Michael Koczwara
@MichalKoczwara
Threat Researcher 🎯
ID:133224082
https://www.linkedin.com/in/michaelkoczwara/ 15-04-2010 09:32:35
6,9K Tweets
16,4K Followers
1,8K Following
🚨 New Potential 🇨🇳 #Moonbounce C2 45.77.65.219 📡
💻 The SSL is Linked to APT41 (Winnti), a Chinese-speaking hacker group.
🕵️♂️ First sighting since May 2023.
🌑Possible foothold for cyber-espionage & data exfiltration to the C2 server.
🔍 APT41's tactics: network…
94.198.53.143:8000 ✌️
🚩 Atera RMM, Ngrok, NetSupport RAT (twitter.com/1ZRR4H/status/…), PoshC2 (bazaar.abuse.ch/sample/63229da…), SystemBC (bazaar.abuse.ch/sample/63229da…) and Sliver (bazaar.abuse.ch/sample/1aecadf…) among other tools. I'm sure you remember some of these Michael Koczwara.
Active ransomware affiliate using #LockBit and #SectopRAT in a potential connection ↓
SectopRAT
Package: hxxps://slimankoomer[.]com/1711[.]zip
DDR: hxxps://pastebin[.]com/raw/fmKmDx8F
C2: 80.66.66.40:15647
MalwareHunterTeam twitter.com/malwrhuntertea…
🚨 👀 💰- New Recorded Future report! This report examines the role of 🇰🇵 North Korean 🇰🇵 cybercriminal operations targeting cryptocurrency.
“The regime views cryptocurrency theft as a major revenue source…for funding military and weapons programs.” recordedfuture.com/crypto-country…
#Cactus #Ransomware exploiting vulnerable 'Qlik Sense' servers for Initial Access
Timely Intel from Arctic Wolf 🐺: arcticwolf.com/resources/blog…
Exploited CVE's: CVE-2023-41266, CVE-2023-41265 or potentially CVE-2023-48365 (as reported by John Hilliard)
Will mRr3b00t Foxwild_threatintel Michael Koczwara Who said what this might interest you 👀
English version of the article : projetfox.com/en/2023/11/tra…
Manual Shellcode Analysis - Locating and Resolving Function Calls With Ghidra and x32dbg
Experimenting with a new style of (paid) post where I go in-depth on #Ghidra manual analysis. Showing approachable and repeatable workflows for analyzing malware.
embee-research.ghost.io/ghidra-basics-…
🔍Behind the Scenes: The Daily Grind of Threat Hunter
I turned a Twitter thread into a blog post on the topic of threat hunting.
This is a real-world example of how I approach threat hunting step-by-step 🕵️♂️ #ThreatHunting
👉 Blogpost here: kostas-ts.medium.com/behind-the-sce…