Chris
@phage.nz
📤 489
📥 75
📝 15
High Tech, Low Life | curatedintel.org Team
Over the past month I've seen intermittent runs of a campaign that uses novel methods to deliver stealer malware. This draws similarities with what was described by Blackberry in February:
blogs.blackberry.com/en/2023/02/b...
Techniques include JS delivery, stenography and reflective loading.
about 2 years ago
0
1
0
IcedID. Reviving old tricks. danceharddiehard[.]com > 1azure[.]com > ZIP > ISO > LNK > BAT > rundll32. C2: mistulinno[.]com (as seen in the campaign detailed by Cryptolaemus1 on X this morning) Sample:
tria.ge/231019-3d1wm...
about 2 years ago
0
0
0
IcedID. PDF > ZIP > JS > CMD > Curl > 7Z (PW protected) > DLL. ZIP: hXXps://newssarkari[.]in/directions (via ad68e[.]app[.]goo[.]gl) 7Z: hXXps://gardenconceptstudio[.]pl/wp-includes/js/tinymce/plugins/compat3x/css/5673.7z C2: minutozhart[.]online Sample:
tria.ge/230913-2nkfy...
about 2 years ago
0
2
0
Great work by Wiz, as always. Certainly leaves far more questions than answers.
loading . . .
Compromised Microsoft Key: More Impactful Than We Thought | Wiz Blog
Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally ass...
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
over 2 years ago
0
1
1
Remcos RAT. URL (komamin[.]net) > ZIP > VBS > PS > ielowutil. Payload: 103.10.68[.]110/zimbra/gVCeM32.bin (opendir) C2: septrem.duckdns[.]org:2424 Sample:
https://tria.ge/230717-2c6vtafa63
over 2 years ago
0
1
0
Brilliant new project from Curated Intel lads
@bushidotoken.net
and Freddy. "The Threat Actor Profile Guide for CTI Analysts".
loading . . .
The Threat Actor Profile Guide for CTI Analysts
Threat actor profiles are made for a range of reasons. An example trigger for creating a new profile can include after an incident, e.g., a...
https://www.curatedintel.org/2023/07/the-threat-actor-profile-guide-for-cti.html
over 2 years ago
1
1
1
So good.
loading . . .
GUNSHIP - Monster In Paradise [Official Music Video]
Preorder 'Unicorn' and stream 'Monster In Paradise': https://linktr.ee/gunshipmusicThis video contains bright, flashing lights and/or imagery that may cause ...
https://www.youtube.com/watch?v=l_ulVpYs6vg
over 2 years ago
0
0
0
Interestingly, Microsoft released the advisory for CVE-2023-36884 without any associated patch. However, both the update guidance and this blog post include some great hardening advice which is effective well beyond just the exploitation of this vulnerability.
loading . . .
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse ...
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
over 2 years ago
0
1
0
Remcos RAT. Discord hosted JS. WScript > PowerShell > PowerShell > InstallUtil. Script parts hosted on Pastebin and WTOOLS. Runkey persistence. PowerShell obfuscation in one script is broken. C2: salwanazeeze.ddns[.]net:9595 Sample:
https://tria.ge/230710-3hnf4aeh9z
over 2 years ago
1
2
0
Deepfake crypto scam with 90k+ views still up after 10 hours on a verified account with 58k followers. Common scam kit.
over 2 years ago
0
0
0
Neat new project: a spreadsheet that outlines methods and data sources for analysing adversary infrastructure:
https://docs.google.com/spreadsheets/d/1oBOW5qGJstWYg3qXwSK12MHav4Pz6rzP77FzSB2IEeY/edit?pli=1#gid=1591959748
The author has also produced an accompanying blog post - linked below.
loading . . .
Wyciskając cytryny IoC - metodyczna analiza infrastruktury sieciowej.
Jednym z najczęstszych problemów przed jakimi stają analitycy CTI jest wykorzystanie zgromadzonych danych do odkrycia dalszych elementów wrogiej aktywności, czyli tak zwany „pivoting„. Najpro...
https://counterintelligence.pl/en/2023/07/wyciskajac-cytryny-ioc-metodyczna-analiza-infrastruktury-sieciowej/
over 2 years ago
0
0
0
Remcos RAT. ZIP > EXE (.BAT extension). DLL sideloaded into easinvoker.exe to set a Defender exclusion for C:\Users with PowerShell. OVPN C2. Config:
https://pastebin.com/raw/NsnRP6fw
Sample:
https://tria.ge/230705-avk8aaaa84
over 2 years ago
0
0
0
Hello Bluesky. Hope you're well today.
over 2 years ago
1
6
0
you reached the end!!
feeds!
log in
