#datapacket — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #datapacket, aggregated by home.social.
-
@stevenrosenthal @KamalaHarrisWin
Old Man yells at #DataPacket ☁️.
-
#GammaGroup #FinFisher #FinSpy #SystemApp callback caught #CALEA #malware #GreyMarket #investigations
💻🤝☣️🤝🤳 🎣🔍🧐
on #BunnyNet's CDN from #DataPacket
Interesting vectors... Quite the pointers this scan. Was scanned last 1yr ago. Showed up as malicious. Scans clean now except for the #malware found as a #GammaGroup shim caught nao. 🎣
Caught a bit o' Meta also in the callback graph. Huh.
#VirusTotal
https://www.virustotal.com/graph/embed/g7ee0dd48fe8e4dbbaf440955ee7bfbf57af12ca1c14543e08671f514fafb75be -
CW: LARGE List of #GammaGroup #FinFisher #FinSpy hosts #GreyMarket #CALEAmalware #CALEA #investigations
Aggregation of my #GammaGroup #FinFisher attaccc nodes logged for the past 2+yrs. #RTDNA #CALEA #GreyMarket #malware #licensing #investigations ☣️🔍🧐 #infosec
¹ #BunnyCDN / #DataPacket
https://infosec.exchange/@infosec_jcp/112719219876040798² #AWS in #AMER & #EU
https://infosec.exchange/@infosec_jcp/112724625585749421³ #Google
https://infosec.exchange/@infosec_jcp/112724771286452381⁴ #Akamai
https://infosec.exchange/@infosec_jcp/112724939254649507⁵ #CloudFront
https://infosec.exchange/@infosec_jcp/112725394617753232⁶ #FastLy #Twitter & Misc IPs ( LARGE LIST )
https://infosec.exchange/@infosec_jcp/112725566169727889@eff
@[email protected]
@[email protected]
@aclu
@unofficial_aclu
@acluva -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
143-244-49-183.bunnyinfra.net²
143-244-50-83.bunnyinfra.net³
169.150.221.147⁴
143-244-50-88.bunnyinfra.net⁵
143-244-50-211.bunnyinfra.net⁶
169-150-249-163.bunnyinfra.net⁷
169-150-221-147.bunnyinfra.net⁸
143-244-50-82.bunnyinfra.net⁹
143-244-50-213.bunnyinfra.net¹⁰
143-244-50-209.bunnyinfra.net¹¹
143-244-49-180.bunnyinfra.net¹²
143.244.50.214¹³
185-93-1-251.bunnyinfra.net¹⁴
unn-169-150-249-163.datapacket.com¹⁵
unn-169-150-249-165.datapacket.com¹⁶
unn-169-150-249-164.datapacket.com¹⁷
unn-169-150-249-166.datapacket.comCities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
143-244-49-183.bunnyinfra.net²
143-244-50-83.bunnyinfra.net³
169.150.221.147⁴
143-244-50-88.bunnyinfra.net⁵
143-244-50-211.bunnyinfra.net⁶
169-150-249-163.bunnyinfra.net⁷
169-150-221-147.bunnyinfra.net⁸
143-244-50-82.bunnyinfra.net⁹
143-244-50-213.bunnyinfra.net¹⁰
143-244-50-209.bunnyinfra.net¹¹
143-244-49-180.bunnyinfra.net¹²
143.244.50.214¹³
185-93-1-251.bunnyinfra.net¹⁴
unn-169-150-249-163.datapacket.com¹⁵
unn-169-150-249-165.datapacket.com¹⁶
unn-169-150-249-164.datapacket.com¹⁷
unn-169-150-249-166.datapacket.comCities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
143-244-49-183.bunnyinfra.net²
143-244-50-83.bunnyinfra.net³
169.150.221.147⁴
143-244-50-88.bunnyinfra.net⁵
143-244-50-211.bunnyinfra.net⁶
169-150-249-163.bunnyinfra.net⁷
169-150-221-147.bunnyinfra.net⁸
143-244-50-82.bunnyinfra.net⁹
143-244-50-213.bunnyinfra.net¹⁰
143-244-50-209.bunnyinfra.net¹¹
143-244-49-180.bunnyinfra.net¹²
143.244.50.214¹³
185-93-1-251.bunnyinfra.net¹⁴
unn-169-150-249-163.datapacket.com¹⁵
unn-169-150-249-165.datapacket.com¹⁶
unn-169-150-249-164.datapacket.com¹⁷
unn-169-150-249-166.datapacket.comCities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
143-244-49-183.bunnyinfra.net²
143-244-50-83.bunnyinfra.net³
169.150.221.147⁴
143-244-50-88.bunnyinfra.net⁵
143-244-50-211.bunnyinfra.net⁶
