Tweet URL - https://twitter.com/ffforward/status/1481574479063097353 | Hacker Trends

Tommy M (TheAnalyst) on Twitter: "This #wproilbask #IcedID campaign went active again yesterday, 12 new compromised sites used as distro. I'm guessing that it's a reverse proxy because file rotation (not true hash busting) and that files were updated on the old distros too. Current downloader C2 /ovedfromasi.top https://t.co/8yzBYMLkvD" / Twitter

https://twitter.com/ffforward/status/1481574479063097353

https://x.com/home/status/1483316693808128000

https://x.com/home/status/1483429217815695360

https://x.com/home/status/1483429488369225731

https://x.com/home/status/1483431033722789900

https://x.com/home/status/1483433353818910733

https://x.com/home/status/1483440890895081474

https://x.com/home/status/1483452002931814403

https://x.com/home/status/1483494726892343296