@0xhido Profile picture

Hido Cohen

@0xhido

Cyber Security Researcher

Joined June 2021
Similar User
Arnold Osipov photo

@osipov_ar

Kelsey photo

@k3dg3

proxylife photo

@pr0xylife

Igal Lytzki🇮🇱 photo

@0xToxin

Myrtus photo

@Myrtus0x0

Max_Malyutin photo

@Max_Mal_

Squiblydoo photo

@SquiblydooBlog

RussianPanda 🐼 🇺🇦 photo

@RussianPanda9xx

Aaron Jornet photo

@RexorVc0

Dee photo

@ViriBack

Will photo

@BushidoToken

Gameel Ali 🤘 photo

@MalGamy12

Chris photo

@phage_nz

Germán Fernández photo

@1ZRR4H

Ankit Anubhav photo

@ankit_anubhav

Pinned

Excited to release our latest research. This time, @osipov_ar and I have researched a new variant of the #Chaes malware by #Lucifer #APT. 🔴Fully written in Python 🔴Packed with 7 modules 🔴Updated target list Blog post and full research PDF: blog.morphisec.com/chaes4-new-cha…

Tweet Image 1

#AgentTesla #Malspam Phishing Email ➡️ .img ➡️ .chm ➡️ PowerShell Command ➡️ C2 ➡️ .NET Loader ➡️ InstallUtil.exe (Agent Tesla) Stager: hxxps://klarotecnologia[.]com[.]co/xx.txt Loader: bazaar.abuse.ch/sample/7075221… Payload: bazaar.abuse.ch/sample/06c2645…

Tweet Image 1

Hope to see some of you tomorrow at @BSidesMunich 😁✌️

Tweet Image 1

Tomorrow at 12:00 p.m.! Join Morphisec Security Researchers Arnold Osipov & Hido Cohen in their session: "From a simple log to sophisticated crypter" at @BSidesMunich at the Hilton Munich Park. Register here: bit.ly/3sDIGoN



A new infection chain we see a lot lately is used to deliver popular malware families Read my technical analysis of the new #SYK #Crypter and it's Discord loader at blog.morphisec.com/syk-crypter-di… VT Collection: virustotal.com/gui/collection…

Tweet Image 1
Tweet Image 2

Hido Cohen Reposted

#CobaltStrike V4 Reflective Loader #CyberChef config extractor recipe ☛ Input: Encoded PowerShell (or HEX and disable the first 13 recipes) ☚ Output: Configuration Block (Hex dump) ✔ For x64: gist.github.com/michaelder/38f… ✔ For x32: gist.github.com/michaelder/066… Thanks to Michael D

Tweet Image 1

#Qakbot C:\Jhfrg\ Double calc execution phsa-eg[.]com -> Rgsrhda.ooccxx mtechautomacao[.]com -> Rgsrhdb.ooccxx audf-rdc[.]org -> Rgsrhdc.ooccxx IOCs Collection: virustotal.com/gui/collection…

Tweet Image 1

#RevengeRAT different file hosting service, same techniques PowerShell -> uplooder[.]net -> PowerShell -> .NET Injector -> RevengeRAT C2: updatefacebook.duckdns[.]org

Tweet Image 1
Tweet Image 2
Tweet Image 3

Hido Cohen Reposted

#DFIR and #ThreatIntel report ❗️ #Bumblebee new loader campaign Initial Access, TTPs & IOCs, and binary analysis ZIP > ISO > LNK > Rundll32 > #CobaltStrike cynet.com/orion-threat-a…


#AgentTesla #Malspam Email -> .zip -> packer.exe -> Agent Tesla Host: mail.mpr4u[.]my

Tweet Image 1
Tweet Image 2
Tweet Image 3

Another bank used in the latest #Remcos #Malspam, this time #PNC Bank. Same attack chain as published. Different macro. Next stage: 209.127.91[.]101/hurricane.vbs Updated IOCs collection: virustotal.com/gui/collection…

Tweet Image 1
Tweet Image 2

Just published a threat post about #Remcos #RAT #malware latest infection wave imitating Wells Fargo's emails Email -> enc. .xls -> .vbs -> PS -> .vbs -> PS -> C# -> Remcos h/t @InQuest @James_inthe_box @Anti_Expl0it @DmitriyMelikov For more details: blog.morphisec.com/remcos-trojan-…

Tweet Image 1


Hido Cohen Reposted

[New Blog] Morphisec Labs analyzes #CaddyWiper, a new strain of wiper #malware attacking Ukrainian infrastructure bit.ly/3u9X8G7 #infosec


Hido Cohen Reposted

Morphisec's Hido Cohen looks into the attack chain of a new wave of financial themed malspam campaigns that lead to Remcos RAT. blog.morphisec.com/remcos-trojan-…

Tweet Image 1

Loading...

Something went wrong.


Something went wrong.