@MsftSecIntel, Twitter, 1/16/2022 10:30:56 AM, 270112


FAQ | Problem?

@MsftSecIntel Twitter NodeXL SNA Map and Report for sunnuntai, 16 tammikuuta 2022 at 10.22 UTC
@MsftSecIntel Twitter NodeXL SNA Map and Report for sunnuntai, 16 tammikuuta 2022 at 10.22 UTC
From:
mihkal
Uploaded on:
January 16, 2022
Short Description:
@MsftSecIntel via NodeXL https://bit.ly/3FxKp2x
@msftsecintel
@yo_yo_yo_jbo
@cglyer
@johnlatwc
@malwrhunterteam
@jameswt_mht
@hazmalware
@lazyactivist192
@neonprimetime
@cryptolaemus1

Top hashtags:
#log4shell
#infosec
#cybersecurity
#malware
#microsoft

Description:
Description
The graph represents a network of 972 Twitter users whose recent tweets contained "@MsftSecIntel", or who were replied to or mentioned in those tweets, taken from a data set limited to a maximum of 18 000 tweets. The network was obtained from Twitter on Sunday, 16 January 2022 at 10:27 UTC.

The tweets in the network were tweeted over the 6-day, 18-hour, 1-minute period from Sunday, 09 January 2022 at 15:41 UTC to Sunday, 16 January 2022 at 09:43 UTC.

Additional tweets that were mentioned in this data set were also collected from prior time periods. These tweets may expand the complete time period of the data.

There is an edge for each "replies-to" relationship in a tweet, an edge for each "mentions" relationship in a tweet, and a self-loop edge for each tweet that is not a "replies-to" or "mentions".

The graph is directed.

The graph's vertices were grouped by cluster using the Clauset-Newman-Moore cluster algorithm.

The graph was laid out using the Fruchterman-Reingold layout algorithm.


Author Description


Overall Graph Metrics
Vertices : 972
Unique Edges : 1203
Edges With Duplicates : 1172
Total Edges : 2375
Number of Edge Types : 5
Retweet : 1009
MentionsInRetweet : 490
Replies to : 111
Mentions : 755
Tweet : 10
Self-Loops : 10
Reciprocated Vertex Pair Ratio : 0,0244584206848358
Reciprocated Edge Ratio : 0,0477489768076398
Connected Components : 1
Single-Vertex Connected Components : 0
Maximum Vertices in a Connected Component : 972
Maximum Edges in a Connected Component : 2375
Maximum Geodesic Distance (Diameter) : 4
Average Geodesic Distance : 2,107769
Graph Density : 0,00155327544044789
Modularity : 0,371724
NodeXL Version : 1.0.1.449
Data Import : The graph represents a network of 972 Twitter users whose recent tweets contained "@MsftSecIntel", or who were replied to or mentioned in those tweets, taken from a data set limited to a maximum of 18 000 tweets. The network was obtained from Twitter on Sunday, 16 January 2022 at 10:27 UTC.

The tweets in the network were tweeted over the 6-day, 18-hour, 1-minute period from Sunday, 09 January 2022 at 15:41 UTC to Sunday, 16 January 2022 at 09:43 UTC.

Additional tweets that were mentioned in this data set were also collected from prior time periods. These tweets may expand the complete time period of the data.

There is an edge for each "replies-to" relationship in a tweet, an edge for each "mentions" relationship in a tweet, and a self-loop edge for each tweet that is not a "replies-to" or "mentions".

Layout Algorithm : The graph was laid out using the Fruchterman-Reingold layout algorithm.
Graph Source : TwitterSearch
Graph Term : @MsftSecIntel
Groups : The graph's vertices were grouped by cluster using the Clauset-Newman-Moore cluster algorithm.
Edge Color : Edge Weight
Edge Width : Edge Weight
Edge Alpha : Edge Weight
Vertex Radius : In-Degree

