#Spyder malware looks to be an update of #WarHawk malware from #Sidewinder #APT 1f4b225813616fbb087ae211e9805baf BAF Operations Report CamScannerDocument.exe c2 hxxp[:]//plainboardssixty[.]com/drive/bottom.php

Microsoft Teams bug allows malware delivery from external accounts bleepingcomputer.com/news/security/…

#OpenDir, lot's of red team tools Discovered using hunter.how platform 🔍 Urlscan: urlscan.io/result/1525e8d… #ThreatIntelligence #redteam #malware #CyberSecurity

#OpenDir, 34.238.123.45:8448 Tools: Metasploit, Chisel Found using hunter.how/detail?ip=34.2… 🔎🔎 UrlScan: urlscan.io/result/4cb1b85…

My team is hiring for a Reverse Engineer at Unit 42. If you feel like you might be a good fit then take a look at the job posting. Hot off the press as of today. #unit42 #reverseengineer #malware jobs.smartrecruiters.com/PaloAltoNetwor…

Defeating API Hashing Using x32dbg and Conditional Breakpoints. By setting simple log conditions on functions related to API hashing, you can quickly print out decoded hash values without needing to identify or reverse the hashing algorithm. [1/11] #Malware

Tried hunting for DarkGate servers ? Try using this search term on Censys. -> (Autoit3.exe) and services.service_name=`DARKGATE` Censys: 10 results #darkgate #threathunting #malware #threatintelligence #threatintel

2023-10-17 (Tuesday): We have been monitoring #RemoteCodeExecution vulnerability CVE-2023-3519 affecting #CitrixNetScaler products in the wild. This is a recent snapshot of associated activity. Indicators available at bit.ly/3rVEgwk #CVE20233519 #TimelyThreatIntel

Curious about exploited CVE-2023-3519 Citrix Gateways? Try using these search terms on these platforms. Censys -> tinyurl.com/y8rfchfj Hunter -> tinyurl.com/zcf6cufm Censys: 258 results Hunter: 301 results #CVE20233519 #CitrixNetScaler #RemoteCodeExecution

Virtually attending CYBERWARCON this week. Excited to check out the conference for the first time. Curious to hear the talk from Christopher Glyer on RomCom malware usage 🤘 #CYBERWARCON

#MedusaRansomware gang launched a dedicated leak site as part of their multi-extortion strategy. This article covers their victimology, toolkit and an ind-depth look at their #TTPs — a close examination of the literal gaze of Medusa’s binary. bit.ly/48qpE81

Tried hunting for Meduza Stealer panels ? Try using these search terms. Censys -> services.http.response.html_tags="<title>Meduza Stealer</title>" Hunter -> web.title="Meduza Stealer" Censys: 9 results Hunter: 11 results #MeduzaStealer #malware #threatintelligence

With the release of #MaaS #BunnyLoader 3.0, our researchers distill the information gained from new samples of this upgraded malware. Capable of #CredentialStealing and more, this article provides a thorough overview of BunnyLoader’s progression: bit.ly/4adA8rT

My latest research blog in collaboration with my colleague mithrandir

Tried hunting for RisePro panels ? Try using this search term. Censys -> services.http.response.body_hashes:"sha256:5e52c3d964fc5e71ca6ed84cb3061f3d48921f12c08beb5f13e19be0fe5065c2" Censys: 21 results #RisePro #malware #threatintelligence

Found some XehookStealer C2 instances using Censys Search censys.com/stumbling-upon… #c2 #xehookstealer

Stargazers Ghost Network continuing to push malware on GitHub. Sampling the data today, found Lumma Stealer under the repo name "Fortnitehck-seuj". SHA256: d326e987fdb5fe5da2b52e73556a382ff945b526c4394c7747f26bc8be08d136 research.checkpoint.com/2024/stargazer… #lummastealer

2024-08-06 (Tuesday): We found a #Xerxes Android #botnet server on 144.217.61[.]133 that was active until Monday. Pivoting on data from the server, we found two domains used for other Xerxes botnet servers in 2023. More info at bit.ly/4dy4lDF

2024-08-21 (Wednesday): First reported in July 2024, a #PowerShell #Stealer named #Kematian Stealer (#KematianStealer) still appears to be active. Details on a recent sample are available at bit.ly/3YNTIIW #Unit42ThreatIntel #TimelyThreatIntel

Was really cool to hang out and demonstrate the IDA Pro MCP with a bit more nuance than 2 minute videos! 🔥