Jazi @h2jazi
Threat Intel researcher! Technical tweets only; not reflective of employer's views. No endorsement of political groups/entities. Joined October 2012-
Tweets3K
-
Followers7K
-
Following522
-
Likes4K
It seems #Gamaredon #APT is using CVE-2023-3881 to attack Ukraine. This sample was submitted to VT from Poland. d8ccaef116cada9c558f9e912d5cf7ef2978082611e677f6f55ca233f47a2f68
#MustangPanda #PlugX submitted from Mongolia: f1f6024579e7c3475f5182aa177f791d1bdffc2e8ceb1e71758d02c2bdf3715a file. zip 6b35d16ab649078c24b669aafaafdcafc5a527b9a7a9e5ac1ad90d751e377a41 xlbrowser.dll 45.76.132.25 ref: lab52.io/blog/mustang-p…
This looks interesting! It may be related to the #TransparentTribe #APT New Oil License.exe aaaae5f5d7f58eb8c970c4e5407fb2f4597bc81674d006c5e2d1462a3b133d74 88558ef568b3c775b2d79499b74dc3ecde7c049440c8872573fc6622433eec17 176.56.237.126
#APT attack targeting Indian Air Force: 9f8eee2c2096fd9c78488d71af45e59a invite.iso Payload: (Go based stealer) 08e0393a8e4222d4ca8b60459c2db62c scholar.exe Related to this blog post: cyble.com/blog/cyber-esp…
Another sample part of this campagin: #SugarGh0st RAT 852aa98d908fe1e09f985cd403fcf9a5 Presentation HAZARASP FEZ (eng) (1) .lnk 9d2ec11446e0cb5c9ae35575a5eb2031 ~46727395.js account.drive-google-com[.]tk x.com/h2jazi/status/…
Another sample part of this campagin: #SugarGh0st RAT 852aa98d908fe1e09f985cd403fcf9a5 Presentation HAZARASP FEZ (eng) (1) .lnk 9d2ec11446e0cb5c9ae35575a5eb2031 ~46727395.js account.drive-google-com[.]tk x.com/h2jazi/status/… https://t.co/LCqgC6Dhrm
This looks interesting! 4f59ca0bc42171562d3c320e88bb35d5 southafrica.rar It is exploiting the CVE-2023-38831 to drop a python based stealer. 485def7433b510c341f7ea03b021a9d0 token-logger.exe (Looks like it is based on a open source stealer available on Github)
#APT28 phishing: 8d6a24eac7a90860edaf6721856ff11ce0cff9dd3dc9c2b546a3fdf9d15be4ed report.html a5418213e34f81913726f19cdeefa8d9e3d425a8786eda086e56faacea1372ae ukrNet .html 202.55.80.225
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need Job
Michael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaF
Will @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvil
Germán Fernández @1ZRR4H
29K Followers 575 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱
ςεяβεяμs - м�.. @c3rb3ru5d3d53c
21K Followers 235 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/SfTI8uJa23
Virus Bulletin @virusbtn
59K Followers 1K Following Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @[email protected]
Max_Malyutin @Max_Mal_
11K Followers 302 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
DebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.
0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |
Kimberly @StopMalvertisin
16K Followers 631 Following Security Researcher | Cyber Threat / Malware Analyst | Ex Sr. Threat Analyst @ Proofpoint | Founder of Stop Malvertising
James @James_inthe_box
21K Followers 438 Following
JAMESWT @JAMESWT_MHT
35K Followers 419 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW
Cyber_OSINT @Cyber_O51NT
15K Followers 295 Following OSINT treasure hunter, investigator, Cyber Threat Intel analyst, cyberspace explorer. I enjoy studying cyber threat actors. Opinions are my own.
Matthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber Content
Gi7w0rm @Gi7w0rm
14K Followers 678 Following Threat Intelligence and #URINT Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p
Jocal Lo @LoJocal59639
9 Followers 12 Following
WeinBerg @WeinbergThird3
82 Followers 503 Following
xff @xff16310397
16 Followers 437 Following
PhantomPanda @Phantom_Panda__
4 Followers 78 Following
Norris @NorrisN60014
437 Followers 2K Following Just an Indigenous Academic/ Researcher. On my journey to complete my MD & MSc. Specialized in: Applied Psych, BioSci, Native Studies, tech.
S@ge£? @s_sge49884650
1 Followers 76 Following
Thanks Always @iTimonPumbaa
9 Followers 368 Following
Marsk @Marsk415595
1 Followers 14 Following
Complex ingredients @bztcYnseX7XwLDr
0 Followers 365 Following
Will @William48233471
1K Followers 649 Following USMC vet, A & P mechanic and fitness enthusiast. Spent years traveling Central and South America
pyo3nyo @po3nyo
1 Followers 521 Following
Unkown @derinsiderx
158 Followers 268 Following
Silicon Freak @FreakSilicon
15 Followers 136 Following
lala guo @lalaguo1
1 Followers 110 Following
Myl @mylwaremyk
13 Followers 47 Following
operations6 @_operations6_
1K Followers 1K Following
Mo0n Sha𝄞ow @null001__
46 Followers 2K Following
Mohit Chaudhary @mkmohit257
202 Followers 2K Following Just a random person trying to achieve something 🙄
kyle (no relation) @idleAm
54 Followers 1K Following Probably not who you're looking for. Carry on. mastodon: @[email protected]
Jay ☕ @Jason_Chiasson
4K Followers 120 Following Ph.D. in CyberSec, living a quiet life 🔕 I focus on simplicity & peace of mind 🍃 I love my family 💗
tomas @tomas7959886682
0 Followers 51 Following
mallang @mallangmallan12
1 Followers 13 Following
tsr @tsr1654079
4 Followers 128 Following
Ryan @Chick3nHawk01
705 Followers 2K Following Cyber Security Analyst | MBCS | RITTECH | Lead Organiser @bsidesNCL | Views are my own
Escanor @escanor_rhitta
32 Followers 412 Following
John @CyberDefenseSA
8 Followers 210 Following
∞kumaor.xrd.Ӿ @KumaorAkaa
135 Followers 2K Following maxi $XRD, $ICP, and $XNO. pro web3, anonymous security/privacy coins #RADIXDLT #ICP #XNO #Ӿ
Shon @_ShonJM
24 Followers 62 Following 🇮🇳🇦🇪🇨🇭🇫🇷🇪🇸|Travelling|books| ‘young lad with lot of dreams ‘. Enthusiast of International policies, strategies and public affairs.
deividuchiha @Deividmira56071
19 Followers 371 Following Software Engineer Python, IA Cibersecurity 📚👨🏻💻🚀
John @goldenjackel12
6 Followers 99 Following
CHULYONG @CHULYONG255570
0 Followers 13 Following
cscfufo @cscfufo
27 Followers 2K Following
Infrason1c @infrason1c
1 Followers 74 Following
Кіріл Несте.. @NesterKiril
42 Followers 138 Following
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
MalwareHunterTeam @malwrhunterteam
219K Followers 36 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need Job
Michael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaF
ESET Research @ESETresearch
32K Followers 30 Following Security research and breaking news straight from ESET Research Labs.
Will @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvil
Unit 42 @Unit42_Intel
51K Followers 88 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Germán Fernández @1ZRR4H
29K Followers 575 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱
ςεяβεяμs - м�.. @c3rb3ru5d3d53c
21K Followers 235 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/SfTI8uJa23
Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Thomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my own
Virus Bulletin @virusbtn
59K Followers 1K Following Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @[email protected]
BleepingComputer @BleepinComputer
212K Followers 175 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
Max_Malyutin @Max_Mal_
11K Followers 302 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
DebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.
