Le Maestro
@RamineEtoCyber Threat Hunter 🎯 | CTI Enthusiast 🌐 | Malware Analyst 🛡️ | uncovering cyber threats 🔍
Similar User
@mizter_platipus
@alphamale7747
@Preciou27367507
@epieoni1
Using @Huntio to hunt for 🇰🇵Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor. For example, we've observed a DPRK threat actor using the host 104.168.165.165 to create fake Hack VC subdomains, such as.…
Today, TrustedSec is releasing #Specula (our previously internal framework) into the world, which will transform the Outlook email client into a beaconing C2 agent. @oddvarmoe and @freefirex2 walk through how to use Specula in our latest blog! hubs.la/Q02JfFFN0
Interesting Thread on a massive dump from a Chinese 🇨🇳 Ministry of Public Security (MPS) private industry contractor called iSoon (aka Anxun) Leak contains: - Spyware - Espionage Ops - “Twitter Monitoring Platform” - And a lot more 🔥 This is a crazy NTC Vulkan-level leak ⚠️
Buckle up, folks! 🚀 2024 might just witness the biggest leak on Chinese threat intelligence gathering #Cyber #ThreatIntel #CTI
#threatintel someone just leaked a bunch of internal Chinese government documents on GitHub github.com/I-S00N/I-S00N/
I think it's time for any enterprise still using this should think again, because #ivanti just loves giving Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries thehackernews.com/2024/02/ivanti… via @TheHackersNews
Interesting find! As @BushidoToken says, last scanned 08-2023. You can use the title "LockBit BLOG" to identify an additional recent scan result: LockBit Blog IP: 165.227.85[.]87 hosted on Digital Ocean, US. Last scan date: 2024-02-06. 🧵
Just came across #Lockbit #ransomware #dataleak site whose IP exposed during my Research! 5.182.5.126 ASN:49505 Same IP has a historic conn. with waralbum./ru associated with #BuhTrap #Banking #Trojan in 2016! #OSINT #security #infosec #malware #databreach #threatintel #CISA
Version 10 of CyberChef is now live! Developed by GCHQ's very own software engineers, explore the latest features of the cyber Swiss Army knife ⬇️ github.com/gchq
CyberChef v10 is here! Explore the latest features of the cyber Swiss Army knife, developed by our very own software engineers and see what you can rustle up ⬇️ github.com/gchq
I'm currently taking the CyberChef for Security Analysts course from @NetworkDefense The course instructor, @mattnotmax has a repository of CyberChef recipes. github.com/mattnotmax/cyb…
Microsoft continues to track and disrupt activity attributed to a Russian state-sponsored actor we track as Star Blizzard (SEABORGIUM), who has improved their evasion capabilities since 2022 while remaining focused on email credential theft. Get TTPs: msft.it/6014iR1f8
It has all the hallmarks of #Lazarus APT; its favorite target is cryptocurrency exchanges.
The threat actor that Microsoft tracks as Sapphire Sleet, known for cryptocurrency theft via social engineering, has in the past few weeks created new websites masquerading as skills assessment portals, marking a shift in the persistent actor’s tactics.
#DarkLoader ▪ "daim.asi": 6b093fa5742346d843f64426c01b5dd9b0e6d9e7a12d0a87059ddfc98484e5e1 ▪ "\darkloader\vl_loader_vs2022_project\Release\vl_loader_vs2022_project.pdb" C2 + Payloads: darkloader[.]top closehub[.]ru [+] bazaar.abuse.ch/sample/6b093fa…
Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed on October 4, 2023. Storm-0062 is tracked by others as DarkShadow or Oro0lxy.
(1/7) When it comes to selecting cyber threat intelligence feeds, what criteria are you looking for? Check out the following #CTI tools we recommend! 👇 Learn more about each tool's strengths and benefits, evaluated by our experts: maltego.com/blog/threat-in…
We finally have more info about how exactly Microsoft was hacked by Chinese threat actors. It’s a doozy, so strap in. Back in June, hacking group Storm-0558 accessed the cloud-based Outlook email systems for 25 organizations, including at least two US government agencies. We…
Today, #FBI Director Christopher Wray announced a Bureau-led operation that crippled a long-running botnet. Just in the past year, this botnet infected approximately 700,000 computers. Learn how the FBI restored control to victims: fbi.gov/news/stories/f…
#NorthKorea's Lazarus Group is back again, this time with two new remote access trojans. The attacker continues to use the same infrastructure, but is changing up their eventual payloads. More here: cs.co/6018PoxLp
More #DarkGate .MSI files with 0 detections C2: 107.181.161.200:9999 "Wrapped using MSI Wrapper from www[.]exemsi[.]com" Sample: bazaar.abuse.ch/sample/eb7ef73… Related: twitter.com/Gi7w0rm/status…
Interesting #opendir: hxxps://83.217.9[.]18/ lnk -> smth + decoy.pdf (US Bancruptcy)-> cmd calls to hxxp://107.181.161.200:443 tria.ge/230821-bb4qysa… FromEnergyBadx64.msi -> backdoored Chrome install with vbs script: tria.ge/230821-bcdwxsa… virustotal.com/gui/file/b1c0c…
🔍 Intrusion Analysis Thread from our private reports | DarkGate, Cobalt Strike, and BianLian: 1/ 🚨 Overview: We observed a suspicious MSI file executed, leading to the deployment of DarkGate, Cobalt Strike, and BianLian malware. Let us dive deeper.
United States Trends
- 1. Thanksgiving 930 B posts
- 2. Druski 38,7 B posts
- 3. UConn 12,1 B posts
- 4. Kevin Hart 23,9 B posts
- 5. Turkey Day 18,7 B posts
- 6. Vindman 79 B posts
- 7. Zuckerberg 69,1 B posts
- 8. #MSIxSTALKER2 8.524 posts
- 9. Dayton 5.604 posts
- 10. Wiggins 5.073 posts
- 11. Dylan Harper 4.889 posts
- 12. #RHOSLC 7.426 posts
- 13. Sylus 49,4 B posts
- 14. 0-3 in Maui N/A
- 15. Friday Night Lights 21 B posts
- 16. Shai 7.816 posts
- 17. #BillboardIsOverParty 168 B posts
- 18. Blackout Wednesday 5.612 posts
- 19. Tyrese Martin 2.297 posts
- 20. Jalen Williams 2.319 posts
Something went wrong.
Something went wrong.