Top Influencers: Top 10 Vertices, Ranked by Betweenness Centrality
Top URLs
Top URLs in Tweet in Entire Graph:
[414] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
[410] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
[75] https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
[24] https://twitter.com/MsftSecIntel/status/1480730559739359233
[16] https://twitter.com/msftsecresponse/status/1480963753147768832
[8] https://twitter.com/johnhultquist/status/1482425195851915272
[4] https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
[4] https://bazaar.abuse.ch/sample/20aa2a67af405894c69adf05c5d8ac10be044203702eb11c58b5f0dfd9abe66d/#comments
[3] https://twitter.com/c_APT_ure/status/1481411621939466245
[3] https://twitter.com/c_APT_ure/status/1480644092778397699

Top URLs in Tweet in G1:
[385] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
[383] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
[24] https://twitter.com/MsftSecIntel/status/1480730559739359233
[15] https://twitter.com/msftsecresponse/status/1480963753147768832
[7] https://twitter.com/johnhultquist/status/1482425195851915272
[2] https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
[1] https://www.microsoft.com/security/blog/2021/12/09/a-closer-look-at-qakbots-latest-building-blocks-and-how-to-knock-them-down/
[1] https://mobile.twitter.com/LNadav/status/1481639053929771010
[1] https://pentestlaboratories.com/2022/01/11/shadowcoerce/

Top URLs in Tweet in G2:
[71] https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
[17] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
[10] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
[1] https://twitter.com/msftsecresponse/status/1480963753147768832

Top URLs in Tweet in G3:
[3] https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
[3] https://bazaar.abuse.ch/sample/20aa2a67af405894c69adf05c5d8ac10be044203702eb11c58b5f0dfd9abe66d/#comments
[3] https://twitter.com/c_APT_ure/status/1480644092778397699
[3] https://twitter.com/c_APT_ure/status/1481411621939466245
[2] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
[2] https://twitter.com/Ledtech3/status/1481798123529850884
[1] https://www.proofpoint.com/us/daily-ruleset-update-summary-20211102
[1] https://bazaar.abuse.ch/sample/ccac6a6acb12bac68c005edf834739a568027bc02c36a7cc039b8326b9510ec4/
[1] https://www.joesandbox.com/analysis/545659/0/html
[1] https://bazaar.abuse.ch/sample/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/

Top URLs in Tweet in G4:
[4] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
[2] https://nxlog.co/documentation/nxlog-user-guide/sentinel.html?utm_medium=social&utm_source=twitter&utm_campaign=azure%20sentinel&utm_content=windows%20dns%20server%20events%20to%20azure%20sentinel#forwarding-windows-dns-server-events-to-azure-sentinel
[2] https://securityaffairs.co/wordpress/125365/apt/microsoft-seized-apt15-domains.html
[2] https://www.youtube.com/watch?v=--WtQgIyBRA&feature=youtu.be

[1] https://twitter.com/msftsecintel/status/1482543129454686215
[1] https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
[1] https://twitter.com/kemalettin/status/1481549509733793795
[1] https://bazaar.abuse.ch/sample/ccac6a6acb12bac68c005edf834739a568027bc02c36a7cc039b8326b9510ec4/
[1] https://www.joesandbox.com/analysis/545659/0/html
[1] https://www.hybrid-analysis.com/string-search/results/12c6d4235f438596eb9044351dff3bb42806e2fa66267cbf90f29d06a7bf1206

Top URLs in Tweet in G5:
[1] https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=378e925e-5504-472d-a5d0-ddc02ebd3e37
[1] https://twitter.com/mrd0x/status/1479094189048713219

Top URLs in Tweet in G6:
[4] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
[3] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Top URLs in Tweet in G7:
[1] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Top URLs in Tweet in G8:
[5] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
[1] https://twitter.com/johnhultquist/status/1482425195851915272

Top URLs in Tweet in G9:
[2] https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Top URLs in Tweet in G10:
[1] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

Top Domains
Top Domains in Tweet in Entire Graph:
[901] microsoft.com
[60] twitter.com
[12] abuse.ch
[3] securityaffairs.co
[2] joesandbox.com
[2] proofpoint.com
[2] virustotal.com
[2] hybrid-analysis.com
[2] nxlog.co
[2] cert.be

Top Domains in Tweet in G1:
[771] microsoft.com
[47] twitter.com
[1] pentestlaboratories.com

Top Domains in Tweet in G2:
[98] microsoft.com
[1] twitter.com

Top Domains in Tweet in G3:
[8] abuse.ch
[8] twitter.com
[5] microsoft.com
[1] proofpoint.com
[1] joesandbox.com
[1] hybrid-analysis.com
[1] any.run
[1] virustotal.com

