Aaron Jornet

📡New research #SnakeKeylogger | #404Keylogger evolution - One of the most ᵾꞥfamous #malware used by all kinds of #TA and #campaigns ⛓️ #Phishing | Fake link > Loader > Persistence > Load code > #Snake > Obtain info > #Telegram 🔎Full research: rexorvc0.com

@AUZombie Hahahah, preparing the kindle version 😇

@RexorVc0 Nice!! Any chance I could purchase a PDF version? Going to cost a mint to have it shipped to where I live lol

🚨 Big news: New TH Book 🏹 After years in Threat Hunting, I wrote the book I always wanted when I started. The Art of Threat Hunting, practical, technical, no fluff. ⚡Hypothesis generation, queries & adaptation stuff, CTI-driven programs, documentation, team alignment. The full lifecycle. 🦖Full breakdown on the blog: rexorvc0.com 🔗Available on Amazon: amazon.com/Art-Threat-Hun… #ThreatHunting #BlueTeam #Cybersecurity #Research #CTI #Malware #threat

@FAMASoon Thanks mate!!, yep, it’ll be available on Kindle in the future 🙇

@RexorVc0 Great work! I have one question. Do you plan to publish on Kindle? I live in Japan. I’m trying to decide whether to import it or buy it on Kindle.

@gietki_hack Like a funny backache

@RexorVc0 How do you define threat hunting?

@0x401229933 😍🙇 Appreciate it so much!!

@RexorVc0 Congrats! I'll grab a copy🔥

@ignaciosb Thanks a lot 😍🙇🙇🙇

@RexorVc0 Very interesting! I think I will order it! Congratulations!

@fr0gger_ Thanks a lot, mate!!! I really appreciate it 🙇🙇

@RexorVc0 Nice!! Congrats on the launch 👌

@greenplan_it 😍🙇

@RexorVc0 Such great news!! already added to my cart :D

@tuedenn I hope so, thank u so much!! 🤗

@RexorVc0 looks very promising

@osint_barbie @moonlock_lab @moonlock_com @MacPaw @patrickwardle

pupupu! let me tell you who actually did this and thank all of them!!! @moonlock_lab & @moonlock_com for being the dream team! I would not be here without you guys! @MacPaw for being the rare workplace that actually inspires to do better work! @patrickwardle my macOS journey started with your book. everything after that is your fault a little bit 😜 @g0njxa & @birchb0y for being here when macOS stealers were a niche obsession and helping prove it was never just about AMOS and this entire community: researchers, friends, people I've met in conference hallways and in my DMs at 2am.. the last few years have been the best journey I could've imagined! thank you, MY PEOPLE! this one's ours🖤💜🩷

#IOC b57299c00a0991036a96ab4bf5928134 deac8223ed9fc5e0a9adbc01abbe30cb 620221e4c78e8df6f0ce4d489c15dffb 8295b1fac6535f4444a9d477c4225942 96a9321deca6717db13bd5db8d3abba5 ... 🔗VT: virustotal.com/gui/collection…

#TTP 📩[T1566] Social Engineering + Telegram distribution 💿[T1204.002] ISO mount 🧩[T1027.013] PowerShell B64 commands 📥[T1105] Download & deploy modules 🔐[T1553.004] Forged root cert import (DemiMurCA.crt) 🛡️[T1562.001] Defender exclusions ⚓️[T1053.005] Persistence in Tasks 👤[T1136.001] Backdoor accounts (Admin, WGUtilityOperator) 🖥️[T1021.001] RDP takeover + Shadow monitoring 🔀[T1572] SSH reverse tunnel (RDP:30054, SSH:20054) 🕷️[T1082] Collect UUID, MachineGuid, hostname, public IP 🗑️[T1070.004] Self delete binaries 🧅[T1090.003] Tor C2 📡[T1071.001] C2

#APT #APT44 #Sandworm #VoodooBear #backdoor #threat #malware 📍🇷🇺 💥🇺🇦🇪🇺🌍 ⛓️ Social Engineering + #Telegram distribution > ISO (Fake MS office) > Deploy modules (#Tambur|#Kalambur|#DemiMur) > Task Persistence > #SSH reverse tunnel | TOR #C2 > RDP takeover > #C2 + exfiltration 🔗360 Threat intel: mp.weixin.qq.com/s?__biz=MzUyMj…

#IOC 6b0afae982f23b84712147a228886245 a3bba6502f987efae30c3951313452e2 422bf81af2f0e461ede2020648217e16 e34ff54e8ae202c25e3c9db51f39a172 777ee7d08db5bf86a1187a540dc2ffba ... 🔗VT: virustotal.com/gui/collection… ---- 🧬Correlation Same campaign at: paper.seebug.org/3331/ paper.seebug.org/3332/ fortinet.com/blog/threat-re…

#TTP 📩[T1566.001] Spear-Phishing 👥[T1036] Fake PDF & double extension 🗂️[T1204.002] LNK 📥[T1105] Download next stage ⚓️[T1053] Persistence over Tasks 🛠️[T1218] Abuse of legit MSBuild & py 🔃 [T1574.001] Dll side load 🧩[T1027.013] Code obfuscated 🕷️[T1082] Get device & user info 📡[T1071] C&C communication 🕵️[T1059] Execute commands from backdoor

#APT #Confucius #G0142 #python #AnonDoor #threat #malware #RAT 📍🇮🇳 💥🇨🇳🌏 ⛓️ #Phishing > ZIP > #LNK (Fake pdf) + MSBuild (Fake pdf) > Download payload (dll) + Python (whitefile) > Persistence (Tasks) > Dll sideloading abusing python > #AnonDoor #backdoor > #C2 + execution commands 🔗360 Threat intel: mp.weixin.qq.com/s?__biz=MzUyMj…

@atsohom Thank u mate! we try to make it so 🫡

🔍 Operation DoppelBrand🎭 The Threat Research team has covered a massive campaign by GS7, a previously unknown #TA targeting Fortune 500 companies for years. ⛓️ Chain: Creates fake (US/Canada/EU companies) portal > Target #Phishing > Steals credentials via Telegram > Deploys RMM tools for persistent access Full analysis covers: 👁️Initial Discovery 💀Modus operandi & infrastructure 👤Attribution & victimology ⚡️Complete IOC breakdown ➕And more 🔗 Report: socradar.io/resources/whit… 👽 BlogPost: socradar.io/blog/operation… #ThreatIntel #InfoSec #CTI #ThreatResearch #MalwareAnalysis #CyberCrime #malware

@DebugPrivilege Yepp, here's another one, what do you need mate :)

Anyone who currently lives in Spain? DM me. I have some questions.

@0x6rss Totally crazy, mate, great

meet track2pulse.com track2pulse enables you to monitor, via an interactive map, OSINT-driven intelligence streams aggregated from country-specific telegram channels, covering topics such as geopolitics, information warfare, domestic developments, and strategic shifts. you can track: -APT group activities targeting specific countries -Terror-related fatality data and organizational intelligence -Critical infrastructure across relevant geographic regions -The Interpol wanted persons list -War-related flights and aircraft movements (flight tracking) -International arms trade flows between countries -National intelligence insights and satellite imagery-based data -cybersecurity incidents, including ransomware campaigns and threat reports You can create a personalized profile and follow only the developments that align with your operational interests , all in real time, directly on the map interface.