Karsten Hahn @struppigel
22K Followers 702 Following Malware Researcher at G DATA. Ransomware hunter. he/him 🦔🌈🏳️⚧️
Josh Stroschein | The.. @jstrosch
8K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 700K+ views on YT 😱 Find FREE resources below👇
2ero @BaoshengbinCumt
2K Followers 908 Following #APT Hunter #CTI Free analysis of cyber espionage in the Middle East Sr. Security Researcher VB2022&2023 Speaker Twitter only represents my personal opinion
Teri Radichel #cybers.. @TeriRadichel
10K Followers 2K Following CEO @2ndSightLab | Cybersecurity Author Pentester Researcher Architect | AWS Security Hero l GSE 240 | IANS Faculty | Blog: https://t.co/cFTkNPKZVe
安坂星海 Azaka �.. @AzakaSekai_
9K Followers 1K Following 台湾 / Taiwan (中/En) - 🖌️ #artsyaz Comfy VTuber / threat intelligence researcher (NOT independent) Model + rig @jamama_666 // add. rig @justNovaj
Matthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber Content
Allison Wikoff @SaltyWikoff
539 Followers 823 Following #threatintel Americas Lead @pwc. Hype woman. Beach Rat. Former Adjunct @Columbia. Lover of all the APTs. | All views are my own. @[email protected]
Ryan "Chaps" Chapman @rj_chap
7K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.
Szabolcs Schmidt @smica83
2K Followers 314 Following Threat Intel Specialist and Incident Responder. Private account. All opinions expressed here are mine only. https://t.co/7dQQO1JwUd
Kris McConkey @smoothimpact
5K Followers 867 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.
Elastic Security Labs @elasticseclabs
2K Followers 141 Following Elastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
Josh Long (the JoshM.. @theJoshMeister
151K Followers 3K Following Chief Security Analyst; cybersecurity researcher, infosec writer, public speaker, & podcaster. Focused on Apple, Mac, macOS, malware, privacy, & online safety.
Arda Büyükkaya @WhichbufferArda
3K Followers 942 Following Cyber Threat Intelligence Analyst @EclecticIQ | Threat Hunter | Malware Analyst |. (All opinions expressed here are mine only). 🇹🇷🇳🇱
The DFIR Report @TheDFIRReport
53K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2w
Chris Duggan @TLP_R3D
4K Followers 2K Following Inventor of Patent Pending Endpoint Threat Intelligence Agent (GB2314601.2)
Geri Revay @geri_revay
911 Followers 414 Following Ex-ethical hacker and malware analyst, currently a principal security researcher. I spent the last 15 years learning how hackers work.
Zeba Siddiqui @zebatweets
12K Followers 2K Following Reporter at @Reuters covering hacking and disinformation. Earlier in South Asia. [email protected] https://t.co/lv5mW9YH1N
Jamie 🔜 RSAsí �.. @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.
Andrew Northern 𓅓 @ex_raritas
4K Followers 922 Following 🔮 Senior Threat Researcher at @proofpoint 🔮 | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Epicurean
Parnian @Parnian_7
615 Followers 393 Following Frontline Intrusion Operations Lead|Manager @Mandiant @Google #AdvancedPractices 🦅 #infosec. Ideas my own.
Oleg Shakirov @shakirov2036
6K Followers 5K Following Tweets about international relations & diplomacy, Russian foreign policy, arms control, cyber policy. I have fewer followers in real life
Heidi @Nerdwallah
39 Followers 61 Following
Pierluigi Paganini - .. @securityaffairs
37K Followers 4K Following Founder of Security Affairs, CYBHORUS, and Cybaze. Member Ad-Hoc Working Group on Cyber Threat Landscapes, Ethical Hacker, Security Evangelist, Security Analyst
P4nch0_19 @P4nch019
59 Followers 290 Following Research, Ciberseguridad, ML, DataScience. Mis opiniones son personales y no reflejan la postura de mi empleador ni mis colaboradores.
