 |
Post An6wADJeaSR1TGcQZk by [email protected] |
 |
More posts by [email protected] |
|
Post #An6uQwIcuKhni3zC5I by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Regarding this - does anybody know if this is a legit ESET email? @ESETresearc… |
|
|
|
Post #An6vIodhbU8LadXBdw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Okay... I've obtained the file and the email.The emails passed SPF and DKI… |
|
|
|
Post #An6vbzvtq4Am7OC0a8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDogCan't tell from screenshot but domain info looks OK. .query: … |
|
|
|
Post #An6vyW5OyTFiD7NJCq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDoggrab a sha256 hash of thefile... search hash on virustotal maybe? |
|
|
|
Post #An6w8dpr19xj8kvlA0 by [email protected] |
|
0 likes, 2 repeats |
|
|
|
Okay... I think ESET Israel got compromised a few weeks ago and they haven'… |
|
|
|
Post #An6wADJeaSR1TGcQZk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Given that the email is trying to get you to download what amounts… |
|
|
|
Post #An6wQCEGObxSjWicG8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Okay, ESET Israel definitely got compromised, this thing is fake ransomware tha… |
|
|
|
Post #An6wfbmJgddqJgznQO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Shoutout to @ericshmeric and the power of Mastodon for breaking news again. |
|
|
|
Post #An6x8wMgE2x8YvzVVQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
ESET Israel Wiper - #EIW for easy referenceThe ZIP: 2d55c68aa7781db7f2324427508… |
|
|
|
Post #An6yEGq5d6azSrqvqK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@g0rb looks like something for you :) |
|
|
|
Post #An6ySWLqkhfDd4VGRE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog The ESET forum showed one post from last week which mentioned thes… |
|
|
|
Post #An6ycfXdRFpd1lr3dQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Wrote up #EIW before bed. Have fun!https://doublepulsar.com/eiw-eset-israel-wi… |
|
|
|
Post #An7ryzKS2rhOFMLMga by [email protected] |
|
0 likes, 1 repeats |
|
|
|
ESET statement re #EIW. They say they weren’t compromised but an ESET branded… |
|
|
|
Post #An7tqkVbSi4DsHl6zA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
ESET Israel is operated by a company called ComSecure Ltd under the ESET brand … |
|
|
|
Post #An8HORSF6qUPZRDow4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog looks like mossad likes you 🙈 @ESETresearch |
|
|
|
Post #An8b2mpOxcmIZW0PhI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Updated my ESET Israel compromise blog with additional info. ESET are saying t… |
|
|
|
Post #An8csWwfMElQKBdn5E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
ESET today added an antivirus signature for the initial payload - Win32/Agent.A… |
|
|
|
Post #An8eZrmBsrzTKxy8zA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
My lame YARA rule for #EIW https://github.com/GossiTheDog/ThreatHunting/blob/ma… |
|
|
|
Post #An8evLgDtifUABQBc0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog how dare you call my friend's rule lame. you take that back lo… |
|
|
|
Post #An8ffo6iXP6feLy0ki by [email protected] |
|
0 likes, 0 repeats |
|
|
|
There's an awful lot of uploads to VirusTotal over an extended period for t… |
|
|
|
Post #An8fv32TIyDGIqFSpk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog In their marketing materials. |
|
|
|
Post #An8gWwVQ2k6R2qrFZo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Ugh. This is usable only on VT and probably only by people who hav… |
|
|
|
Post #An8zaJbIX2hcfbvgC8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Okay, I just sat down and properly started looking at #EIW. There's a lot … |
|
|
|
Post #AnFCWyYulDFau8JPPc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
There's sections of code in the ESET incident tooling that directly overlap… |
|
|
|
Post #AnGRNyCkPgr5ey4EpE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
First technical writeup of ESET Israel Wiper I've seen #EIW It looks like i… |
|
|
|
Post #AnGRscxZS1FwkOaSau by [email protected] |
|
0 likes, 0 repeats |
|
|
|
I have found out ESET knew about the attack btw, but opted not to disclose or c… |
|
|
|
Post #AnGj1KNDcdfsviJmTo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
One extra detail on the #EIW situation which, as far as I know, has gone comple… |
|
|
|
Post #AnGkhFWu7ajw1XOzaa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Uhm, it was in the information from Costin Raiu that I relayed to … |
|
|
|
Post #AnGuR1dH1SSjpYHeeu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@BlumeEvolution |
|
|
|
Post #AnHQ3KehqAxIPehSEa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Another good technical write-up of it here:https://blu3eye.gitbook… |
|
|
|
Post #AnHQHQslUDW5mM01UO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Another write up on #EIW, the ESET Israel Wiper. New details in this one - it s… |
|
|
|
Post #AnHReW7iGYmoeGYwds by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Oh wow, #EIW really does spread via Active Directory joined computers. 🔥 It�… |
|
|
|
Post #AnHRkDu8usGvsgw6dc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog 👀 |
|
|
|
Post #AnyUJWcFtTldkqo6ym by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Checkpoint have a good look at ESET Israel Wiper, which they call SameCoin. The… |
|
|
|
Post #AnyUdEn9sCa0GXJ4d6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I’m quite proud of this thread btw as Mastodon community was 25 days ahead of… |
|
|
|
Post #AnyUne0EzhIBLtO84O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Are they just now catching up with it? 😬 |
|
|
|
Post #AnyViDFP8uDgsUSG6C by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Also not a single one of the write ups has mentioned this thread or linked it o… |
|
|
|
Post #AnyVmXnMgkcrlQPAEy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog notpetya exploited a vuln to propagate, what vuln is used to propa… |
|
|
|
Post #AnywqAEIwaHkb6xLiS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog my boss dislikes when I tell people we use social media as a sourc… |
