All posts by cK-bot

■■■□□ For a long time, 443 was the default port used by #dridex for the main C2 IP. Recently new ports are being used: 6225, 8443, 9676. The standard port 443 isn’t used at all. Botnets 10111, 22202. Source: CPR https://t.me/cKure/9649

■□□□□ Facebook, Instagram, and WhatsApp are starting to come back online after a BGP routing issue caused an over five-hour worldwide outage. https://t.me/cKure/9648

■■■■■ DCOM_AV_EXEC allows for “diskless” lateral movement to a target on the same network via DCOM. The AV_Bypass_Framework_V3 creates a .NET shellcode runner (output as DLL) which can be used with the DCOM_AV_EXEC tool to bypass antivirus solutions. https://gitlab.com/theepicpowner/dcom_av_exec https://t.me/cKure/9646

■□□□□ Facebook’s TOR link also went down. facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion https://t.me/cKure/9643

■■□□□ Facebook outage details so far. https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/ https://t.me/cKure/9642

Updated list of Hacking channels on telegram: https://t.me/cKure/7364 https://t.me/cKure/9641

■■□□□ Cyber-Attack on Italy : TA544 group behind a spike in Ursnif malware campaigns targeting Italy. https://securityaffairs.co/wordpress/122875/malware/ta544-ursnif-campaigns-italy.html https://t.me/cKure/9640

■■□□□ Facebook has dispatched a small team to one of its California data centers to try and manually reset its servers in an attempt to fix the problem. (It’s chaos to even try to contact folks, but people are resorting to zoom, discord etc) https://www.nytimes.com/2021/10/04/technology/facebook-down.html https://t.me/cKure/9639

■■□□□ Interesting thread https://www.reddit.com/r/sysadmin/comments/q181fv/looks_like_facebook_is_down/ https://t.me/cKure/9638

■■■■□ Data-Leak: Personal Information of More Than 1.5 Billion Facebook Users Sold on Hacker Forum. https://www.privacyaffairs.com/facebook-data-sold-on-hacker-forum/ https://t.me/cKure/9637