169-150-249-163.bunnyinfra.net⁷
169-150-221-147.bunnyinfra.net⁸
143-244-50-82.bunnyinfra.net⁹
143-244-50-213.bunnyinfra.net¹⁰
143-244-50-209.bunnyinfra.net¹¹
143-244-49-180.bunnyinfra.net¹²
143.244.50.214¹³
185-93-1-251.bunnyinfra.net¹⁴
unn-169-150-249-163.datapacket.com¹⁵
unn-169-150-249-165.datapacket.com¹⁶
unn-169-150-249-164.datapacket.com¹⁷
unn-169-150-249-166.datapacket.comCities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
143-244-49-183.bunnyinfra.net²
143-244-50-83.bunnyinfra.net³
169.150.221.147⁴
143-244-50-88.bunnyinfra.net⁵
143-244-50-211.bunnyinfra.net⁶
169-150-249-163.bunnyinfra.net⁷
169-150-221-147.bunnyinfra.net⁸
143-244-50-82.bunnyinfra.net⁹
143-244-50-213.bunnyinfra.net¹⁰
143-244-50-209.bunnyinfra.net¹¹
143-244-49-180.bunnyinfra.net¹²
143.244.50.214¹³
185-93-1-251.bunnyinfra.net¹⁴
unn-169-150-249-163.datapacket.com¹⁵
unn-169-150-249-165.datapacket.com¹⁶
unn-169-150-249-164.datapacket.com¹⁷
unn-169-150-249-166.datapacket.comCities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
New #BunnyNet #GammaGroup #FinFisher #FinSpy #Finsky shim for #SystemApp found. #StateSponsoredMalware™✓
This host hasn't been scanned in over 1yr until today.
Initially scanned and found nothing. Dug in a bit further and found some interesting vectors for wot compromised #DataPacket's #BunnyCDN #BunnyNet though #blueteam at #DataPacket ⚠️👉☣️
#VirusTotal
https://www.virustotal.com/graph/embed/gdb48e1efd4a845b9951dcef691fdf3a2f8c56309a9ef445b8f0b7767a351a0e4 -
Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.
One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.
#Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin
Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.
-
Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.
One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.
#Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin
Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.
-
Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.
One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.
#Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin
Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.
-
Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.
One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.
#Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin
Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.
-
Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.
One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.
#Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin
Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.
-
🔎☣️ The amount of exploited #BunnyNet hosts on #DataPacket has increased which hosts a lot of the #fediverse. #Germany ☣️🔍
#GammaGroup #FinFisher #fediverse #FinSpy #Finsky #CALEA #GreyMarket #investigations #infosec
-
Damn, #BunnyNet, hopping AND a blocking someone! 👀👀👀🔥😆 #infosec #FinFisher #FinSpy #SSM™ #GreyMarket #investigations #Germany #DataPacket🔬👀
Lots to unpack collections wise here
🔬👀
☣️
👇 -
#datapacket host breached #System call logged ☣️🐰☣️🐰☣️🐇☣️
FQDN: 143-244-49-180.bunnyinfra.net
@jerry - let your upstream data hosting provider, bunny.net, know.
Following up.... Ahh.. a reported compromised host from 11 months ago... 🐇☣️🐰☣️🐇☣️🐰☣️
Still compromised by #GammaGroup btw
#VirusTotal
https://www.virustotal.com/graph/embed/g3e1e230061f04448956657b84c7538cdfb1d21b6e7b34a76a6e31f8656710583