An interesting living off the land technique is to mask your registry key with a null embedded character, as described in this Github repo: github.com/bytecode77/liv…

The kind of friends we need.

Sharing only the hash of a PHP webshell, instead of the file itself, limits the community's ability to analyze and defend against threats. I'll monitor VirusTotal and MalwareBazaar for uploads of this shell. If it appears and lacks sensitive info, I'll share it. It's baffling

Lumma C2 👀 MalwareHunterTeam Fox_threatintel #lummac2 #malware

anydesk-cis : e571329e12a3c2baaa9e9eb4e66954c0b59021ef203db8fc3e75a563efa9e7b0 MalwareHunterTeam Fox_threatintel Squiblydoo

2025-01-13 (Monday): Legitimate websites infected with #KongTuke script present "verify you are human" pages that ask victims to paste PowerShell script into a Run window. Lately, this has led to infections abusing the #BOINC platform. More info at: bit.ly/3DU2H2R

This seems to be rootkit 👀 Hash: 66237dc4f6bfcabde31061bede26cf89d9e80400b8a03941c05e2b5d20839069 MalwareHunterTeam Squiblydoo Fox_threatintel #malware

Lumma C2 MalwareBazaar: bazaar.abuse.ch/sample/2d8eec4…

Came across this exploit for Linux while investigating some silent matches - with 0 AV detections If anyone wants to take a look, let me know what you find VT virustotal.com/gui/file/8c8d3… Malware Bazaar bazaar.abuse.ch/sample/8c8d3b5…

Honey wake up, new content just dropped 🔥 There are two new labs coming to the #HackTheBox platforms this week!  🔴 Checker, an #HTB Seasons Machine created by 0xyassine 🔵 APTNightmare-2, a Sherlock focused on a sophisticated rootkit targeting Linux servers Get started now on

LummaC2 hxxps[://]monekam[.]shop/subwaysurf[.]mp4 subwaysurf[.]mp4 : d9dc1fb1252a5d3825408b6900d874eb17fd55606b3b9d011e3c33d8c0b413dd bazaar.abuse.ch/sample/d9dc1fb… MalwareHunterTeam Fox_threatintel #lumma #c2

🚨#Android #Malware Fake Chat app is sending SMSs, photos, contacts to a Telegram's chat using the bots API 🤖 Distribution: https://vanos.pages[.]dev/assets/Vanos-Messenger.apk Hash: 170abe43fb6f31f601f2493e40b64bb20171e0bc0cae6b88802d0c4faf1c5f3c Trying Matkap it looks like

UNC3944 (Scattered Spider) activity is reportedly rising across global industries, including retail. Act now to stay ahead ⚠️ Learn more: goo.gle/4esbM0Q

Unit 42 We observed exploitation as early as 07-17, from IP's 103.186.30[.]186 and 107.191.58[.]76. You can detect this behavior from the IIS process w3wp.exe spawning child processes, at least in our instance.

Alert: SharePoint CVE-2025-53770 incidents! In collaboration with Eye Security & watchTowr we are notifying compromised parties. Read: research.eye.security/sharepoint-und… ~9300 Sharepoint IPs seen exposed daily (just population, no vulnerability assessment): dashboard.shadowserver.org/statistics/iot…

Added a new tool to: powershellforhackers.com/tools/revshell/ ⚠️Please Use Responsibly⚠️ You can use this to instantly generate an obfuscated reverse shell in powershell that i have personally used to beat EVERY single EDR out there right now. I've added some pretty cool stuff to my website

Our latest threat research report is live: UNC2891: ATM Threats Never Die. Since 2022, Group-IB specialists have been tracking this low-profile, financially motivated group targeting financial institutions, compromising infrastructure to execute coordinated ATM cash-outs. Key

#ATM Hacking Group UNC2891 Technical Summary: Core Tools / Malware ArsenalCAKETAP → Solaris/Linux kernel rootkit, hooks ATM → HSM traffic, modifies ARQC/ARPC in real time SLAPSTICK → PAM backdoor + per-server unique "magic password" (SSH passwordless login even if keys