Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ioc-collection/Twizt
History
Martin Chlumecký e6d5ca8781 Twizt IOCs 2024-01-12 13:43:46 +01:00
..
README.md Twizt IOCs 2024-01-12 13:43:46 +01:00
smb-passwords.txt Twizt IOCs 2024-01-12 13:43:46 +01:00

README.md

IOC for Twizt

Twizt botnet is infiltrating SMB on port 139 through the WNetAddConnection2W API. Employing brute force tactics with hardcoded credentials, the attackers focus on compromising the $ADMIN resource.

Notably, the Twizt botnet exhibits a dynamic strategy by generating targets randomly. The cracked credentials are promptly transmitted to C2. So, the result of this effort can be a successful exploit of vulnerable systems.

Table of Contents

Hardcoded Credentials

Usernames

Administrator
administrator
Admin
Administrator
admin
admin1
admin12
admin123

Passwords

passwords

Samples (SHA-256)

Twizt Bot

A306D86351AB6783E2806F88DFC663357FA1B4750A68347FCD73250AB3AFC90F

Network indicators

C&C server

http[:]//185.215.113[.]66

Uploader URL

hxxp://185.215.113[.]66/admin.php?s=<attacked_domain>|<password>|<user>