ExecuteMalware

17.5K posts

ExecuteMalware

ExecuteMalware

@executemalware

#malware hunter & analyst. Opinions are my own.

Cold country Katılım Haziran 2016
171 Takip Edilen27K Takipçiler
ExecuteMalware retweetledi
Michael Gazzano
Michael Gazzano@michael_gazzano·
Compiled V8 bytecode malware is a blind spot for defenders. At #BHUSA, @hasherezade shows how Check Point Research broke down JSCeal and built an open source toolkit that decoded 15/15 payloads, offering a repeatable approach to bytecode threats. #breaking-the-seal-static-deobfuscation-of-compiled-v8-javascript-bytecode-malware-53041" target="_blank" rel="nofollow noopener">blackhat.com/us-26/briefing…
Michael Gazzano tweet media
English
2
6
58
4.5K
ExecuteMalware retweetledi
Unit 42
Unit 42@Unit42_Intel·
New #ClickFix campaign leverages on-the-fly WebAssembly and #steganography through SVG files. Pages from legitimate but compromised sites lead to fake verification pages that instruct viewers to paste content into a Run window. Details at bit.ly/4gCuNAZ
Unit 42 tweet mediaUnit 42 tweet mediaUnit 42 tweet mediaUnit 42 tweet media
English
2
51
202
17.1K
ExecuteMalware retweetledi
James
James@James_inthe_box·
#remcos hta and payload in an #opendir at: http://157.254.223\.141/25/
James tweet media
English
0
3
14
1.4K
ExecuteMalware retweetledi
ReversingLabs
ReversingLabs@ReversingLabs·
#ClickFix works because it doesn’t look like an attack. No exploit. No zero day. No obvious malware file on disk. Users trigger it themselves via fake CAPTCHA pages, clipboard tricks, and tools like PowerShell. Read RL’s 5 takeaways: hubs.ly/Q04pB-Tf0
English
0
4
8
764
ExecuteMalware retweetledi
RubberDuck
RubberDuck@RubberDuckCz·
It's here. An interactive map of the PE format — click any field, watch its bytes light up, see exactly what it points to and why. Single HTML file. Fully offline. No install. #reverseengineering #windowsinternals #peformat
RubberDuck tweet media
English
2
11
58
4.5K
ExecuteMalware retweetledi
RussianPanda 🐼 🇺🇦
RussianPanda 🐼 🇺🇦@RussianPanda9xx·
Ever wonder why you keep finding rogue RMMs in your environment? Because it ain't "shadow IT". It's a RAT with a support contract. TAs figured out the play: don't write malware, resell the RMM. They're selling it as a service now. RMS-as-a-RAT, from $2,000/month. Check your inventory 👀
RussianPanda 🐼 🇺🇦 tweet media
English
5
23
126
6.8K
ExecuteMalware retweetledi
karttoon
karttoon@noottrak·
If anyone is looking for some LummaStealer or Remus domains - added from older research (+~1500/+~160) github.com/karttoon/iocs/ Need to find time to write a blog on the research, which admittedly I may be too lazy to do, so will just dump some iocs
English
0
8
10
1.1K
ExecuteMalware retweetledi
ANY.RUN
ANY.RUN@anyrun_app·
🚨Crypto theft, ransomware, and full system takeover — Neptune RAT poses real business destruction risk via everyday platforms. 👨‍💻 Essential reading for SOC teams on evolution, IOCs & defenses: any.run/malware-trends…
ANY.RUN tweet media
English
0
4
13
1.7K
ExecuteMalware retweetledi
ANY.RUN
ANY.RUN@anyrun_app·
⚠️ Growth was broad-based last week. Alongside another jump in #AsyncRAT activity, #Vidar, #XWorm, #Stealc, #AgentTesla, #Remcos, and #DCRat all moved higher. 📌 Trend to watch: attackers aren't relying on a single malware family to drive activity. Growth across both RATs and stealers suggests they're maintaining multiple paths to compromise at once. Monitor the malware driving today’s attacks: any.run/malware-trends… #Top10Malware
ANY.RUN tweet media
English
1
4
13
1.9K
ExecuteMalware retweetledi
Threat Insight
Threat Insight@threatinsight·
This Only Malware in the Building podcast will have you saying, "StealC you later." 👉 thecyberwire.com/podcasts/only-… Now that #OperationEndgame has disrupted major #malware ecosystems SocGholish and StealC, explore what this means for the evolving web injection threat landscape.
English
0
2
2
1.5K
ExecuteMalware retweetledi
Kyle Cucci
Kyle Cucci@d4rksystem·
Anyone use #x64dbg-automate for automating malware debugging workflows? I've been playing around with it for unpacking and decrypting strings and it's very useful. Especially when code emulation isn't viable for whatever reason. dariushoule.github.io/x64dbg-automat…
Kyle Cucci tweet media
English
6
19
118
6.9K
ExecuteMalware retweetledi
cr3ghost
cr3ghost@cr3ghost·
Adding to this list. All free. No paywall. No signup. exploitreversing.com - 700+ pages of malware analysis and exploit research class.malware.re - full university malware analysis course malwareunicorn.org - RE101, RE102, macOS RE, PE injection azeria-labs.com - ARM assembly, shellcode, heap exploitation revers.engineering - applied RE series and hypervisor development pwn.college - buffer overflows to kernel exploitation p.ost2.fyi - 30+ courses, WinDbg, IDA, Ghidra, UEFI, kernel exploitation corelan.be - 41 tutorials spanning 17 years of exploit dev fuzzysecurity.com/tutorials.html - 19-part series, usermode to kernel windows-internals.com - Windows internals, secure kernel, VBS, KDP, dynamic analysis YouTube: @_JohnHammond" target="_blank" rel="nofollow noopener">youtube.com/@_JohnHammond @LiveOverflow" target="_blank" rel="nofollow noopener">youtube.com/@LiveOverflow @lauriewired" target="_blank" rel="nofollow noopener">youtube.com/@lauriewired @allthingsida" target="_blank" rel="nofollow noopener">youtube.com/@allthingsida @OpenSecurityTraining" target="_blank" rel="nofollow noopener">youtube.com/@OpenSecurityT… Thousands of dollars worth of knowledge. All free. #ReverseEngineering #MalwareAnalysis #InfoSec
cr3ghost tweet mediacr3ghost tweet mediacr3ghost tweet mediacr3ghost tweet media
RussianPanda 🐼 🇺🇦@RussianPanda9xx

