@_ddoxer profile picture
Roland Dela Paz @_ddoxer

#malware researcher

Joined June 2016
  • Tweets 487
  • Following 28
  • Followers 956
85 Photos and videos
#securityblog #antivirus #incidentresponse #securityoperations #malwareanalysis #informationsecurity linkedin.com/pulse/from-anti…

From Anti-Virus to Security Operations: What’s it like? (PART 2)

A few months short of my second year in the SecOps field, along with the general boredom that comes with staying home these days, I opted to share my insights about my new environment in this...

linkedin.com
1
From Anti-virus to Incident Response: What’s it like? (PART 1) linkedin.com/pulse/from-anti… via @LinkedIn
1
docusign.com/blog/enriching-…
1
Roland Dela Paz retweeted
Rommel@rommeljoven17
8 May 2019
Gobot #IoTMalware #botnet #opendir -supports macOS -written in Go -controlled via IRC macho -5b1219ae05b3128f7028fa3f788f33ea x86 - d6bda304f4a59e36e5ffefe421d84396
24
35
Roland Dela Paz retweeted
Rob@Ptr32Void
19 Mar 2019
I will be presenting at the #CSO50 conference in April in Arizona. I will be discussing #phishing and #malware detection in an automated fashion using #machinelearning.
CSO Events@CSOevents
19 Mar 2019
Security leaders like @DocuSign tell their innovation story at the #CSO50 conference, April 8-10, 2019. Join us: bit.ly/2HJyh5L
1
3
#Automation Driven #SecOps: Making Needles Pop-out of the Haystack docusign.com/blog/automation…
1
1
Replying to @bankofireland
@bankofireland 365 Online phishing campaign making the rounds again. Via SMS. The phishing site is 365boi[.]net. Note that the legitimate is 365online.com. Cc: @talktoBOI @irisscert @malwrhunterteam
2
1
This has been happening for a while x.com/_ddoxer/status/1010861…

Roland Dela Paz@_ddoxer
24 Jun 2018
Heads up: @bankofireland 365 Online phishing campaign at online365boi[.]eu currently happening. Propagating through text on a Sunday afternoon. Please don't fall for it. Cc: @talktoBOI @irisscert @malwrhunterteam
1
Roland Dela Paz retweeted
Vess@VessOnSecurity
3 Sep 2018
OK, folks, I hear that John McAfee claims to have invented cyber security. (I don't know; he has blocked me.) Gather 'round the fire, kids, for a short story, because I was around at the time.
68
1,624
3,693
Roland Dela Paz retweeted
Joe Roosen
@JRoosen
28 Jun 2018
New #Emotet epoch 1 payloads as of 09:00EDT : app.any.run/tasks/b49600bf-c… /www.yetanothersteve.com/Xs6TPwnAAJ/ /flewer.pl/pub/s99556m/ /www.hotelcapital.ru/f6FBJD/ /dc.amegt.com/wp-content/oC4gy4aGL/ /www.armanitour.com/kuNOqI/

Analysis http://panoramki.ru/Empresas-Facturas/ Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run
3
4
7
Roland Dela Paz retweeted
Joe Roosen
@JRoosen
26 Jun 2018
New #Emotet Epoch 1 payloads as of 11:30EDT : app.any.run/tasks/2809c741-7… /www.avemeadows.com/gbPAHU/ /kosilloperutours.com/mrep9aHq/ /www.customaccessdatabase.com/joiuehtr/9g94p2/ /www.deimplant.com/CFsF9RU/ /nfusedigital.co.za/ECbcfDxq/

Analysis http://ssytzx.com/factura-adjunto/ Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run
2
7
9
Roland Dela Paz retweeted
\_(ʘ_ʘ)_/@pollo290987
25 Jun 2018
#Emotet 25/06/2018 6 DOC 6 Payload 81 C2 IOC's pastebin.com/7LiF96Kv @DecayPotato @Jan0fficial @_ddoxer @luc4m @executemalware @James_inthe_box @bauldini @RealRalf9000 @JRoosen @neonprimetime @Techhelplistcom @NelsonSecurity @HazMalware