Top Domains in Tweet in G4:
[5] microsoft.com
[4] abuse.ch
[3] securityaffairs.co
[2] twitter.com
[2] nxlog.co
[2] youtube.com
[1] joesandbox.com
[1] hybrid-analysis.com
[1] virustotal.com
[1] proofpoint.com

Top Domains in Tweet in G5:
[1] mxtoolbox.com
[1] twitter.com

Top Domains in Tweet in G6:
[7] microsoft.com

Top Domains in Tweet in G7:
[1] microsoft.com

Top Domains in Tweet in G8:
[5] microsoft.com
[1] twitter.com

Top Domains in Tweet in G9:
[2] microsoft.com

Top Domains in Tweet in G10:
[1] microsoft.com

Top Hashtags
Top Hashtags in Tweet in Entire Graph:
[364] log4shell
[7] infosec
[6] cybersecurity
[6] malware
[6] microsoft
[6] malwarechallenge
[3] securityaffairs
[3] hacking
[2] log4j
[2] dnssecurity



Top Hashtags in Tweet in G1:
[339] log4shell
[2] log4j

Top Hashtags in Tweet in G2:
[14] log4shell

Top Hashtags in Tweet in G3:
[6] malwarechallenge
[4] malware
[1] log4shell

Top Hashtags in Tweet in G4:
[7] infosec
[6] microsoft
[5] cybersecurity
[4] log4shell
[3] securityaffairs
[3] hacking
[2] malware
[2] dnssecurity
[2] networksecurity
[2] hackers

Top Hashtags in Tweet in G6:
[3] log4shell

Top Hashtags in Tweet in G10:
[1] log4shell

Top Words
Top Words in Tweet in Entire Graph:
[1280] the
[1236] as
[1024] in
[879] a
[848] and
[806] blog
[770] dev
[737] we
[727] targeting
[717] observed

Top Words in Tweet in G1:
[1127] the
[1073] as
[798] in
[754] blog
[713] dev
[702] a
[682] we
[674] targeting
[667] observed
[559] and

Top Words in Tweet in G2:
[228] and
[171] in
[146] to
[105] as
[95] a
[88] vulnerability
[85] cve
[85] 2021
[82] by
[81] identified

Top Words in Tweet in G3:
[46] msftsecintel
[43] johnlatwc
[43] malwrhunterteam
[40] a_de_pasquale
[40] cryptolaemus1
[40] executemalware
[40] hazmalware
[40] jameswt_mht
[40] jroosen
[40] lazyactivist192

Top Words in Tweet in G4:
[36] msftsecintel
[23] to
[20] the
[19] and
[16] microsoft
[14] from
[13] msftsecurity
[11] ledtech3
[11] a_de_pasquale
[11] cryptolaemus1

Top Words in Tweet in G5:
[8] msftsecintel
[7] msftsecurity
[7] microsofthelps
[7] msftsecresponse
[6] microsoft365dev
[6] senamyklobuchar
[6] senblumenthal
[6] billblair
[6] justintrudeau
[6] madebygoogle

Top Words in Tweet in G6:
[20] msftsecintel
[16] the
[12] a
[10] that
[9] this
[9] as
[8] in
[6] rofl
[6] dev
[6] targeting

Top Words in Tweet in G7:
[28] to
[21] is
[15] the
[15] a
[14] designed
[14] ransom
[14] 2
[8] microsoft
[8] malware
[8] destructive

Top Words in Tweet in G8:
[12] as
[10] the
[9] msftsecintel
[9] in
[8] a
[8] actor
[8] blog
[6] for
[6] dev
[6] 0586

Top Words in Tweet in G9:
[4] as
[4] blog
[3] msftsecintel
[3] youranonnews
[3] and
[3] this
[2] microsoft
[2] identified
[2] a
[2] unique

Top Words in Tweet in G10:
[8] msftsecintel
[6] elpollodiablox
[6] a
[4] virus
[4] the
[3] ransomware
[3] in
[3] that
[3] it
[3] c0nc0n_scripts

