Sabitlenmiş Tweet
Vitali Kremez
4.7K posts
Vitali Kremez
@VK_Intel
Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
New York, NY Katılım Ağustos 2015
86 Takip Edilen43.7K Takipçiler
Vitali Kremez retweetledi
The Week in Ransomware - October 21st 2022 - Stop the Presses - @LawrenceAbrams
bleepingcomputer.com/news/security/…
English
#Royal ransomware operation in action.
Germán Fernández@1ZRR4H
1/ So, site impersonating @Fortinet downloads signed MSI that uses Powershell to run #BatLoader, if the user is connected to a domain (corporate network) it deploys: 1) #Ursnif (Bot) 2) #Vidar (Stealer) 3) #Syncro RMM (C2) 4) #CobaltStrike And possibly 5) #Ransomware 💥
English
Vitali Kremez retweetledi
New Royal Ransomware emerges in multi-million dollar attacks - @LawrenceAbrams
bleepingcomputer.com/news/security/…
English
Offsecurity: First time flying as a private pilot single engine land from east -> west coast of Florida.
Aircraft: Cessna 172N
IFR training and rotorcraft add-on next!
English
Vitali Kremez retweetledi
The Week in Ransomware - September 16th 2022 - Iranian Sanctions - @LawrenceAbrams
bleepingcomputer.com/news/security/…
English
@peterbaurichter @campuscodi Exactly that. Less need for "restorative" IR work in exfil cases
English
🔥Breaking Blog: AdvIntel's State of #Emotet aka "#SpmTools" Displays Over Million 🌎Compromised Machines Through 2⃣0⃣2⃣2⃣
Insight:
*⃣Emotet infection chain is currently attributed to #Quantum & #BlackCat ransomware chains.
advintel.io/post/advintel-…
English
Vitali Kremez retweetledi
The Week in Ransomware - September 9th 2022 - Schools under fire - @LawrenceAbrams
bleepingcomputer.com/news/security/…
English
@AlyssaM_InfoSec Amazing. Congratulations! I have gotten my private pilot license lately well. Finished with 60hrs on Cessna 172N.
Again, congratulations! I want to get a low-wing Cherokee too as I am not a fan of Cessna. Probably, will get after I finish IFR and helicopter PPL endorsement
GIF
English
Vitali Kremez retweetledi
@Ionut_Ilascu Someone is hitting Cobalt Strike servers used by former members of the Conti ransomware gang with messages urging to stop Russia's war:
“Stop the war!”
“15000+ dead Russian soldiers!”
“Be a Russian patriot!”
"Stop Putin!"
English
English
📌We have observed the "Anti-Putin" messages from Cobalt Strike flooding activities mapped to ex-Conti cybercrime enterprise members.
BleepingComputer@BleepinComputer
Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages - @Ionut_Ilascu bleepingcomputer.com/news/security/…
English
Insight:⚡️#Emotet loader-as-a-service infection metrics globally for 2022 of ~1,300,000 unique bot_ids / top targeted infected by loader (including honeypot activity). Still alive but on a general decline.
The public report is incoming.
English
@james_vinocur @campuscodi Thank you, James :) Great to see you here!
English
Callback phishing was the tactic that enabled a widespread shift in the approach to ransomware deployment. This is what made the approach so unique and effective 👇
English
⚡️2022 Trend: Call-back phishing campaigns aka "BazarCall" are the de-facto top method of getting a backdoor on the protected corporate networks.
1⃣Ransomware and extortionists want to talk to the corporate employees over ☎️.
2⃣Targets are just larger & phishing is more complex
English
@LawrenceAbrams @MsftSecIntel @demonslay335 @malwrhunterteam There are quite a few current "noname" ransomware payloads used by the related group.
The graph is missing quite a few including Diavol & BlackByte and others.
English
Anyone heard of this Agenda ransomware from Microsoft's new report?
@VK_Intel @MsftSecIntel @demonslay335 @malwrhunterteam
English
⚡️Timely report on the latest Cobalt Strike domain fronting technique leveraging tyk[.]io.
Many ex-Conti groups leverage this domain fronting technique for Cobalt Strike beacon resolver/traffic.
Watch out for tyk[.]io traffic.
shells.systems/oh-my-api-abus…
English