microv
@MikyRovCyber Threat Intelligence Analyst | Threat Hunting | Threat Intel | Malware Analysis
Similar User
@nohatcon
@dario_petrillo
@memitentori
@Her0_IT
@ila_marco_
@310wert
@VerveSecurity
@cpelliccioni
@tcdi
@peterfrt
@mapogli
@drakkars
@n0sign4l
[1/6] 🚨We tracked a new Android banking trojan fraud operation dubbed ToxicPanda, which has intriguing connections with tgToxic. According to our investigation, TAs are currently targeting European and LATAM countries.
‼️ (1/5) On October 7th, 2024, we identified a new dropper associated with the TeaBot banking trojan within the Google Play Store. The initial stage of infection originates from the following application (com.mastercreativestudio.documanagerandpdf):
(1/5) 🚨The Cleafy TIR team identified some campaigns involving a new variant of the Android malware TrickMo, incorporating new anti-analysis mechanisms. The variant uses malformed ZIP files and JSONPacker, and is distributed via a dropper disguised as the Google Chrome browser.
#Pryx group actively distributing a Golang RAT against #UAE gov. The backdoor purpose is to download a Tor package to setup a Tor hidden service on the victim that act as a stealthy HTTP listener for backdoor-related activities. Backdoor versions & IoCs discussed in thread 🧵👇
#Python script to extract the configuration from samples of the #Astaroth malware github.com/Microv/Astarot…
🚨@cluster25_io investigated a possible #APT campaign targeting #Russian dissidents. Using different lures, the #attacks aimed at organizations and citizens, leveraging a #reverseshell. Read more on: blog.cluster25.duskrise.com/2024/01/30/rus…
Link to the malware configuration and string decryption source code used for the analysis of DuckTail lnkd.in/drtKzRX4
🚨A seemingly legitimate #LinkedIn profile contacts you via direct message and offers you a job, sending a PDF file. This is the beginning of a bad story that leads to #DUCKTAIL infection. Read more on: blog.cluster25.duskrise.com/2023/10/25/the…
🚨A seemingly legitimate #LinkedIn profile contacts you via direct message and offers you a job, sending a PDF file. This is the beginning of a bad story that leads to #DUCKTAIL infection. Read more on: blog.cluster25.duskrise.com/2023/10/25/the…
🚨 Cluster25 has uncovered phishing attacks likely linked to a pro-Russia nation-State adversary. These attacks, conducted in the context of the RU-UA conflict zone, leverage a recently discovered vulnerability (CVE-2023-38831) affecting WinRAR. Read more: blog.cluster25.duskrise.com/2023/10/12/cve…
🚨Beware of #BEC #attacks! Here, we are reporting a recent, well-prepared #fraud campaign involving the names of existing non-profit foundations as bait. Read more on: blog.cluster25.duskrise.com/2023/08/25/the… #cybersecurity #scam
#IDAPython script to resolve hashes of procedures in #MysticStealer github.com/Microv/MysticS… #mystic #stealer #infostealer #malware
#BlackByte and his #ransomware continue operating all around the world, we dissected the latest version of this famous ransomware. Here the #Ida #Python script we used: github.com/Microv/BlackBy… Here the report: blog.cluster25.duskrise.com/2023/05/22/bac… Hoping this helps the community!
@cluster25_io has become partner of @dns0eu project! Starting April 27, 2023, Cluster25 started sharing its #APT, #Phishing / #Fraud and #Malware indicators with DNS0 in order to further raise the #security levels of its users. blog.cluster25.duskrise.com/2023/05/02/c25…
The #chemical sector is definitely considered a critical infrastructure with #strategic goals, so it's a very attractive target for #threat actors. Check out our overview about the #cyber #risks of the chemical sector! blog.cluster25.duskrise.com/2023/04/12/cyb…
@cluster25_io joined the @virustotal community! Starting from March 2023, part of our intelligence data will be shared with this amazing community, allowing users to get insights about suspicious IPs, domains, and URLs. Enjoy our public #Intelligence! blog.cluster25.duskrise.com/2023/03/16/c25…
Similarly to some campaigns attributed to #APT29, the #DarkPink #APT abuses of the "SyncAppvPublishingServer" App-V service to silently execute arbitrary PowerShell code #LOLBAS #TTPs
Newly registered domain belonging to #Gamaredon #APT #infrastructure secureurl[.]shop
Another year has passed tracking #cybercriminals. This year has been particularly intense from a #cyber point of view also due to the conflict between Russia and Ukraine. We are pleased to share an infographic about the activities conducted by the Cluster25 team in the year 2022.
⚠️We analyzed a highly evasive #infostealer spread across #Italian entities in early Dec. 2022. The attacker used several level of obfuscation and packing techniques to hinder and make analysis more difficult. Happy reading 👇 blog.cluster25.duskrise.com/2022/12/22/an-…
United States Trends
- 1. Happy Thanksgiving Eve 2.534 posts
- 2. #MigglesArmy 1.514 posts
- 3. #sociprovider N/A
- 4. Dodgers 57,6 B posts
- 5. Custom 72,2 B posts
- 6. Good Wednesday 25,3 B posts
- 7. #WednesdayMotivation 4.264 posts
- 8. Wrecking 13,6 B posts
- 9. Sharon Stone 22,4 B posts
- 10. Landman 3.501 posts
- 11. #FayeYokoGQMOTY 253 B posts
- 12. #27Nov 3.079 posts
- 13. Hump Day 12 B posts
- 14. Happy Hump 7.753 posts
- 15. DESTINY COUPLE FAYEYOKO 247 B posts
- 16. DB Cooper 2.717 posts
- 17. Snell 37,6 B posts
- 18. Kerry 24,8 B posts
- 19. Dan Crenshaw 2.025 posts
- 20. Jeselnik 2.655 posts
Who to follow
-
No Hat Con
@nohatcon -
Dario Petrillo
@dario_petrillo -
Noemi Tentori
@memitentori -
Her0
@Her0_IT -
Goten
@ila_marco_ -
Lorenzo
@310wert -
Verve Industrial, A Rockwell Automation Company
@VerveSecurity -
Carlo Pelliccioni
@cpelliccioni -
TCDI
@tcdi -
Pietro Ferretti🔸
@peterfrt -
Marcello
@mapogli -
Valerio Mulas
@drakkars -
Leonardo Porpora | @n0sign4l
@n0sign4l
Something went wrong.
Something went wrong.