Emotet 25/06/2018 - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com
14
16
Heads up: @bankofireland 365 Online phishing campaign at online365boi[.]eu currently happening. Propagating through text on a Sunday afternoon. Please don't fall for it. Cc: @talktoBOI @irisscert @malwrhunterteam
1
7
1
Roland Dela Paz retweeted
Joe Roosen
@JRoosen
22 Jun 2018
New #emotet epoch 1 payloads 19:30EDT and new/old doc look. We are back to the Wells Fargo Overlay again: app.any.run/tasks/1a5c0abf-d… /www.apiperjuangan.com/LrfK/ /www.graca.com.np/zCtof/ /www.answerthebeacon.com/YYCUNZ0/ /www.imperiaskygardens.site/Su7FZ/ /www.katexs.com/rogV/

Analysis http://acroronan.com/Purchase/invoice/ Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run
1
5
7
Roland Dela Paz retweeted
\_(ʘ_ʘ)_/@pollo290987
20 Jun 2018
Replying to @executemalware
#Emotet 20/06/2018 1 DOC 2 Payload 43 C2 [ ] New IP's and Port 8090 IOC's pastebin.com/LAjfdLE6 @RealRalf9000 @bauldini @JRoosen @James_inthe_box @DecayPotato @executemalware @neonprimetime @Techhelplistcom @_ddoxer @NelsonSecurity @Mesiagh

Emotet 20/06/2018 - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com
5
10
Roland Dela Paz retweeted
James@James_inthe_box
20 Jun 2018
A few #emotet links for today, will update as I get them: pastebin.com/nph1B2Zx

Emotet links Jun 20 - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com
9
17
#Geodo / #Emotet doc dropper locations 20/06/18: pastebin.com/04MhFWLD @JRoosen @_odisseus @JAMESWT_MHT @James_inthe_box @pollo290987 @Mesiagh @NelsonSecurity @DynamicAnalysis @neonprimetime @noottrak @Techhelplistcom

#Geodo / #Emotet doc dropper locations 20/06/2018http://www.fulhamfit.com/In - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com
9
18
Roland Dela Paz retweeted
\_(ʘ_ʘ)_/@pollo290987
2 Jun 2018
Sorry for join me late... Resume of #Emotet 06/01/2018 394 URL's 15 DOC 4 Payload 48 C2 1 Sample unknown IOC's pastebin.com/G3LumTMY Thnks for the lists: @_ddoxer @JRoosen @executemalware @DecayPotato @jamesin
5
12
Roland Dela Paz retweeted
Joe Roosen
@JRoosen
1 Jun 2018
Here is today's notes for #emotet. I go into more in depth analysis of the dual variant/epoch hypothesis in the notes section at the bottom. IOCs are at the top like normal. Will keep updating as I can. pastebin.com/qbpH6snN

1
3
8
#Geodo / #Emotet doc dropper locations 01/06/18: pastebin.com/LsDJaBTr @JRoosen @_odisseus @JAMESWT_MHT @James_inthe_box @pollo290987 @Mesiagh @NelsonSecurity @DynamicAnalysis @neonprimetime @noottrak @Techhelplistcom

#Geodo / #Emotet doc dropper locations 01/06/2018http://triround.com/Votre-f - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com
5
12
Roland Dela Paz retweeted
Artsiom Holub@Mesiagh
23 May 2018
#phishing targeting @Apple and @AmericanExpress pastebin.com/p7y3qYEm @illegalFawn @baberpervez2 @James_inthe_box @malwrhunterteam @illegalFawn @avman1995 @dvk01uk @Techhelplistcom @neonprimetime @_ddoxer @JAMESWT_MHT @executemalware @thlnk3r

Phishing domains - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com
6
14
Load more