apk at level 2… give me literally anything else #flareon10

#Bumblebee lg1010 rolled in today via Cookie Reloaded (prometheus tds) URLs RC4Key: NEW_BLACK C2: 192.168.0.101:444 C2: 186.85.54.111:149 bazaar.abuse.ch/sample/15b7cb2… tria.ge/231009-2a2hbag…

#Pikabot with updates Attack chain 1/x delivered via html attachments. MSI: bazaar.abuse.ch/sample/f119f1e… html: bazaar.abuse.ch/sample/1aaf8df… DLL:bazaar.abuse.ch/sample/2a387ad…

I don’t repost much, but Greg Lesnewich is kind of awesome!

This absolutely made my day 😂. I love this threat actor. bazaar.abuse.ch/sample/b9bf11a…

🌟New report out today!🌟 The Curious Case of an Egg-Cellent Resume Analysis & reporting completed by Pete, Zach and guest contributor Kelsey from Proofpoint! Audio: Available on Spotify, Apple, YouTube and more! 👇 Click the link below to read the report!

Forget the bird flu, anyone looking for #More_Eggs? #TA4557 bazaar.abuse.ch/sample/0f37a11… bazaar.abuse.ch/sample/cf4e819…

Catching up on reading external blogs this week. Question: When you read external research and they get something dead wrong, like there is no wiggle room or potential to be even a little correct, what do you do?

Update #booking #clickfix #asyncrat from https://grupo-positivo.]com/GUP.zip https://pastebin.]com/raw/XuBRH7G6 Samples bazaar.abuse.ch/browse/tag/gru… Ip Related bazaar.abuse.ch/browse/tag/185… AnyRun app.any.run/tasks/d5a7b492… cc Mikhail Kasimov ܛܔܔܔܛܔܛܔܛ Kelsey

#booking #clickfix #fakecaptcha 👇 booking.partner-id897123.]com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo 👇 ⛔️80.64.18.]173/nhf7/knfl.exe Sample bazaar.abuse.ch/browse/tag/80-… AnyRun app.any.run/tasks/5972a8c5… app.any.run/tasks/d9ba419a… cc Mikhail Kasimov ܛܔܔܔܛܔܛܔܛ Kelsey

#booking #clickfix #fakecaptcha 👇 1nspiricity.]com pather-cancels.]com room-id039054.]com 👇 ggetsvverif.]com 👇 80.64.18.]173/nhf7/555.exe Sample bazaar.abuse.ch/browse/tag/80-… AnyRun app.any.run/tasks/c5de5d98… cc Mikhail Kasimov ܛܔܔܔܛܔܛܔܛ Kelsey

Related Pdf👇 "Comprovante-Mercado-Pago-26-05-2025-.pdf" ❇️Related #XWorm V5.2 ⛔️C2 158.69.41.]120:8000 Samples bazaar.abuse.ch/browse/tag/158… ✅AnyRun app.any.run/tasks/29f57a2f… 1/2 cc Dodo on Security 🇵🇸 🇺🇦 Germán Fernández ܛܔܔܔܛܔܛܔܛ Mikhail Kasimov Kelsey

#netsupport #rat GatewayAddress=summer25hot.]org:443 88.218.93[.]71 Main Sample from abuse.ch 👇👇👇 bazaar.abuse.ch/browse/tag/sum… Client32.ini dabe4273412d4d8ae67e8bc1786b3eac ⚠️First Sub 2025-07-07 LIC 7215675bdba98bd30c8e89aafba519de ⚠️First Sub 2025-06-19 cc Mikhail Kasimov Kelsey

#NetSupport #Rat from Squiblydoo submission Samples bazaar.abuse.ch/browse/tag/45-… Client32.ini MD5 17c5e53b00782ded1b35e7caae4db226 First Submission 2025-07-09 cc ܛܔܔܔܛܔܛܔܛ Mikhail Kasimov Kelsey

I vote we normalize providing at least an associated month and year for IOCs shared in blogs / published research - researcher who has been catching up on too many blogs this week

#Latrodectus, pls come back to email. I'm bored. Feels like a "my views do not reflect the views of my employer" moment

We're hiring on our Threat Research team at Proofpoint! If you enjoy making threat actor's lives more difficult (and you want to work with me and lots of other smart people) apply below! 🤓 proofpoint.wd5.myworkdayjobs.com/en-US/Proofpoi…

Catching up on blogs this week. Appears CastleRAT and NightshadeC2 refer to the same malware chain. Just FYI as I just noticed. esentire.com/blog/new-botne… recordedfuture.com/research/from-…