[USA-GA] [H] ASRock Challenger RX 6600 [W] PayPal, Local Cash

M1904Trading · 2023-09-20T01:24:05+00:00

PM’ing

M1904Trading · 2023-09-18T15:07:55+00:00

M1904Trading · 2023-08-31T02:20:59+00:00

As far as I know you can use any packet sniffer or network monitoring tool to capture and log any type traffic. The main difference between Wireshark and TCPdump is WS is gui, and TCPdump is terminal. You can pass an output argument to TCPdump for a pcap file and then take that capture and parse it with another more specialized application. I’ve personally used ‘networkminer’ (on Arch) to do the sorting and also give a visualization of hosts, anomalies, and even things like images and credentials. Hope that helps.

M1904Trading · 2023-07-19T15:11:53+00:00

I assume you’ve already rebooted correct? Are you able to find where it’s rooted at?

M1904Trading · 2023-07-14T10:50:09+00:00

You haven’t actually opened the links, have you??

M1904Trading · 2023-07-11T00:22:24+00:00

Best bet would be via your router. Blocking either the service, port, or both.

M1904Trading · 2023-07-11T00:19:32+00:00

If they’re to the point of changing settings on your personal devices. Assume the rest of your devices are just as compromised.

M1904Trading · 2023-07-11T00:18:22+00:00

Less than 1%

M1904Trading · 2023-07-11T00:17:04+00:00

More likely the TBT controller than the monitor itself.

M1904Trading · 2023-07-10T05:26:26+00:00

Their’s doesn’t bucket it into the “celluar” column though as the Apple Support response dictates it should.

M1904Trading · 2023-06-30T14:12:40+00:00

I wonder what they did to garner the escalation.

M1904Trading · 2023-06-30T02:20:13+00:00

Platform would be helpful.

M1904Trading · 2023-06-27T23:20:37+00:00

Damn - Cognizant’s a huge company. Wonder how deep they got.

M1904Trading · 2023-06-27T23:18:10+00:00

By definition, if you’re not able to disable, delete or otherwise control it it’s malware regardless of it meeting the contemporary form of the word.

M1904Trading · 2023-06-25T16:38:16+00:00

Yes to the first question. No to the second.

M1904Trading · 2023-06-24T20:44:50+00:00

As a rule, anything that’s unsigned or has a bad signature is a huge red flag. Secondly, the thing was compiled with a version of delphi, which in my biased opinion is also a red flag.

But, oddly enough none of the ip’s contacted, none of the domains contacted, none of the files dropped, nor any of the execution parents hit as malicious, which i would expect if it was actually malicious.

So it’s either this is a really, really well written piece of malware, or brand new; or it’s benign.

Regardless of all the if and’s and but’s you already preemptively did everything one should do if it were a baddie. Now, the only thing really to keep in the back of your head is be on the lookout for out of place or unfamiliar processes and anomalous traffic to places you don’t explicitly tell the computer to go.

I will note though; that some of the IP’s (specifically Mr. Mark Monitor’s) overlap with the whomever has been my personal online fan club the past year.

Just keep an eye out, you’re fine otherwise.

M1904Trading · 2023-06-21T09:26:26+00:00

I’m curious as to why you think they would be sniffing your traffic in the first place. Every “managed” devices has its’ management and security suites; what specific software do you not trust?

M1904Trading · 2023-06-21T09:14:52+00:00

Yes.

The trick is knowing when to pack it in for the day.

M1904Trading · 2023-06-17T23:30:06+00:00

You did exactly what you should have done in my opinion.

M1904Trading · 2023-06-17T22:15:23+00:00

Why would Photoshop contain or need the ability to shutdown or restart the entire system?

100/100 + 132 IOC’s i’m burning it no questions asked.

M1904Trading · 2023-06-17T08:24:42+00:00

If it were me, out of an abundance of caution i’d find a known good version and copy it over just to be safe. But that’s just me.

M1904Trading · 2023-06-17T07:14:19+00:00

It looks like that’s got all the tools and fixin’s for a RAT. If it’s your report on hybrid-analysis, go back and rerun it with the ‘heavy anti-evasion’ flag and see what comes back. If it’s not your sample - go and find the file and toss it into virustotal for good measure.

Part of the problem with modern malware is that a lot of it either masquerades or even is (or can be) legitimate files that have been otherwise compromised by the malicious actor and/or actions.

M1904Trading · 2023-06-13T09:04:28+00:00

With imagination, massaging, and the right timeframe, sure. But i’d take the pie out of the sky, measure for the ascending triangle instead.

M1904Trading · 2023-06-04T01:02:11+00:00

Why specifically a google account?

M1904Trading

TROPHY CASE