iso": 713c18376e5474a643f03014170230125035cb39f731afdef1e8f3ab50122e93 The .lnk (40MB+ π) : 5f4111aa4909efe4ef2bafb56756b33ce4ddcf8f62715e6ae4e649200733c6ff The .exe: 48f8a032fbb92214c064dd36057d13d96b6aaa64f34a006cd4c51cb4442fe673 @1ZRR4H
0
4
19