Recent #APT36 #TransparentTribe #APT #CrimsonRAT da2331ac3e073164d54bcc5323cf0250 e63b3903f7a029e3f154a7164abba9bc ad90e16ea4a9fe11525da7669cb4b8ee (xlam) C2 IP / PORTS : 94.72.105.227 (waqers.duckdns.org) Ports: {11248,16896}

Back again - more cmd injections for the #Fortinet #FortiSIEM! Today we’re disclosing the details surrounding CVE-2024-23108 and CVE-2024-23109. These result from the use of Python’s os.system() in scripts which an unauth attacker controls arguments. horizon3.ai/attack-researc…

🚨 Found Another 𝗔𝗰𝘁𝗶𝘃𝗲 #SystemBC #Malware spreading from ON-LINE-DATA server in Netherlands (AS204601). C2 IP: cobusabobus[.]cam:4001 / 212.162.153.199 Malware Hash: 0dd1f6c2b9bf477115701a1340d8d9a2 81 Victims Confirmed 👇 Stay vigilant! 🛡️ #threatintel

Thanks R.! Well done Europol @EC3EUROPOL #Operation #Endgame, the largest law enforcement operation ever against botnets securityaffairs.com/163876/cyber-c… #securityaffairs #hacking #malware

🚨 Found a new IP 𝗔𝗰𝘁𝗶𝘃𝗲 #SystemBC #Malware spreading from AS-CHOOPA, US (AS20473), USA 🇺🇸 Command & Control IP: 64.176.194.7[:]443 Malware Hash: ecf61801ede927c82dcd89228dfe0a75 10 Victims Confirmed 👇 Stay sharp and stay safe! 🛡️ #threatintel

⚠️ #SystemBC es un malware comúnmente utilizado en campañas de ransomware. Este es un listado de máquinas comprometidas (bots) recolectadas desde uno de los paneles C2 activos en este momento: raw.githubusercontent.com/CronUp/EnAnali… 🛑🧐

“𝐇𝐨𝐰 𝐦𝐚𝐧𝐲 𝐂𝐕𝐄𝐬 𝐝𝐨 𝐲𝐨𝐮 𝐭𝐡𝐢𝐧𝐤 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐩𝐮𝐛𝐥𝐢𝐬𝐡𝐞𝐝 𝐭𝐡𝐢𝐬 𝐲𝐞𝐚𝐫?“ Great post on the forecast of the CVEs per month/year punctually exceeded by the final. H/T Pierluigi Paganini - Security Affairs jerrygamblin.com

New DFIR report - IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment thedfirreport.com/2024/06/10/ice…

.Volexity analyzes #DISGOMOJI 🔥, Discord-based malware 💀 using emojis for C2. #DISGOMOJI is used by #UTA0137, a suspected Pakistan-based threat actor. Read the full analysis here: volexity.com/blog/2024/06/1… #dfir #threatintel

🚨 Recent 𝗔𝗰𝘁𝗶𝘃𝗲 #SystemBC #Malware Commonly used in ransomware campaigns, spreading from Ukraine (UA). C2 IP: 185.156.72.33[:]4001 Hash: a022626b818bb6251e3b814ae74700e0 Compromised machines (bots) detected also in mostly Ukraine itself 👇 (32 Victims) 🛡️ #threatintel

🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability ⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous

New blog post! "Building Casper's Shadow". We discovered and researched the #ShadowPad builder. See how ShadowPad is built 😎👻 nao-sec.org/2024/06/buildi…