Pastebin.com/BxgXe741

Pastebin.com/yyXy5j81

#APT28 Confirm the #Zekapab attribution, continue to use the hex encoded for hiding the URL to join and strings. Have some minors modifications, this check the connectivity with only localhost this time.

Whoever made this: WOW 🤣🤣🤣🤣🤣🤣🤣

#solarwinds #threatintel threatpost.com/mimecast-solar…

#solarwinds #mimecast #threatintel

Today our researchers have found botlib implant which belongs to #WellMess #APT29 group ITW:66b933a074f97f548582789a55c54258 filename:mschkdsk.exe C2:192.48.88.107

WellMess and WellMail malware targets COVID-19 Vaccine organization. ~ Hacking and Cybersecurity Forum #threatintel zero-dayhacking.blogspot.com/2021/05/wellme…

I see WellMess malware on virustotal recently virustotal.com/gui/file/73d79… using known C2 103.253.41[.]82 maybe no longer used #APT29 #threatintel

Maybe new WellMess C2 111.90.147[.]248 with SSL certificate d1bcf440d6d38d8cfd854e57376a91307b07192f2f52f6b03f5735f7746e0d4c near old reported APT29 servers 111.90.146[.]143 and 111.90.150[.]176 Certificate still using CN=* but issuer Thawte Consulting cc and subject StartCom Ltd

#WellMess #APT29 #threatintel

The latest activity from #NOBELIUM indicates the Russian nation-state actor is trying to gain long-term systematic access to various points in the technology supply chain and establish a mechanism for surveilling targets of interest. msft.it/6017XhTRD

Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium and APT29 had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies therecord.media/microsoft-says…

What’s your favorite Linux joke? Mine is: Where do Russian Hackers store their exploits? /ussr/bin/

Every day we generate passwords,but how secure are they?Am sure you want a password you can easily remember but difficult to be discovered by unauthorized people. #CyberSecurity #AI #Ransomeware

#APT or #Phishing Email against Navy Pakistan a4c7dd0282a6a6c3242962d88e52488e3a486e29 Docx: 31481c974e12e03f7dc65669fdbc3230a6f873e0 Powershell downloads payload from: jl3.000webhostapp.]com Someone has been faster to get the downloaded payload?

.Malwarebytes notes that Pakistan-linked #APT group SideCopy is targeting military and government institutions in India and Afghanistan to steal sensitive information using new lures and payload delivery mechanisms. Soumik Ghosh reports. bit.ly/3oMYBQ6 #ISMGNews #Infosec

I've analyzed a Lazarus APT malware disguised as Notepad++ shell extension cybergeeks.tech/a-detailed-ana… #ReverseEngineering #infosec

For weeks, observers of North Korea have noted that the country's internet seemed to be under attack, with all its websites down at times. This wasn't the work of US Cyber Command. It was a single hacker getting even after NK spies targeted him last year. wired.com/story/north-ko…

Inside Trickbot, Russia’s Notorious Ransomware Gang wired.com/story/trickbot…