I have been seeing reverse engineering / malware analysis courses that cost thousands of dollars. Do you know you can actually learn that for free, right? There are also a bunch of other courses out there that are way cheaper or even free: - courses.0ffset.net - malwareanalysis-for-hedgehogs.com - invokere.com - github.com/RPISEC/MBE - guyinatuxedo.github.io/index.html - openanalysis.net - p.ost2.fyi - taomm.org

English
8
275
1K
61.6K
ExecuteMalware retweetledi
rifteyy
rifteyy@rifteyy·
These Brazilian government compromised sites are easily findable if you look for Inno->NodeJS combo with *.gov.br URL virustotal.com/gui/file/c8702… - Jinan Baolian Deng Network Technology Co., Ltd. virustotal.com/gui/file/8b3f0… - TRADECONSULT AS virustotal.com/gui/file/e0dae… - Xryus Technologies LLC
rifteyy tweet media
rifteyy@rifteyy

"TRADECONSULT AS" signed file coming from government website hxxps://camaraparaguacu.sp.gov.br/doc/xH6jrEMlLp protected with .NET Reactor, drops NodeJS application 💯 app.any.run/tasks/65c36154… virustotal.com/gui/file/8b3f0…

English
0
4
18
2.6K
ExecuteMalware retweetledi
RussianPanda 🐼 🇺🇦
RussianPanda 🐼 🇺🇦@RussianPanda9xx·
I have been seeing reverse engineering / malware analysis courses that cost thousands of dollars. Do you know you can actually learn that for free, right? There are also a bunch of other courses out there that are way cheaper or even free: - courses.0ffset.net - malwareanalysis-for-hedgehogs.com - invokere.com - github.com/RPISEC/MBE - guyinatuxedo.github.io/index.html - openanalysis.net - p.ost2.fyi - taomm.org
English
21
167
823
125.5K