home.social

#datapacket — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #datapacket, aggregated by home.social.

  1. #GammaGroup #FinFisher #FinSpy #SystemApp callback caught #CALEA #malware #GreyMarket #investigations

    💻🤝☣️🤝🤳 🎣🔍🧐

    on #BunnyNet's CDN from #DataPacket

    Interesting vectors... Quite the pointers this scan. Was scanned last 1yr ago. Showed up as malicious. Scans clean now except for the #malware found as a #GammaGroup shim caught nao. 🎣

    Caught a bit o' Meta also in the callback graph. Huh.

    #VirusTotal
    virustotal.com/graph/embed/g7e

  2. CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket

    Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.

    #FinFisherCom🤝#EnemyOfTheInternet

    #CALEA #greymarket #CALEAmalware 🔍🧐#infosec

    ¹
    143-244-49-183.bunnyinfra.net

    ²
    143-244-50-83.bunnyinfra.net

    ³
    169.150.221.147


    143-244-50-88.bunnyinfra.net


    143-244-50-211.bunnyinfra.net


    169-150-249-163.bunnyinfra.net


    169-150-221-147.bunnyinfra.net


    143-244-50-82.bunnyinfra.net


    143-244-50-213.bunnyinfra.net

    ¹⁰
    143-244-50-209.bunnyinfra.net

    ¹¹
    143-244-49-180.bunnyinfra.net

    ¹²
    143.244.50.214

    ¹³
    185-93-1-251.bunnyinfra.net

    ¹⁴
    unn-169-150-249-163.datapacket.com

    ¹⁵
    unn-169-150-249-165.datapacket.com

    ¹⁶
    unn-169-150-249-164.datapacket.com

    ¹⁷
    unn-169-150-249-166.datapacket.com

    Cities:
    ¹
    reddit.com/r/netzpolitik/comme

    ²
    en.wikipedia.org/wiki/FinFishe

    ³
    spiegel.de/netzwelt/netzpoliti


    netzpolitik.org/2022/nach-pfae


    securityweek.com/german-author


    bloomberg.com/news/articles/20

    #RTDNA #StateSponsoredMalware#SSM#malware

  3. CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket

    Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.

    #FinFisherCom🤝#EnemyOfTheInternet

    #CALEA #greymarket #CALEAmalware 🔍🧐#infosec

    ¹
    143-244-49-183.bunnyinfra.net

    ²
    143-244-50-83.bunnyinfra.net

    ³
    169.150.221.147


    143-244-50-88.bunnyinfra.net


    143-244-50-211.bunnyinfra.net


    169-150-249-163.bunnyinfra.net


    169-150-221-147.bunnyinfra.net


    143-244-50-82.bunnyinfra.net


    143-244-50-213.bunnyinfra.net

    ¹⁰
    143-244-50-209.bunnyinfra.net

    ¹¹
    143-244-49-180.bunnyinfra.net

    ¹²
    143.244.50.214

    ¹³
    185-93-1-251.bunnyinfra.net

    ¹⁴
    unn-169-150-249-163.datapacket.com

    ¹⁵
    unn-169-150-249-165.datapacket.com

    ¹⁶
    unn-169-150-249-164.datapacket.com

    ¹⁷
    unn-169-150-249-166.datapacket.com

    Cities:
    ¹
    reddit.com/r/netzpolitik/comme

    ²
    en.wikipedia.org/wiki/FinFishe

    ³
    spiegel.de/netzwelt/netzpoliti


    netzpolitik.org/2022/nach-pfae


    securityweek.com/german-author


    bloomberg.com/news/articles/20

    #RTDNA #StateSponsoredMalware#SSM#malware

  4. CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket

    Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.

    #FinFisherCom🤝#EnemyOfTheInternet

    #CALEA #greymarket #CALEAmalware 🔍🧐#infosec

    ¹
    143-244-49-183.bunnyinfra.net

    ²
    143-244-50-83.bunnyinfra.net

    ³
    169.150.221.147


    143-244-50-88.bunnyinfra.net


    143-244-50-211.bunnyinfra.net


    169-150-249-163.bunnyinfra.net


    169-150-221-147.bunnyinfra.net


    143-244-50-82.bunnyinfra.net


    143-244-50-213.bunnyinfra.net

    ¹⁰
    143-244-50-209.bunnyinfra.net

    ¹¹
    143-244-49-180.bunnyinfra.net

    ¹²
    143.244.50.214

    ¹³
    185-93-1-251.bunnyinfra.net

    ¹⁴
    unn-169-150-249-163.datapacket.com

    ¹⁵
    unn-169-150-249-165.datapacket.com

    ¹⁶
    unn-169-150-249-164.datapacket.com

    ¹⁷
    unn-169-150-249-166.datapacket.com

    Cities:
    ¹
    reddit.com/r/netzpolitik/comme

    ²
    en.wikipedia.org/wiki/FinFishe

    ³
    spiegel.de/netzwelt/netzpoliti


    netzpolitik.org/2022/nach-pfae


    securityweek.com/german-author


    bloomberg.com/news/articles/20

    #RTDNA #StateSponsoredMalware#SSM#malware

  5. CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket

    Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.