Top Word Pairs
Top Word Pairs in Tweet in Entire Graph:
[717] as,dev
[415] in,this
[404] dev,0586
[403] destructive,malware
[402] microsoft,identified
[402] identified,a
[402] a,unique
[402] unique,destructive
[402] malware,operated
[402] operated,by

Top Word Pairs in Tweet in G1:
[667] as,dev
[387] in,this
[376] microsoft,identified
[376] identified,a
[376] a,unique
[376] unique,destructive
[376] destructive,malware
[376] malware,operated
[376] operated,by
[376] by,an

Top Word Pairs in Tweet in G2:
[85] vulnerability,in
[85] cve,2021
[71] a,vulnerability
[71] in,macos
[71] macos,identified
[71] identified,as
[71] as,cve
[71] 2021,30970
[71] 30970,and
[71] and,fixed

Top Word Pairs in Tweet in G3:
[43] msftsecintel,johnlatwc
[40] a_de_pasquale,cryptolaemus1
[40] cryptolaemus1,executemalware
[40] executemalware,hazmalware
[40] jameswt_mht,jroosen
[40] jroosen,lazyactivist192
[40] lazyactivist192,luc4m
[40] luc4m,malwrhunterteam
[40] malwrhunterteam,msftsecintel
[40] johnlatwc,neonprimetime

Top Word Pairs in Tweet in G4:
[11] a_de_pasquale,cryptolaemus1
[11] cryptolaemus1,executemalware
[11] executemalware,hazmalware
[11] jameswt_mht,jroosen
[11] jroosen,lazyactivist192
[11] lazyactivist192,luc4m
[11] luc4m,malwrhunterteam
[11] malwrhunterteam,msftsecintel
[11] msftsecintel,johnlatwc
[11] johnlatwc,neonprimetime

Top Word Pairs in Tweet in G5:
[7] msftsecurity,msftsecintel
[7] msftsecintel,microsofthelps
[6] msftsecresponse,microsoft365dev
[6] microsoft365dev,msftsecurity
[6] microsofthelps,senamyklobuchar
[6] senamyklobuchar,senblumenthal
[6] senblumenthal,billblair
[6] billblair,justintrudeau
[6] justintrudeau,madebygoogle
[6] madebygoogle,facebookapp

Top Word Pairs in Tweet in G6:
[6] as,dev
[5] uk_daniel_card,msftsecintel
[4] rofl,rofl
[4] might,be
[3] microsoft,identified
[3] identified,a
[3] a,unique
[3] unique,destructive
[3] destructive,malware
[3] malware,operated

Top Word Pairs in Tweet in G7:
[14] designed,to
[14] a,ransom
[7] microsoft,assesses
[7] assesses,the
[7] the,malware
[7] malware,which
[7] which,is
[7] is,designed
[7] to,look
[7] look,like

Top Word Pairs in Tweet in G8:
[6] dev,0586
[4] msftsecintel,wylienewmark
[4] wylienewmark,a
[4] a,data
[4] data,destroyer
[4] destroyer,targeted
[4] targeted,at
[4] at,ukraine
[4] ukraine,that's
[4] that's,how

Top Word Pairs in Tweet in G9:
[3] msftsecintel,youranonnews
[2] microsoft,identified
[2] identified,a
[2] a,unique
[2] unique,destructive
[2] destructive,malware
[2] malware,operated
[2] operated,by
[2] by,an
[2] an,actor

Top Word Pairs in Tweet in G10:
[6] elpollodiablox,msftsecintel
[3] a,virus
[2] be,a
[2] c0nc0n_scripts,elpollodiablox
[2] a,china

Top Replied-To
Top Replied-To in Entire Graph:
@msftsecintel
@c_apt_ure
@james_inthe_box
@ledtech3
@vinopaljiri
@uk_daniel_card
@sysopfb
@c0nc0n_scripts
@500mk500
@msftsecresponse

Top Replied-To in G1:
@msftsecintel
@cglyer

Top Replied-To in G2:
@rodneyrthomas
@msftsecintel

Top Replied-To in G3:
@c_apt_ure
@james_inthe_box
@ledtech3
@vinopaljiri
@sysopfb
@msftsecintel
@shanehuntley
@500mk500

