http://212.227.241.124:22533 #lemon #manager #C2

Active malware observed!
urlhaus.abuse.ch/host/212.227.2…

virustotal.com/gui/file/c3292…

cc: Mikhail Kasimov Wafer4014

Ever wonder what it’s like to work at CrowdStrike?

Here’s what Rose Steingart, Senior Employee Experience Specialist, thinks about the culture, employee appreciation, day-to-day work and more: crwdstr.ke/6011jPEOW

Project_Blockchain.zip (sha256: c288a7f4be771dcaac9f089452a7934773c497b43b288fee54b14be0bb414190) looks rather suspicious to me. Only a detection from ESET.
Most likely #lazarus ?

🔴 We are live!

twitch.tv/oalabslive

ςεяβεяμs - мαℓωαяε яεsεαяςнεя Fascinating stream. I am picking at NSIS / GuLoader right now. Here is a script to build a 7zip Ubuntu package with NSIS script decompiler enabled. The resulting .deb can be kept on file to install where needed. gist link in reply.

There is a bunch of websites currently #compromised with #FakeUpdate malware.
Most notably:
ecowas[.]int ( Ecowas - Cedeao ECOWAS Centre for Surveillance and Disease Control ECOWAS Bank for Investment and Development (EBID) )
icef[.]com (@ICEFglobal)
and
fup[.]edu[.]co ( @La_Fup)
a full list of compromised sites can be found here:
github.com/Gi7w0rm/Malwar…

Honoured to be presenting the keynote for NorthSec this year. If you are in the neighbourhood May 16-17 come say hi, tickets are still available😺

Unpack all malware with a single breakpoint? Maybe? And I promise I won't mention anything about LLMs!

nsec.io

Contributing to the mission!

RE tip of the day: When the debugger is attached, it creates at least one thread as part of the malware process. Malware can call SuspendThread/NtSuspendThread APIs to affect this auxiliary thread and incapacitate the debugger.
#infosec #cybersecurity #malware #reverseengineering

What a great opportunity for a #BinaryRefinery showcase!

xt exe | xt | push [
| bat
| carve -d string
| iffs =
| b64
| pop k i
| carve -sd b64
| aes --iv=eat:i eat:k
| zl
| peek -mm ]

📌 github.com/binref/refiner…

If you’re interested in structure recovery in Binary Ninja this stream highlights their auto-generate functionality and interfaces for constructing them. Havoc is actually a pretty nice example for this. Enjoy!

Testing my stream for the next 30m new setup feel free to join me.
twitch.tv/c3rb3ru5d3d53c

ThreatLabz has released an IDA plugin to deobfuscate the strings for previous versions of #Pikabot .

Read our blog here: zscaler.com/blogs/security…

The source code for the IDA plugin can be found here: github.com/threatlabz/pik…

It's not 2024, it's 1984 apparently.

Due to the fact that I am gonna be more and more busy with my family life, I am looking for a person who would like to become a successor of my open source projects. You need to know C/C++, and be very committed. Please share your offers!

NOOO CERBERUS ESCAPED

The xz backdoor just got even *more* interesting… (h/t Filippo Valsorda @filippo.abyssdomain.expert )