    #FinFisherCom🤝#EnemyOfTheInternet

    #CALEA #greymarket #CALEAmalware 🔍🧐#infosec

    ¹
    143-244-49-183.bunnyinfra.net

    ²
    143-244-50-83.bunnyinfra.net

    ³
    169.150.221.147


    143-244-50-88.bunnyinfra.net


    143-244-50-211.bunnyinfra.net


    169-150-249-163.bunnyinfra.net


    169-150-221-147.bunnyinfra.net


    143-244-50-82.bunnyinfra.net


    143-244-50-213.bunnyinfra.net

    ¹⁰
    143-244-50-209.bunnyinfra.net

    ¹¹
    143-244-49-180.bunnyinfra.net

    ¹²
    143.244.50.214

    ¹³
    185-93-1-251.bunnyinfra.net

    ¹⁴
    unn-169-150-249-163.datapacket.com

    ¹⁵
    unn-169-150-249-165.datapacket.com

    ¹⁶
    unn-169-150-249-164.datapacket.com

    ¹⁷
    unn-169-150-249-166.datapacket.com

    Cities:
    ¹
    reddit.com/r/netzpolitik/comme

    ²
    en.wikipedia.org/wiki/FinFishe

    ³
    spiegel.de/netzwelt/netzpoliti


    netzpolitik.org/2022/nach-pfae


    securityweek.com/german-author


    bloomberg.com/news/articles/20

    #RTDNA #StateSponsoredMalware#SSM#malware

  6. CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket

    Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.

    #FinFisherCom🤝#EnemyOfTheInternet

    #CALEA #greymarket #CALEAmalware 🔍🧐#infosec

    ¹
    143-244-49-183.bunnyinfra.net

    ²
    143-244-50-83.bunnyinfra.net

    ³
    169.150.221.147


    143-244-50-88.bunnyinfra.net


    143-244-50-211.bunnyinfra.net


    169-150-249-163.bunnyinfra.net


    169-150-221-147.bunnyinfra.net


    143-244-50-82.bunnyinfra.net


    143-244-50-213.bunnyinfra.net

    ¹⁰
    143-244-50-209.bunnyinfra.net

    ¹¹
    143-244-49-180.bunnyinfra.net

    ¹²
    143.244.50.214

    ¹³
    185-93-1-251.bunnyinfra.net

    ¹⁴
    unn-169-150-249-163.datapacket.com

    ¹⁵
    unn-169-150-249-165.datapacket.com

    ¹⁶
    unn-169-150-249-164.datapacket.com

    ¹⁷
    unn-169-150-249-166.datapacket.com

    Cities:
    ¹
    reddit.com/r/netzpolitik/comme

    ²
    en.wikipedia.org/wiki/FinFishe

    ³
    spiegel.de/netzwelt/netzpoliti


    netzpolitik.org/2022/nach-pfae


    securityweek.com/german-author


    bloomberg.com/news/articles/20

    #RTDNA #StateSponsoredMalware#SSM#malware

  7. Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.

    One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.

    #Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin

    Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.

  8. Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.

    One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.

    #Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin

    Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.

  9. Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.

    One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.

    #Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin

    Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.

  10. Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.

    One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.

    #Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin

    Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.

  11. Huh. _TWO_ badbunny hosts with the #SystemApp #GammaGroup #FinFisher #FinSpy #Finsky callback to client but ... This time the scanned host comes up with interesting results after being caught. Both back to back attack attempts.

    One host was scanned about a year ago and the other, another attack node quite frequently used, was scanned less than a month ago.

    #Datapacket.Com #BunnyNet #InfosecExchange #infosec #fediverse #fediadmin

    Typical attack pattern. After detection an attempt of using the #QuicksandModule was sent to client, tried crashing client. SystemUI crash attempt, etc.

  12. #datapacket host breached #System call logged ☣️🐰☣️🐰☣️🐇☣️

    FQDN: 143-244-49-180.bunnyinfra.net

    @jerry - let your upstream data hosting provider, bunny.net, know.

    Following up.... Ahh.. a reported compromised host from 11 months ago... 🐇☣️🐰☣️🐇☣️🐰☣️

    Still compromised by #GammaGroup btw

    #VirusTotal
    virustotal.com/graph/embed/g3e