Similar User
@osipov_ar
@k3dg3
@pr0xylife
@0xToxin
@Myrtus0x0
@Max_Mal_
@SquiblydooBlog
@RussianPanda9xx
@RexorVc0
@ViriBack
@BushidoToken
@MalGamy12
@phage_nz
@1ZRR4H
@ankit_anubhav
Excited to release our latest research. This time, @osipov_ar and I have researched a new variant of the #Chaes malware by #Lucifer #APT. 🔴Fully written in Python 🔴Packed with 7 modules 🔴Updated target list Blog post and full research PDF: blog.morphisec.com/chaes4-new-cha…
#AgentTesla #Malspam Phishing Email ➡️ .img ➡️ .chm ➡️ PowerShell Command ➡️ C2 ➡️ .NET Loader ➡️ InstallUtil.exe (Agent Tesla) Stager: hxxps://klarotecnologia[.]com[.]co/xx.txt Loader: bazaar.abuse.ch/sample/7075221… Payload: bazaar.abuse.ch/sample/06c2645…
Hope to see some of you tomorrow at @BSidesMunich 😁✌️
Tomorrow at 12:00 p.m.! Join Morphisec Security Researchers Arnold Osipov & Hido Cohen in their session: "From a simple log to sophisticated crypter" at @BSidesMunich at the Hilton Munich Park. Register here: bit.ly/3sDIGoN
A new infection chain we see a lot lately is used to deliver popular malware families Read my technical analysis of the new #SYK #Crypter and it's Discord loader at blog.morphisec.com/syk-crypter-di… VT Collection: virustotal.com/gui/collection…
#CobaltStrike V4 Reflective Loader #CyberChef config extractor recipe ☛ Input: Encoded PowerShell (or HEX and disable the first 13 recipes) ☚ Output: Configuration Block (Hex dump) ✔ For x64: gist.github.com/michaelder/38f… ✔ For x32: gist.github.com/michaelder/066… Thanks to Michael D
#Qakbot C:\Jhfrg\ Double calc execution phsa-eg[.]com -> Rgsrhda.ooccxx mtechautomacao[.]com -> Rgsrhdb.ooccxx audf-rdc[.]org -> Rgsrhdc.ooccxx IOCs Collection: virustotal.com/gui/collection…
#RevengeRAT different file hosting service, same techniques PowerShell -> uplooder[.]net -> PowerShell -> .NET Injector -> RevengeRAT C2: updatefacebook.duckdns[.]org
#DFIR and #ThreatIntel report ❗️ #Bumblebee new loader campaign Initial Access, TTPs & IOCs, and binary analysis ZIP > ISO > LNK > Rundll32 > #CobaltStrike cynet.com/orion-threat-a…
Another bank used in the latest #Remcos #Malspam, this time #PNC Bank. Same attack chain as published. Different macro. Next stage: 209.127.91[.]101/hurricane.vbs Updated IOCs collection: virustotal.com/gui/collection…
Just published a threat post about #Remcos #RAT #malware latest infection wave imitating Wells Fargo's emails Email -> enc. .xls -> .vbs -> PS -> .vbs -> PS -> C# -> Remcos h/t @InQuest @James_inthe_box @Anti_Expl0it @DmitriyMelikov For more details: blog.morphisec.com/remcos-trojan-…
[New Blog] Morphisec Labs analyzes #CaddyWiper, a new strain of wiper #malware attacking Ukrainian infrastructure bit.ly/3u9X8G7 #infosec
Morphisec's Hido Cohen looks into the attack chain of a new wave of financial themed malspam campaigns that lead to Remcos RAT. blog.morphisec.com/remcos-trojan-…
United States Trends
- 1. #Bitcoin 308 B posts
- 2. Lakers 40,8 B posts
- 3. Isaiah Evans 3.704 posts
- 4. Duke 37,3 B posts
- 5. #Survivor47 8.186 posts
- 6. Creighton 6.018 posts
- 7. #AEWDynamite 21 B posts
- 8. Scheyer 1.025 posts
- 9. Pettiford 1.033 posts
- 10. Proctor 1.981 posts
- 11. Hawk Tuah 33,5 B posts
- 12. Fauci 159 B posts
- 13. Tyler Herro 5.531 posts
- 14. Flagg 2.463 posts
- 15. Pop Isaacs N/A
- 16. #kubball 1.263 posts
- 17. #SistasOnBET 2.471 posts
- 18. Anthony Davis 3.696 posts
- 19. Maxey 3.096 posts
- 20. Broome 1.545 posts
Who to follow
-
Arnold Osipov
@osipov_ar -
Kelsey
@k3dg3 -
proxylife
@pr0xylife -
Igal Lytzki🇮🇱
@0xToxin -
Myrtus
@Myrtus0x0 -
Max_Malyutin
@Max_Mal_ -
Squiblydoo
@SquiblydooBlog -
RussianPanda 🐼 🇺🇦
@RussianPanda9xx -
Aaron Jornet
@RexorVc0 -
Dee
@ViriBack -
Will
@BushidoToken -
Gameel Ali 🤘
@MalGamy12 -
Chris
@phage_nz -
Germán Fernández
@1ZRR4H -
Ankit Anubhav
@ankit_anubhav
Something went wrong.
Something went wrong.