sysopfb

Maksim Yakubets was indicted but treasury department also went after Evil Corp, what is really interesting is all the alluding to them being linked to FSB and as it turns out Yakubets is married to the daughter of Eduard Bendersky. w/ Joshua Platt @ WSJPro in Charlotte, NC 1/3

@jason.reaves/decoding-brickstorms-garble-strings-b0a60828b3cc" target="_blank" rel="nofollow noopener">medium.com/@jason.reaves/…

medium.com/walmartglobalt… Kudos to GitHub they were taking stuff down very fast

DFIRReport pastebin link also lines up with one of the pastebins I saw in my blog - "cLika3dt"; thedfirreport.com/2025/03/31/fak…

Auto decoding IOCs from Arechclient and the onboard browser extension they drop medium.com/walmartglobalt…

medium.com/walmartglobalt… go through a little of the panel they are using for the fake invites also

@diego_gg95 Oh well take what I said as a best guess, also don’t feel too bad all the detections from av on vt were less than 5 out of 60+ or however many vt uses nowadays and most were very generic detections

@diego_gg95 The recent ones I’ve seen are LummaC with a c2 of the domain I posted. If you still have yours you can upload it to virustotal and shoot out the link to the file and we can verify if you want.

Samples look like stealers. Some of the recent ones being Lumma placekeawe(.my

Eduard Benderskiy sanctioned: home.treasury.gov/news/press-rel…

Maksim Yakubets was indicted but treasury department also went after Evil Corp, what is really interesting is all the alluding to them being linked to FSB and as it turns out Yakubets is married to the daughter of Eduard Bendersky. w/ Joshua Platt @ WSJPro in Charlotte, NC 1/3

Was fun to dig back into some inject systems medium.com/walmartglobalt…

Hadn't seen this mentioned for stealc before? b717c966167148b7178e67727be7ac55d76d82acab88782e798e477a00abdd8b

Also an interesting overlap in code signing cert, a SpectreRAT and Blackmoon/KRBanker samples