I share the Yara rules and the samples for the dropper and the ransomware ARCrypter (+ DTrack and APT32 ELF/MIPS/ARM agent) Yara: github.com/StrangerealInt… Samples: bazaar.abuse.ch/user/114643082…

Like everyone, I'm also available on Mastodon. This is my handle: @[email protected] infosec.exchange/@imp0rtp3

NEW: Cybersecurity startup Corellium gave trials to NSO Group and DarkMatter. It also sold to cellphone cracking firms Cellebrite and Elcomsoft in Russia, as well as Pwnzen, a hacking firm with ties to China's government, according to a leaked document. wired.com/story/corelliu…

#ESETResearch discovered that #LuckyMouse/#APT27 used a code-signing certificate belonging to VMPsoft, the developer of the VMProtect packer. The signed file is a loader for the SysUpdate backdoor (aka Soldier). We notified VMPSoft of this compromise 1/4 virustotal.com/gui/file/a8527…

#ESETresearch discovered an active #Android campaign conducted by the hack-for-hire group #Bahamut. The campaign has been active since January 2022, with malicious apps are distributed through a fake #SecureVPN website Lukas Stefanko welivesecurity.com/2022/11/23/bah… 1/6

I share yara rules and the samples of the new variant of #blackbasta ransomware. Samples: bazaar.abuse.ch/browse/tag/Bla… Yara : github.com/StrangerealInt…

Undetected PyInstaller stealers on Virustotal Search for behaviour:"mdvksublbpczqluqvvbytfprxdwakuke"

So yesterday was open #threatintel season on the Russia-based Callisto/SEABORGIUM crew, with a triple whammy of blogs from us and a couple of industry friends: PwC: pwc.com/gx/en/issues/c… Recorded Future: recordedfuture.com/exposing-tag-5… Sekoia: blog.sekoia.io/calisto-show-i…

Advisory of #CVE_2022_42475 (FortiOS SSL-VPN RCE) updated with additional IPs of the threat actor exploiting it: 139.180.184[.]197 66.42.91[.]32 158.247.221[.]101 107.148.27[.]117 139.180.128[.]142 155.138.224[.]122 185.174.136[.]20 fortiguard.com/psirt/FG-IR-22…

Great Blog by the colleagues Mandiant (part of Google Cloud) mandiant.com/resources/blog…

We just published a new blog regarding a novel low-detected #LockBit campain fortinet.com/blog/threat-re…