Conversation

Notices

1. Der Keymeister :chad_2: 🔐 ⬜ (3t@annihilation.social)'s status on Friday, 12-May-2023 05:54:22 JST Der Keymeister :chad_2: 🔐 ⬜
   mastodon.social being caught red-handed having ties with EMOTET botnet and other nasty surprises therefore needs to be black-holed at every level either dns (host file) or firewalled out of any system.
   •  likes this.
   •  (mint@ryona.agency)'s status on Friday, 12-May-2023 05:59:43 JST 

     in reply to

     • Chad Warden :pleromatan:
     @3T @kirby First one is just Fastly's range, anyone could use it for botnet coordination, like any other CDN. But 11.0/8 range is rather sus, as kids would say, since it belongs to the US DoD.
     https://securityboulevard.com/2021/04/u-s-dod-has-worlds-largest-honeypot-6-of-internet-space/
   • Chad Warden :pleromatan: (kirby@freespeechextremist.com)'s status on Friday, 12-May-2023 05:59:44 JST Chad Warden :pleromatan:

     in reply to
     @3T new kernel vuln?
   • Der Keymeister :chad_2: 🔐 ⬜ (3t@annihilation.social)'s status on Friday, 12-May-2023 05:59:44 JST Der Keymeister :chad_2: 🔐 ⬜

     in reply to

     • Chad Warden :pleromatan:
     @kirby they don't even have perfect forward secrecy on their bloody potato instance. No vuln but just around 10-15 detection from different av engines
   • Der Keymeister :chad_2: 🔐 ⬜ (3t@annihilation.social)'s status on Friday, 12-May-2023 05:59:45 JST Der Keymeister :chad_2: 🔐 ⬜

     in reply to

     • Chad Warden :pleromatan:
     @kirby idk but there's not only EMOTET in there but some other bloody looking things. Also being relatively new they have loads of IPs around 154 that can suggest a strategy to evade detection so they have always different IP in a short time frame.
   • Chad Warden :pleromatan: (kirby@freespeechextremist.com)'s status on Friday, 12-May-2023 05:59:46 JST Chad Warden :pleromatan:

     in reply to
     @3T I'm guessing they got infected or something they can't be associated with the group behind it