Rony
@r0ny_123Threat Intelligence Analyst | @ https://t.co/3J6VxnAZpr
Similar User
@stvemillertime
@kyleehmke
@Manu_De_Lucia
@ScumBots
@3dRailForensics
@cyberwar_15
@mesa_matt
@KseProso
@bkMSFT
@DrunkBinary
@aRtAGGI
@xorhex
@tildedennis
@Timele9527
@Cyber0verload
Weekend Reading. Big shoutout to @Volexity folks sharing this!
.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. volexity.com/blog/2024/11/2… #dfir
🚨 Microsoft’s Digital Crimes Unit takes aim at Storm-0867, the operator behind the #Caffeine Phishing-as-a-Service (PhaaS) platform ☕. A major crackdown on the cybercrime supply chain! blogs.microsoft.com/on-the-issues/… 📜Unsealed court order: noticeofpleadings.com/fakeonnx/
Can anyone explain how the "First seen ITW" timestamps are generated in @virustotal? #virustotal #VT
🚨Another domain🌐skt-info[.]online (~2024-07-31) related to Earth Baxia 🇨🇳(not reported PUBLICLY yet👀) From now on, the infra related to this cluster will be pushed on @threatfox⚡automatically, so make sure you🔖the link below👇 threatfox.abuse.ch/browse/tag/Ear…
▶️ Leverage Infrawatch signatures to enhance your adversary infrastructure and asset monitoring capabilities across the entire internet. In this example, the presence of the X-Havoc HTTP header serves as a key indicator for detecting the Havoc C2 framework.
Was tracking this cluster for a couple of months now, and it's great to see that it's finally been made public. Some more C2 infra related to this Earth Baxia threat cluster: s3-azure[.]com ~ 2024-05-14 islot[.]ink ~ 2024-07-13 browser-events-data-microsoft[.]com ~ 2024-04-22
Trend Micro researchers describe how Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific region using spear-phishing emails and the GeoServer vulnerability CVE-2024-3640. trendmicro.com/en_us/research…
Again boring DLL Sideloading Stuff from Trash Panda (you know who you are) #PlugX / #DOPLUGS C2: 103.238.225[.]248:443 Sample: virustotal.com/gui/file/c9c81… Thanks to @ValidinLLC for the quick pivot.
The art and science behind Microsoft threat hunting: Part 3 | Microsoft Security Blog microsoft.com/en-us/security…
Related #PlugX infra govamazon[.]com
Nope, they didn't directly attribute this activity to #APT42, though there is a weak overlap. It's more likely that they're acting as a front company for the 🇮🇷 IRGC-IO. #IRGC #threatintel
CAPE Debugger of course! Because it's incredibly powerful, stealthy and conveniently integrated into the sandbox. Get started with a trace from entry point with as little as: bp0=ep
Volt Typhoon? Nah, gotta be APT10 - MSPs are their favorite buffet. They never miss an all-you-can-hack special!
The high-risk vuln (CVE-2024-39717) was added to the CISA must-patch list over the weekend after Versa Networks confirmed zero-day exploitation @SecurityWeek Black Lotus Labs links exploitation to Volt Typhoon APT and says ISPs and MSPs are downstream targets 👇👇…
Wow, State-sponsored influence operation! @fbsecurity @facebook take note. cc @DavidAgranovich
Mamata Police is unleashing sinister 'toolkit' to deviate protestors from Marching towards Nabanna, seeking justice for the RG Kar PGT Lady Doctor !!! West Bengal Govt is trembling with fear since the call for 'Navanna Abhijaan' on 27th August went viral on social media. The…
Free speech is being suppressed in West Bengal, India. @ KolkataPolice and @ WBPolice are issuing notices under Section 168 of the BNSS 2023 to individuals criticizing the police and administration. This is a serious concern for democratic freedoms. @X @elonmusk #FreeSpeech
It has come to my notice that various Social Media Users across the State as well as from different parts of the country are receiving notices from @KolkataPolice, @WBPolice and their Cyber Crime Departments, directing them to delete certain posts and threatening them of strict…
We just released Threatray v2024.07 after many months of work. Check out the blog to see our new IDA Pro integration, enhanced OSINT hunting, benign code detection and lots of threat tracking updates. threatray.com/blog/threatray…
The ability to search for a bookmark is coming to X on iOS next week!
Some more suspected #PlugX domains are likely used by the #DarkPeony group in Op ControlPlug. 7gzi[.]com bramjtop[.]com buyinginfo[.]org comparetextbook[.]com dmfarmnews[.]com flaworkcomp[.]com glassdoog[.]org goodrapp[.]com More on @abuse_ch Threatfox: threatfox.abuse.ch/browse/tag/Ope…
👀 Operation ControlPlug: MSCファイルを使った標的型攻撃キャンペーン jp.security.ntt/tech_blog/cont…
United States Trends
- 1. Thanksgiving 760 B posts
- 2. #AEWDynamite 24,5 B posts
- 3. Tyrese Martin 1.197 posts
- 4. Friday Night Lights 15 B posts
- 5. Pat Spencer N/A
- 6. #Survivor47 4.282 posts
- 7. Druski 2.085 posts
- 8. Knicks 13,1 B posts
- 9. Kevin Hart 8.068 posts
- 10. Zuck 10,1 B posts
- 11. Vindman 58,1 B posts
- 12. #BillboardIsOverParty 135 B posts
- 13. Cruz Azul 17,6 B posts
- 14. Ace Bailey 1.162 posts
- 15. #ALLCAPS 1.143 posts
- 16. Trae Young 5.982 posts
- 17. Max Christie 2.132 posts
- 18. #Blackhawks 1.308 posts
- 19. Harden 14,6 B posts
- 20. Kuminga 1.770 posts
Who to follow
-
Steve YARA Synapse Miller
@stvemillertime -
Kyle Ehmke
@kyleehmke -
Emanuele De Lucia
@Manu_De_Lucia -
ScumBots
@ScumBots -
nick
@3dRailForensics -
CyberWar - 싸워
@cyberwar_15 -
Matthew Mesa
@mesa_matt -
Kse Proso
@KseProso -
bk (Ben Koehl)
@bkMSFT -
Drunk Binary
@DrunkBinary -
Digital_Monet
@aRtAGGI -
avallach (@[email protected])
@xorhex -
tildedennis
@tildedennis -
Timele12138
@Timele9527 -
匚ㄚ乃乇尺ㄖᐯ乇尺ㄥㄖ卂ᗪ
@Cyber0verload
Something went wrong.
Something went wrong.