Packed and ready for #PIVOTcon24 ! pivotcon.org/agenda/

Sample is now on VT!

🚩Hash: 5a23a868620ba33a4948bc6b9260f530
🎯Actor name: CloudChat Stealer
🔹Comment: We came across a file on VT named Clip that had some red flags that warranted further investigation.
🌐URL: blog.kandji.io/cloudchat-info…
🔎OnVT: virustotal.com/gui/file/db3ec…

Nice report, thanks for all the IOCs! 29 hashes added to monitoring, we'll let you all know when they show up on VirusTotal #sandworm #apt44 #frozenbarents #hades

Sample is now on VT!

🚩Hash: c6aafc99a0d01670ab765dcc7f1f4659
🎯Actor name: LightSpy
🔹Comment: We link the DragonEgg malware to the sophisticated iOS implant LightSpy and its Android component
🌐URL: threatfabric.com/blogs/lightspy…
🔎OnVT: virustotal.com/gui/file/bd6ec…

Sample is now on VT!

🚩Hash: f7eb86f60458ea8888b8df86dd4baf93
🎯Actor name: Blackwood
🔹Comment: ESET analysis of a sophisticated implant named #NSPX30 used by the #Blackwood China-aligned threat actor
🌐URL: welivesecurity.com/en/eset-resear…
🔎OnVT: virustotal.com/gui/file/796d0…

Sample is now on VT!

🚩Hash: 7536b375e05135eb1e9123c28e2326cf
🎯Actor name: Ke3chang
🔹Comment: We look at a previously undocumented malware family and the other Ke3chang malware families detected from 2015 to 2019
🌐URL: web-assets.esetstatic.com/wls/2019/07/ES…
🔎OnVT: virustotal.com/gui/file/10bd6…

Sample is now on VT!

🚩Hash: 4e46218da434ed4da24dc086f6262c27
🎯Actor name: Earth Krahang
🔹Comment: Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide
🌐URL: trendmicro.com/en_us/research…
🔎OnVT: virustotal.com/gui/file/6d03c…

Sample is now on VT!

🚩Hash: a739bd4c2b9f3679f43579711448786f
🎯Actor name: Multiple, UNC5221
🔹Comment: Mandiant has identified multiple new variants of WARPWIRE across our response engagements and in the wild
🌐URL: mandiant.com/resources/blog…
🔎OnVT: virustotal.com/gui/file/a739b…

That's a nice set of IOCs! Added to monitoring, we'll let y'all know when they appear on VT! #apt28 #sofacy #someblizzard

Thanks for sharing the IOCs! We've added the two missing hashes to monitoring and we'll let y'all know when they show up on VT! #bibiwiper

Great excerpt from Byron Tau's new book - how the Pentagon learned to use targeted ad data to locate and track Putin and other targets wired.com/story/how-pent…

Got any IOCs you'd like us to monitor and notify you when they appear on VirusTotal? DMs are open!

Sample is now on VT!

🚩Hash: b4a31fa229cd1074c5cbd1c84a01c6ae
🎯Actor name: #UNC5221
🔹Comment: #ZIPLINE is a passive backdoor used by #UNC5221 after exploiting CVE-2023-46805 and CVE-2024-21887 on Ivanti devices
🌐URL: mandiant.com/resources/blog…
🔎OnVT: virustotal.com/gui/file/8cad7…

Sample is now on VT!

🚩Hash: 991461b86aebecfd096dc11ff2a04b4b
🎯Actor name: COATHANGER
🔹Comment: The NL MOD was impacted in 2023 by an intrusion into one of its networks with previously unknown malware #COATHANGER
🌐URL: github.com/JSCU-NL/COATHA…
🔎OnVT: virustotal.com/gui/file/99146…

Sample is now on VT!

🚩Hash: 88e38e212591ffaf3c3400b22b8988d6
🎯Threat name: Ov3r_Stealer
🔹Comment: Trustwave SpiderLabs discovered a new malware named Ov3r_Stealer
🌐URL: trustwave.com/hubfs/Web/Libr…
🔎OnVT: virustotal.com/gui/file/88e38…

It's always open season on Volt Typhoon around here. 4 hashes from the CISA report added to monitoring, we'll let you know when they show up on VT!