#Hacking #TA402Molerats #APT #Ransomware #MiddleEast #Malware #Vulnerability #CyberCrime #CyberAttack #CyberSecurity TA402 APT group (aka Molerats and GazaHackerTeam) is back after two-month of silence and is targeting governments in the Middle East. proofpoint.com/us/blog/threat…

#opendir #malware-based ↔️ #cracked panel ➡️ #PurpleWave-based? 🔃 🏴‍☠️ /82e989d88831.ngrok.io ☣️5707e7e0c4c760e27e28d5a0db676695 ☣️8055ddd8053ce613c86b170a7bcb38b0 ☣️270904ff7685448832cd6dfc1c9fcd7c ☣️9db75d472fd29c153cdadaf7937fcdcc no-sandboxes-listed #InfernusMine #HASKERSGANG

New #TA551/#Shathak domains. Used to deliver #Trickbot. hessroughg[.]com medranooveng[.]com despairdelivery2015b[.]com mercycarrolld[.]com pottermanagements[.]com elevatorbernald[.]com berrytvs[.]com volumeoil2015b[.]com threatfox.abuse.ch/browse/tag/TA5…

I share the samples and yara rules of #WinDealer. Samples: bazaar.abuse.ch/browse/tag/Win… Yara : github.com/StrangerealInt… ref : blogs.jpcert.or.jp/en/2021/10/win…

#Qakbot .xlsm e5958241f7b455b05a0e59d8602fb51a2148aefe2fbe13641af920eb98ac6045 > hxxp://ielts-world.trimion.org/wp-content/uploads/0qkRwoQ1sl7/", "..\besta.ocx") > .dll f4a6aa75bd85c3487c0cc6d20c70ed917b24a67e19176090fd98f90c5f3679ba

It seems #AgentTesla continues to target Oil and Gas Companies. Maldoc: NATIONAL PETROLEUM CONSTRUCTION COMPANY (NPCC) SAUDI ARAMCO-RFQ FORM.xlsm 33384754a17c202e5bdce2edb32e14f4 Download URL: https://www.rhb-international[.]com/projects/enquiry.zip

AgentTesla: 5fe0c0830097ecfef8319b81ea54db1b C2: mail[.]copriuae[.]ae

#WIRTE #APT maldocs: تعميم مالية الســـاحات الخارجية.ppam (Circular of External Finance.ppam) 4f80572a18c57f6ed76f4edfbeafda28 فهم الإحتياجات الأمنية (Understand security needs) 41d9a5902ade7b0e9d7516ce5ba09312 C2s: neweconomysolution[.]com sun-tourist[.]com

#AridViper #APT Hash:116967e277b8e095697eff6741fad165 FileName:The Ministry of State for Wall and Settlement Affairs established by the Palestinian government.xz It contains a file disguised as a word document virustotal.com/gui/file/247be… C2:zakaria-chotzen[.]info 93.185.166[.]20

Another Thread-Hijacking Inception! Today's #TA570 #Qbot obama216 HTML campaign hijacked from a March 16th #Bazaloader campaign hijacked from a December 2021 #BazaLoader #TA571 campaign. You know i love finding these by now :D

#APT #APT32 It seems to be an attack sample of APT32 targeting Vietnam, which needs to use IP address to decrypt shellcode. ec8811ab8756013cc6e8279584dbf204

#APT #APT37 ZIP File: e809ed9c83ee468369e665259fb1ae7b LNK File: d1dc2db2956803de7eef7a76a6ac5cb2 주요도시 시장가격 조사2023.lnk ZIP->LNK->BAT->Powershell hxxps://dl.dropboxusercontent.com/scl/fi/h7p5aearkbq6rnb2oh633/20231028_selca.zip?rlkey=8gmnnfrezz2vnndsr1cz781cv&dl=0

Sample is now on VT! 🚩Hash: 7b0a14c36addaa079c3fc7e6a7bed0fd 🎯Actor name: Arid Viper 🔹Comment: The Mantis APT (aka Arid Viper, Desert Falcon, APT-C-23) is continuing to mount attacks, deploying a refreshed toolset 🌐URL: symantec-enterprise-blogs.security.com/blogs/threat-i… 🔎OnVT: virustotal.com/gui/file/3d649…

#SaudiArabia 🇸🇦 - A threat actor claims to have data of The Saudi Aramco Total Refining and Petrochemical Company (SATORP) "Established in 2008, SATORP is a Refinery and Petrochemical complex; processing barrels of Arabian Heavy Crude Oil per day." #DarkWeb

#Astaroth (#Guildma) 16/02/2024 ❇️ Zip from 153.207.225.35.[bc.[googleusercontent.[com/52525252525252/Facttur525252525252/ > h6oehr.globalnetwork[.my.id/?5/ http://r9ou2v.innovation[strategy[.biz.id/? Samples bazaar.abuse.ch/browse/tag/812… AnyRun app.any.run/tasks/2913f9dd…

"Invio Ordine accompagnatorio" spam email spread #AgentTesla Eml>IMG>Bat Samples + tag old samples + hunting bazaar.abuse.ch/browse/tag/ftp… Exfil ftp.lemendoza[.com admini@lemendoza[.com

#ROKRAT #APT37 #APT #IOC ROKRAT 설비목록.lnk Equipment list.lnk 82f881a33eafee75fb1344432f76faf6 580601bc3f7016b59f8919fa7433639b [zip]

#Qiulong #Ransomware Infra Hunt Found an unreleased TOR Domain of Qiulong Ransomware,which may be used for #dataleak …r7y5a36tuci4bx4fgqmmihp7he7flyd.onion IP:94.156.79.124 🇧🇬 nginx/1.18.0 (Ubuntu) Main Domain of #Qiulong: …qnon54gjns5nmag3hmqv6fcwamtkmad.onion #infosec #security #OSINT #darkweb #malware

🚨 Malicious Excel File Evaded Most of the AV Solutions #AgentTesla🚨 📌 VT Detection: 4 / 62 🔐 MD5: fbe269e9e59772f738456bf0a165f0fd 🕵️‍♂️ IOCs: - http[:]//23.95.60.77 - http[:]//bun.is/08c72u DOCGuard Report: app.docguard.io/cc962c0a4622ba…

#Kimsuky #NorthKorea A Deep Dive into the Kimsuky Threat Tactics & BlueShark genians.co.kr/blog/threat_in… blushaakco[.]kr d5dd153ac17a79723f33fb45849a533b 844fb1dddeb432d9c950965fb78d1c52 31909632fb7f1a53507f65a1ae96a519 ...