new #eCh0raix #ransomware #linux sample elf: db87238952aced3e20c364956426cd1b script: 9d5c556eaf28973513d40a167273a2d6 (drop from -> 211[.36.1[.152 ) ip: 1[.220.92.198[:8899 7zvu7njrx7q734kvk435ntuf37gfll2pu46fmrfoweczwpk2rhp444yd[.]onion MalwareHunterTeam Fox_threatintel

#KematianStealer C2 ip's 95[.]211[.]96[.]106[:]8080 45[.]145[.]41[.]231[:]8080 103[.]190[.]81[.]201[:]8080 64[.]52[.]80[.]191[:]8080 82[.]117[.]255[.]71[:]8080 FOFA query: title="Kematian-Stealer" Fox_threatintel Mikhail Kasimov

Intresing observation with the help of just single string i am able to collect 300+ sample of #lummac and #Stealc #Stealer String: "C:\Windowsterminatedowner" IOC's: pastebin.com/raw/QMbiTacZ RussianPanda 🐼 🇺🇦 MalwareHunterTeam James

Last Monday I woke up and notice that my GitHub account is been suspended! I don't know the reason why they did this, i tried to recover but no reply from github 😕 My git was having awesome project now i lots all of them Fox_threatintel MalwareHunterTeam RussianPanda 🐼 🇺🇦

Malicous websit ask you to do following steps whic #downloads the #Remcos 1. Press Windows Button "🪟" + R 2. Press CTRL + V 3. Press Enter ioc: paste4btc.com/pjRexqBr FOFA query :title=="Custom reCAPTCHA Checkbox" RussianPanda 🐼 🇺🇦 Fox_threatintel MalwareHunterTeam

I'm excited to share that I'm developing a new project! "APT hub," will help us updated on the latest APT activities. It collects data on APT profiles, IOCs(1 yr), and blogs on searched APT. I'm also working on integrating MITRE, download available sample and yara. Stay Tuned!

Here are few more hases miss by CERT-UA for #APT29's RDP #Phishing 3d7e2ee43faf15c1776aa0277db1c2a5 48ed82f14472518251086afc26d886ea f7e04aab0707df0dc79f6aea577d76ea e1d7de6979c84a2ccaa2aba993634c48 280ab6fa6087c57b43cd5ac6c257082c

7777 #botnet is back and here how you can hunt Censys search query: 1] - services.banner_hex="786c6f67696e3a" 2] - services.software.vendor="7777 Botnet" 7777 Botner C2: pastebin.com/AQDTDEvg

Discovered 2.5K+ #telegram based #phishing and #CryptoScam IOC's IOC: hastebin.com/share/qevudumu… Fox_threatintel RussianPanda 🐼 🇺🇦 Mikhail Kasimov MalwareHunterTeam

Folks, I discovered a surprising thing today: We can search the comments on #VirusTotal without logging in. Is this a new feature from VirusTotal 🤔🤔 MalwareHunterTeam James Florian Roth ⚡️ Fox_threatintel RussianPanda 🐼 🇺🇦 vx-underground

Nice, now we have #Malware sample from #VirusTotal based on #C2, which receives commands from VirusTotal user comments. Sample_1: 21f394bd95e848ab5c30439cbd7894fbdcf85f19953caf9a6604f125ebfd562f Sample_2: 4c109eac5107512e51570e7ec261734ec5c6d9277f855fe8da735fddf3d05cd9 Git:

New Pakistan #APT36 malware #samples targeting India with names "SITREP_PahalgamSector.zip" and "CrossBorderActivity_LogisticsRoutes_SuspectedInfil_Apr2025.kml.lnk" IOCs: - 905134a46153e071d453e086dc37c47a (Zip) - 609308aa7da464c40cb2927ebf01793a (LNK) -

The metioned #Remcos in this artical been loaded by #KLoader #Malware, Additionally, you may see that the threat actor used and shared the same #C2 ( mytaxclientcopy[.]com ) mentioned in this blog in the sample video. Fox_threatintel RussianPanda 🐼 🇺🇦 MalwareHunterTeam 0x6rss

Here is another LNK and 2 more DLL which is related to #APT35 LNK: a52c8eacf3dbdcf0f49268a27a44636b DLL (Min[.]dll): a2522c16248868ad666c746baf428e41 DLL (new[.]dll): 62fbf0622586324f7177da466d036b8f Now, the interesting part is that a similar kind of LNK file was also observed

🚨 #WaterSigbin aka #8220Gang #APT 🚨 A new wave of malicious activity involving the 8220 Gang also tracked as Water Sigbin has been active since March 2024. This APT group is known for leveraging misconfigured cloud services and vulnerable Linux systems to deploy #coinminer