Kimsuky use QuasarRAT blog.alyac.co.kr/5103

Magic is here! We have discovered a previously unknown #APT that has been attacking organizations in the area affected by the conflict between Russia and Ukraine. Observed victims were compromised with previously unknown implants that we dubbed #PowerMagic and #CommonMagic. [1/4]

ThreatLabz has discovered a #GitHub repository owned by a member of the #APT37 threat group. Due to an #opsec failure, the group leaked a wealth of information about malicious activities dating as far back as October 2020. More details here: zscaler.com/blogs/security…

2023-04-03 (Monday) - IoC update: A consistently reliable indicator of #Qakbot (#Qbot) over the past few years has been C2 traffic using TCP port 65400. Since 2021-09-20, this has occurred on 23.111.114[.]52. However, today Qakbot TCP port 65400 traffic switched to 172.107.98[.]3

#Netwire malware indicators. #Malware #ThreatIntelligence #threatintel #IOC otx.alienvault.com/pulse/642d63ef…

IcedID Macro Ends in Nokoyawa Ransomware ➡️Initial Access: IcedID XLS Macro ➡️Credentials: LSASS, Creds in Files ➡️Persistence: Scheduled Task ➡️Lateral: RDP, SMB, WMI, WinRM, Psexec ➡️C2: IcedID, Cobalt Strike, VNC ➡️Impact: Nokoyawa Ransomware thedfirreport.com/2023/05/22/ice… 1/X

#Kimsuky Group’s Phishing Attacks Targetting North Korea-Related Personnel asec.ahnlab.com/en/52970/ Kimsuky Group Using Meterpreter to Attack Web Servers asec.ahnlab.com/en/53046/

#Pikabot ddef0c551d3e5c1ec331bc4239db316a-Loader 56f1a42100754f98594ad8a282e8b648-injector #antidebug & geography region check etc. #malware #reversing #Cybersecurity #MaaS #ThreatIntelligence MalwareHunterTeam JAMESWT_MHT James Florian Roth ⚡️ bohops Michael Gillespie

Microsoft has detected increased credential attack activity by the threat actor Midnight Blizzard using residential proxy services to obfuscate the source of their attacks. These attacks target governments, IT service providers, NGOs, defense industry, and critical manufacturing.

The Unit 42 Managed Threat Hunting team observed #Mythic being delivered by #Blister and #Socgholish (Socgholish → Blister → Mythic). Mythic using makethumbmoney[.]com on 104.243.33[.]129:443 for its C2 traffic.

Lockbit ransomware group, which has been relatively inactive for a few months, just dropped 20+ victims in a single day. They've also reindexed their entire site, over 100+ previous victims are now listed as being leaked today.

Trend Micro researchers analyse a new Android banking trojan. MMRat is capable of capturing user input, screen content, and remotely controlling the devices of its victims. trendmicro.com/en_us/research…

#DarkGate now also delivered via Microsoft Teams REF: truesec.com/hub/blog/darkg… by ICSNick 🙌 Two additional runs most likely related to this campaign: + app.any.run/tasks/cba90c5e… Sharepoint URL

At least 5 APT groups are using .chm malware crazily github.com/blackorbird/AP…

#GuLoader and #RedLineStealer are two malware families featured in this article on extracting #C2 configurations. Using a system written in #Python that scans memory dumps by these families, we make note of newer techniques employed by malware authors. bit.ly/3vhi0y8

SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) S2W의 안드로이드 악성코드 분석 사례!!! Read this story from S2W on Medium: medium.com/s2wblog/secret…

In their latest article Fortinet's Cara Lin & Vincent Li provide detailed insights into the propagation and actions of the Goldoon botnet targeting D-Link devices vulnerable to CVE-2015-2051. fortinet.com/blog/threat-re…

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware blog.kandji.io/malware-cuckoo… #Pentesting #Malware #CyberSecurity #Infosec

Uncharmed: Untangling Iran's APT42 Operations - cloud.google.com/blog/topics/th… See everyone loves curl

Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. msft.it/6013qVXAl