Daniel Lunghi @thehellu
2K Followers 600 Following Threat researcher @TrendMicroRSRCH mostly focused on #APT
Fortinet @Fortinet
153K Followers 3K Following Our mission is to secure people, devices, and data everywhere. #Fortinet
Azim @AShukuhi
4K Followers 2K Following CTI guy focused on cybercrime and moonlights as a rowing coach
Chris Bing @Bing_Chris
35K Followers 10K Following @Reuters reporter. Covers hacking + foreign affairs. @SAISHopkins student.📧: [email protected] I☎️Signal: 2O2-51O-O174. More contact info: https://t.co/FnTdrahhi0
pro2c@l @aamirlakhani
23K Followers 2K Following Blogger, tech guy, infosec specialist, secret agent, and all-around good guy.
Sekoia.io @sekoia_io
3K Followers 147 Following A #SOCplatform driven by #threatintelligence and combining #SIEM, #SIRP, #TIP, #logmanagement in a single solution. Used by End-users, MSSP and APIs
Itay Cohen🌱 @megabeets_
5K Followers 488 Following Animal liberation activist & Reverse Engineer 🌟 Forbes 30 Under 30 • Maintainer of Cutter and Rizin • Leading Research @ Check Point • I don't eat animals.
Wendi Whitmore @wendiwhitmore
3K Followers 470 Following SVP, Palo Alto Networks Unit 42. Member DHS CSRB, WEF Cybersecurity Council. USAF Veteran.Former CrowdStrike, Mandiant, & IBM Security X-Force.All views my own.
Mathieu Tartare @mathieutartare
528 Followers 521 Following Malware Researcher at @ESETresearch @[email protected]
ali karimi @alikarimi_ak8
1.9M Followers 33 Following
Dara Sklar @DaraSklar
244 Followers 980 Following Tech PR & cybersecurity nerd by day. Yoga and dance parties at night. Lighthearted all the time. She/her
Neil Jenkins @nejenkins
1K Followers 1K Following PhD Chemist doing cyber @Cisco @TalosSecurity. Opinions = my own. Homies w/ @IST_org, @MasonNatSec. Former @DHSgov, @CyberAlliance. @[email protected]
Daniel @dansomware
364 Followers 748 Following threat research @proofpoint // tweets are probably someone else's
Tonya Riley @TonyaJoRiley
10K Followers 3K Following Privacy reporter @BLaw. Vice-chair @GuildatBIG. Formers @cyberscoop @washingtonpost Cat tweets. Flash fiction. Revising a novel. ✉️[email protected]
Ethan Jewell @EthanJewell
415 Followers 346 Following 📍Dallas | 👔 Software Engineer @ JP Morgan Chase & Co. | 🗣 En/한/中
Dmitry Melikov @DmitriyMelikov
2K Followers 284 Following Threat Researcher @BlackBerry #Cylance #cti #apt Former Threat Researcher @InQuest
Lawrence Abrams @LawrenceAbrams
17K Followers 834 Following Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepincomputer. Signal: (646) 961-3731 * https://t.co/LXVRoICs8Z
Laura Whitt-Winyard @L_WhittWinyard
2K Followers 4K Following ICIT Fellow| HMG Strategy Advisory Board Member| Featured: Women Know Cyber available on Amazon| Advisor on https://t.co/qkYNb1nXc4
SwitHak (👁) @SwitHak
5K Followers 710 Following French Security Analyst (Fmr TelcoSec) Cyber / Security / Geopolitics & and others. Personal Account, My opinion! Lang: ENglish & FRenchThanks everyone for playing 🙏 Here is the Lazarus one 🥷🇰🇵
@malwrhunterteam @ShadowChasing1 @h2jazi @cyb3rops Very interesting execution: "C:\Windows\system32\cmd.exe" /c ftp.exe -s:"CV-Nguyen-Quang-Sang.rar" & cmd.exe /c ftp.exe -s:"oracle-certified-expert.png" 🧐 Next stages from (down now): hxxps://dftcl3xcjw5rs[.]cloudfront[.]net/
"CV-Nguyen-Quang-Sang.rar": 1f912f07df26475797d26bd8dadf461f9aaaf52ff39f323935939c375a60fbbe 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
Pivoting possible Volt Typhoon 🇨🇳 infrastructure Each of the infrastructure is using: SSL Certifacte C=en, ST=rg, L=df, O=vb, OU=ty, CN=jdyfj nginx 1.20.1 and redirect to google 2[.]58[.]15[.]30 66[.]85[.]27[.]190 45[.]32[.]174[.]131 cc @DrunkBinary @TomHegel @BushidoToken
@h2jazi also #mustangpanda #apt - the resulting payload is a variant of the TOneShell family
@h2jazi Ah yeah this one is relatively old by now. It uses ADS to trigger its payload - though the ADS is either corrupt or was never working to begin with as its file size is zero.
