Kafeine's last tweet&post. Choose Again. malware.dontneedcoffee.com/2020/02/Choose… Over and out.

2020-03-04: 🆕🔥"Breaking #TA505’s #Crypter with SMT Solver" h/t sysopfb 🔦Using Satisfiability Modulo Theories (SMT) solver to break the latest variant of the crypter being used on #Get2 Crypter Overlap➡️TA505 leveraging #Clop/CryptoMix & #MINEBRIDGE labs.sentinelone.com/breaking-ta505…

Pretty cool #highjacker targeting Barclays Bank ; thanks to 🌃Zerophage🌌 for the vbs: 1st stage: app.any.run/tasks/97c94b9e… 2nd stage: app.any.run/tasks/4f6da57f… c2: casaconceitoltda[.]info

⚠️#TA505 #malware as #COVID2019 #COVID19 #COVIDー19 ☣️ hxxp://www.0202.com.tw/~miki/9dwjrv/1mumq.html POST: hxxps://dysoool.]com/casemd Vitali Kremez KW AdamTheAnalyst stoerchl merlos JAMESWT_MHT Matteo Lodi Bl4ng3l #infosec #CyberSecurity #ThreatIntelligence

There's a Coronavirus themed ransomware, that actually encrypts. Encrypted files gets name: %email address%___%original filename & ext% Note: CoronaVirus.txt "Donations to the US presidential elections are accepted around the clock." 🤔 Michael Gillespie cc Vitali Kremez

2020-03-18:🆕[Intel Corner]📺 My Perspective on #CoronaVirus Outbreak: #Cybercrime View | Exploiting FUD & Corona Outbreak for Cybercrime | No Honor Among Thieves Help Defend Healthcare as Needed for Time Being to Thwart Disruption youtube.com/watch?v=1Komgg…

[Beginners] I recently noticed an IcedID campaign using DLLs as initial loaders, rather than EXEs - as DLL unpacking isn't quite as simple as EXE unpacking, I decided to do a quick write-up on how to unpack them! You can grab the sample from VirusBay! 0ffset.net/reverse-engine…

The #DarkHotel (APT-C-06) Attacked Chinese Institutions Abroad via Exploiting SangFor #VPN Vulnerability blogs.360.cn/post/APT_Darkh…

#ZLoader malspam from today with new downloader URLs: hxxp://nevefe.com/wp-content/themes/calliope/wp-front.php hxxp://lakeviewbinhduong.com.vn/wp-content/themes/calliope/wp-front.php Both redirect to DLL at: hxxp://176.96.238.22/f.dll

I just published a blog post on the domain generation algorithm of Zloader: johannesbader.ch/blog/the-dga-o… #dga #zloader

New blog post on Bypassing World of Warcraft Read-Only code protection ferib.dev/blog.php?l=pos…

2020-05-26:🎇I am beyond thrilled to 🗣️present on top-tier current #cybercrime group🇷🇺#TrickBot & state-sponsored for-profit #APT operations nexus🇰🇵#Lazarus @ personal favorite European conference 🇵🇱confidenceconf now online format "CONFidenceONline2020" confidence-conference.org/confi_online.h…

2020-06-08: 🆕🐍#SNAKE/#EKANS #Ransomware | Possible Honda Lockdown Incident RW References to Honda: 1⃣Honda ISP ("AHMC") 🇺🇸IP "170.108.71. 153" 2⃣"MDS. HONDA. COM" Check Source: C:/Users/Admin3/go/src/.../<RAND>.go MalwareHunterTeam BleepingComputer

New releases: #PEsieve 0.2.7 (github.com/hasherezade/pe…) & #HollowsHunter 0.2.7 (github.com/hasherezade/ho…)

Threat Group Cards: A Threat Actor Encyclopedia v2.0 is released. Download: thaicert.or.th/downloads/file…

2020-07-08:🎇[Exciting] Introducing VK Intel: Digital Forensics & Incident Response: "VK Intel: Digital Forensics & Incident Response" due to multiple requests & business demand😉 ✅Immediate & efficient incident response focusing on breaches & #ransomware Contact & file DFIR/malware ticket👇 vk-intel.com

Since I couldn't really find any information on #ursa #loader here is a new blog post with 3 rabbit holes on the obfuscation and file extraction. pcsxcetrasupport3.wordpress.com/2020/08/10/urs…

A few months ago Cellebrite announced that they would begin parsing data from Signal in their extraction tools. It seems they're not doing that very carefully. Exploiting vulnerabilities in Cellebrite's software, from an app's perspective: signal.org/blog/cellebrit…

Some researchers are propagating, that since a large number of victims hit during the REvil Kaseya attack were hit with the same public key, only one victim paying the ransom will be enough to decrypt all victims. Let's talk about that.

An open letter to @CoreSecurity regarding #CobaltStrike: gist.github.com/silence-is-bes…