M4lcode

Never forget or forgive.

Great report by @anyrun_app good work 👏

🚨 #Phishing on Trusted Cloud Infrastructure: Google, Microsoft, Cloudflare. We’re tracking a growing trend where phishing kit infrastructure is hosted on legitimate cloud and CDN platforms, not newly registered domains. In some cases, these campaigns specifically target enterprise users. This creates serious visibility challenges for security teams. We’ve observed this pattern across multiple #phishkits: 🔹 #Tycoon hosted on alencure[.]blob[.]core[.]windows[.]net (Microsoft Azure Blob Storage): app.any.run/tasks/29b53d89… ⚠️ #Sneaky2FA hosted on legitimate cloud platforms, filtering out free email domains via a fake Microsoft 365 login to target corporate accounts: firebasestorage[.]googleapis[.]com (Cloud Storage for Firebase): app.any.run/tasks/8189dd5e… cloudfront[.]net (AWS CloudFront): app.any.run/tasks/9a2d1537… 🔹 #EvilProxy hosted on sites[.]google[.]com (Google Sites): app.any.run/tasks/07995c22… Victims see a “trusted” provider domain, while the network only sees normal HTML being loaded from cloud infrastructure. What looks clean at first glance is exposed by #ANYRUN Sandbox in under 60 seconds, directly reducing MTTD and MTTR. 🔍 Hunt for related activity and pivot from #IOCs using these search queries in TI Lookup: 🔹 Microsoft Azure Blob Storage abuse: intelligence.any.run/analysis/looku… 🔹 Firebase Cloud Storage abuse: intelligence.any.run/analysis/looku… 🔹 Google Sites abuse: intelligence.any.run/analysis/looku… Many security vendors will flag these domains as legitimate. Technically, they are. That’s why security teams need behavioral analysis and network-level signals to reliably uncover phishing before impact. 🚀 Speed up detection and gain full visibility into complex threats with #ANYRUN. Sign up: #register" target="_blank" rel="nofollow noopener">app.any.run/?utm_source=tw… #ExploreWithANYRUN #IOCs: mphdvh[.]icu kamitore[.]com aircosspascual[.]com Lustefea[.]my[.]id

@MalB3nder Thanks Youssef❤️❤️

@M4lcode congratulation ya dude 🥰

I’m happy to share that I have passed the GIAC Reverse Engineering Malware (GREM) certification. credly.com/badges/6d3df02…

@bugfireIO Thanks Drew ❤️❤️

@M4lcode Awesome! Congrats on successful completion of a tough exam!

@0xdragon1x Thanks❤️

@M4lcode Perfect ☝🏻✨

🔴 LIVE from inside #Lazarus APT's IT workers scheme. For weeks, @BirminghamCyber & @north_scan kept #hackers believing they controlled a US dev's laptop. In reality, it was our sandbox recording everything. See full story and videos ⬇️ any.run/cybersecurity-…

@MalB3nder Thanks Youssef ❤️❤️

@M4lcode gamm3d ya dude ❤️

👀 OpenSource Malware an open database for tracking malicious open-source packages from npm, PyPI, GitHub repos! Great source of intel feed for supply-chain attacks! 👇 opensourcemalware.com

Good morning! ☀️ #GootLoader woke up and chose violence (again) Grab your coffee, this one's JUICY 💣 huntress.com/blog/gootloade…

@anyrun_app Excellent work 🙌

🚨 We uncovered #Tykit, a new #phishing kit targeting hundreds of US & EU companies in finance, construction, and telecom. It uses SVG-based delivery to harvest Microsoft 365 credentials ⚠️ See full analysis, how to detect it, and gather #IOCs: any.run/cybersecurity-…

The report covers: Motivations & Objectives Targeted Regions & Sectors Malware & Toolset Attack Techniques Recent Activity Critical Vulnerabilities Exploited Law Enforcement Actions and Indictments Suspected Ransomware Activity False-Flag Identity on Twitter/X MITRE ATT&CK® IOCs

Just published a deep dive into APT27 (Emissary Panda/Iron Tiger/Lucky Mouse), a Chinese state-sponsored cyber-espionage group active since 2010, known for spear-phishing, watering-hole attacks and exploitation of internet-facing applications. dexpose.io/threat-actor-p…

@binaryz0ne Congratulations🎊, wishing you all the best

Soon, I’ll be joining an incredible team, and I truly can’t wait to begin this next chapter of my #DFIR career! THANK YOU ALL!

After more than a decade in academia, teaching thousands of students and professionals, I’ve decided to return to the world of consulting. I’m deeply grateful to my family for their unwavering support and to everyone who has helped me grow into the person I am today. #DFIR

As-salamu Alaykum I wrote 3 #yara rules about #RedLine stealer , #ArrowRAT, and #MilleniumRat. RedLine:github.com/muha2xmad/yara… ArrowRAT:github.com/muha2xmad/yara… MilleniumRat:github.com/muha2xmad/yara…

@Cyber_Raavan @HackingLZ Thank you 😊

@M4lcode @HackingLZ Great report

@ongahaia @MalGamy12 malops.io/challenges/10

@MalGamy12 @M4lcode how can i access this challenge???

New Challenge on MalOps.io: PureLogs Stealer A fresh analysis challenge is now live. This time, you're looking at PureLogs, a .NET-based info-stealer that’s been seen in active campaigns. Your job is to analysis it to answer our questions created by: @M4lcode

PureLogs is live. A new challenge created by me. good luck

Just published a new blog post on how Microsoft’s “Mouse Without Borders” can be abused for data exfiltration & lateral movement. Features KAPE Target, C# scripts, and a BOF as a poc: 0xsultan.github.io/dfir/Exfiltrat…