"Archive files with a non-matching extension" is a great hunt technique. IE, in this case, it was a RAR as a "TAR", exploiting to go jpg->cmd. This is very rare. (victim is outing themselves). PDF attachment -> box -> "tar"/rar -> jpg->cmd->b64 cert->hex->file -> google drive
#ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. blog.talosintelligence.com/arcanedoor-new… Great collaboration between Cisco PSIRT, Talos and various intelligence partners. #CVE-2024-20353 #CVE-2024-20359 #LineRunner #LineDancer #UAT4356 #STORM-1849
@h2jazi @ShadowChasing1 @cyb3rops Thanks! I had no time (nor interest really) to look more yesterday. So, interesting/strange: - if it was used in 2019 summer, why last modified in 2020 May? - even more, the file remained on the university's website for ~4 years from 2020 May, as it was still there past week. 🤔
Based on experts agreed that the recent "test_interview.zip" sample (x.com/malwrhuntertea…) was from North Korean actors, let me present you this @github account that should be related to them: https://github[.]com/TimothyGomez59168093 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
"test_interview.zip": 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca Maybe @ESET caught something interesting here... 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
@github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H Look for a "gift" in "sports_platform_app/backend/imageDetails.js" file...
@github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H @ESET @pkalnai There's also this "Centex-Staking-Master-master.rar" some hours ago uploaded sample that is too detected by @ESET: a229e8df494cd747832f7884b9265771ed9d8b45d8efa9df5181e8f8fc69db9d I have no time to verify, but would bet that this too a real catch and not a FP from them...
@malwrhunterteam @github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H TimothyGomez59168093@gmail[.]com - is the email attached to the Git account, last updated 2024-02-23 01:38:14 (UTC). Name/Email looks a bit auto generated but who knows. I know Git's internal TI are usually pretty quick to take down malicious repos - i've flagged this to them
@malwrhunterteam @github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H Here is another one #Lazarus #GitHub
@ESET @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H Related "test-task\.zip": f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a
@dimitribest Big thanks for the credit and sharing the great summary! Tracking this campaign has its challenges; Virustotal only scans a few scripts inside the uploaded package, not the entire file. So, my Yara rule mostly missed malicious ones. Thankfully, ESET's detection helps me keep…
A NukeSped verdict usually corresponds to the #Lazarus cluster. After validating it with the master @unpacker, it is safe to say it is a North Korean Op. Threat Actor: North Korean Cluster 🇰🇵 Context: infosec.exchange/@spark/1116213… Malicious file name: test_interview.zip 📃 Malicious…
"test_interview.zip": 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca Maybe @ESET caught something interesting here... 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
"Cqlqb.hta": 7715217f4230e3ecdc2a38f120a5b8bbd542426b96d43d38213ca6d83a35a7fc From (404 now): https://evangelia[.]edu/img/503/Cqlqb.hta Question is the university cleaned or the actors moved on so they removed the files? 🤔 @ShadowChasing1 @h2jazi @cyb3rops
"test_interview.zip": 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca Maybe @ESET caught something interesting here... 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
Trends for United States
You might like
