LeetStealer #MalwareAnalysis In-depth analysis of Leet Stealer and its RAT module, featuring reverse engineering of the malicious code and live execution of the RAT. The images highlight the core functionalities of both components #LeetStealer #Infosec #ThreatIntelligence

HTA file deobfuscation from the "fake DMCA report" phishing campaign. Key features shown in the screenshots John Hammond vx-underground ShadowOpCode x.com/_JohnHammond/s…

⚠️ALERT⚠️ there is an OPEN webshell on hxxps://boldcleaningsolutionsatl[.]com/ NEW domains: boldcompanions[.]com boldinnovationspetcare[.]com Cert AgID Gianni Amato JAMESWT vx-underground a lot of malwere inside 😋 cc: tobersotski x.com/AgidCert/statu…

Caminho Loader Malware Analysis #CaminhoLoader #malware #ThreatIntel Szabolcs Schmidt ShadowOpCode x.com/smica83/status…

🚨NEW python stealer🚨 🛸Drops .pyd in %APPDATA%\Local\Temp\_MEIxxxxx ⚠️Relaunch itself via CreateProcessW Exfil👇 browser cookies and password Discord Steam 📡send data via telegram bot C2: api[.telegram[.org/bot8484778379:AAG_EhhM1Ao139HBPfgfV0zVlMSi-2HfkCM/sendMessage bazaar👇

Phishing "Pedaggio non pagato" autostde[.]com domain created today (2025-11-19) Cert AgID JAMESWT illegalFawn Gianni Amato Andrea (Drego) Draghetti 👨🏻‍💻 🎣 Simplicio Sam L.

⚠️Facebook phishing campaign Fake warning about community standards violations, exploiting false account suspension alerts to steal user credentials Domains: checkkaccounttmetta[.short[.gy www[.accccounnts-ke-ta-min-24h-2025[.icu (created on 2025-11-21) Cert AgID JAMESWT

🚨ALERT🚨 Malspam campaign against Sistema Sanitario Regionale Liguria Regione Liguria 📤Sender likely spoofed (🇺🇿 based server) 📥Receiver: Institutional PEC mail > rar > jse > powershell with AES encrypted ps1 > aspnet_compiler.exe (BLACKHAWK > Agent Tesla) IoC and sample below👇