Nueva campaña de #FenixBotnet dirigida a México 🇲🇽 Ahora también utilizando la técnica "Copy&Paste" Distribución a través de SMS con URL: ▪ https://sat[.]citatorio[.]com/file/declaracion.pdf (falso PDF). Siguientes etapas desde: ▪ https://d3f8cv[.]top/d1zK3flPWA/v.txt ▪

Interesting #Xred campaign arriving via Google drive uses a "loader component" which downloads & runs code from /paste.fo/raw/024749876411 . The whole purpose of this component is to make the system weaker ( Disabling components via registry /adding exclusion ) before malware

Are you an Airtable user? If yes, be careful. You might receive a malicious mail which contains a link to its legit domain airtable.com and has a sheet. This "sheet" itself has a button, which asks the user to update Airtable by downloading its "Latest version".

#Donut > #AsyncRat #purehvnc ..etc from initial proxylife samples 🔱Samples related to kendychop[.]shop bazaar.abuse.ch/browse/tag/ken… 🔆AnyRun app.any.run/tasks/952c1450…

"Booking. com lnvoice" spam email PDF>url>js>urls>js >#rhadamanthys Urls b00king[.]com[.]ng/ urlhaus.abuse.ch/browse/tag/Rha… C2 185.196.11.]18:7257 Samples bazaar.abuse.ch/browse/tag/185… AnyRun app.any.run/tasks/b2627223… app.any.run/tasks/6ecbae95…

🇷🇺🕵️Gamaredon #APT activity targeting State Bureau of Investigation in 🇺🇦 Ukraine (DBR or ДБР): Phishing email -> XHTML Smuggling Payload -> Download RAR -> LNK -> MSHTA LOLBIN Download third stage Email: 27515d71b91bbdbb55437de6b729663c0cd206d7112ddbc439d82d8a6e1dde3e HTML

One hour to go, servers gonna be down so bad 🙃

The holiday season is about to start, and hackers have already started to cash in with fake "Year end and Christmas salary hikes". These emails contain a sendgrid link, which is used a lot in legit comms to avoid detection. The link downloads a zip which has a vbscript,

#Booking : Immediate Response Needed - Guest Items" 👇 https://extraguestreview.]com/#eM_0MX3z 👇#fakecaptcha https://booking.extraguestreview].com/sign-in? 👇 http://92.255.57.]155/Capcha.html 👇 Samples #XWorm V5.6 bazaar.abuse.ch/browse/tag/92-…

#Tycoon #Phishing With the help of Who said what?, we identified additional 482 domains linked to Tycoon. Here’s a list of domains+subdomains+full path, hosting Outlook/Gmail phishing pages: pastebin.com/r56UtHbD

Since I officially finished my bachelor degree last month, I am now looking for work. If you are offering a job in Cyber Threat Intelligence, please reach out! More infos in the first comment below. #infosec #CTI #JobSearch

#booking "We received this message from" #lummastealer ⛔️bit.]ly/4hdnEnC👇 ⛔️admin.bookviewreserve.]com/confirm/login/NbVqArnK👇 ⛔️view-reserve.]com/recaptcha-verify.html 👇 ⛔️92.255.57.112/1/👇 1.png 2.png 3.png Samples bazaar.abuse.ch/browse/tag/boo… AnyRun app.any.run/tasks/0ee3a58d…

🔍 TDR analysts discovered a new Adversary-in-the-Middle (#AiTM) #phishing kit, specifically targeting Microsoft 365 accounts and circumventing 2-step verification: Sneaky 2FA blog.sekoia.io/sneaky-2fa-exp… #detection #sneaky2fa

#Tycoon #Phishing Got more domains with the help of Who said what? 571 domains linked to Tycoon. Here’s a list of domains+subdomains+full path, hosting Outlook/Gmail phishing pages: pastebin.com/jp0uTrK4 A few of them are waiting for API renew (TA's didn't pay the bill 😂)

#Tycoon2FA Using Validin was possible to get a list of potencial Tycoon2FA Phishing pages. 70/140 Tycoon2FA Phishing pages Full list: pastebin.com/zyL7hcgd

🤠Hunting #Tycoon2FA Infra with BurpSuite, Validin & VirusTotal: 1️⃣ Intercept the POST request in BurpSuite to identify the domain storing credentials. 2️⃣ Use Validin to retrieve the mail.<domain> banner hash, revealing server fingerprints. 🧵1/2

😶‍🌫️

In the last year and a half I have disappeared a bit... and I am aware of it. I am at a stage in my life with myself where I am beginning to understand and contain myself. I believe that soon I will have the courage and ability to share this with all of you.

367 TG messages sent by the bot. main TG account - LnrSt33l. High probability based in NG.

New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework. Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :) medium.com/@gi7w0rm/huluc…