Top Replied-To in G4:
@james_inthe_box
@msftsecintel
@c_apt_ure
@ledtech3
@lumkatrusya
@vinopaljiri
@500mk500
@alvierid

Top Replied-To in G5:
@msftsecresponse
@msftsecurity

Top Replied-To in G6:
@msftsecintel
@uk_daniel_card
@ksamiloff
@joek0617
@strongest_geek

Top Replied-To in G8:
@msftsecintel

Top Replied-To in G9:
@msftsecintel

Top Replied-To in G10:
@c0nc0n_scripts
@elpollodiablox
@h0telr0meo
@4ventanas
@msftsecintel

Top Mentioned
Top Mentioned in Entire Graph:
@msftsecintel
@yo_yo_yo_jbo
@johnlatwc
@malwrhunterteam
@a_de_pasquale
@cryptolaemus1
@executemalware
@hazmalware
@jameswt_mht
@jroosen

Top Mentioned in G1:
@msftsecintel
@yo_yo_yo_jbo

Top Mentioned in G2:
@yo_yo_yo_jbo
@msftsecintel

Top Mentioned in G3:
@msftsecintel
@johnlatwc
@malwrhunterteam
@a_de_pasquale
@cryptolaemus1
@executemalware
@hazmalware
@jameswt_mht
@jroosen
@lazyactivist192

Top Mentioned in G4:
@msftsecintel
@msftsecurity
@microsoft
@a_de_pasquale
@cryptolaemus1
@executemalware
@hazmalware
@jameswt_mht
@jroosen
@lazyactivist192

Top Mentioned in G5:
@msftsecintel
@microsofthelps
@microsoft365dev
@msftsecurity
@senamyklobuchar
@senblumenthal
@billblair
@justintrudeau
@madebygoogle
@facebookapp

Top Mentioned in G6:
@msftsecintel
@debugprivilege
@uk_daniel_card

Top Mentioned in G7:
@msftsecintel

Top Mentioned in G8:
@wylienewmark
@msftsecintel

Top Mentioned in G9:
@youranonnews

Top Mentioned in G10:
@msftsecintel
@elpollodiablox

Top Tweeters
Top Tweeters in Entire Graph:
@maria09121953
@inspiteoftrump
@ungubunugu1274
@miss_placed_
@lzedmitryy
@sherrikuczeryk
@adekleine
@lorettabower3
@botcybersec
@redboybroken

Top Tweeters in G1:
@maria09121953
@inspiteoftrump
@ungubunugu1274
@miss_placed_
@sherrikuczeryk
@redboybroken
@anthropic
@youranonriots
@rhcm123
@stefan_laurell

Top Tweeters in G2:
@adekleine
@fj_newman
@nick_barnes
@ovidiug
@tomiwa_xy
@kfalconspb
@theklingon_
@gazthejourno
@douglasmun
@malwaredev

Top Tweeters in G3:
@adrianvelascos
@0x4d_
@malwrhunterteam
@jameswt_mht
@ledtech3
@jroosen
@bleepincomputer
@jan0fficial
@james_inthe_box
@cryptolaemus1

Top Tweeters in G4:
@botcybersec
@satyajit1910
@securityaffairs
@kemalettin
@fe_tsoc
@esferared
@azure
@jfslowik
@microsoftlearn
@microsoft

Top Tweeters in G5:
@microsofthelps
@madebygoogle
@gmail
@outlook
@office365
@dell
@twittersupport
@mcakins
@justintrudeau
@senblumenthal

Top Tweeters in G6:
@uk_daniel_card
@pirateyeti
@ach888i
@nullcookies
@vladimircicovic
@ksamiloff
@cyb3rbrit
@lahavalon
@joek0617
@sosintel

Top Tweeters in G7:
@benjamindstone
@rimaanabtawi
@margbrennan
@its_ire
@tbeadick
@nicolesganga
@tweetsec5

Top Tweeters in G8:
@lzedmitryy
@lorettabower3
@wylienewmark
@_almin
@p3isys
@mikeg_22315

Top Tweeters in G9:
@youranonnews
@pammyjill13
@badbuddie
@daemon190

Top Tweeters in G10:
@elpollodiablox
@c0nc0n_scripts
@h0telr0meo
@4ventanas