Jazi @h2jazi
Threat Intel researcher! Technical tweets only; not reflective of employer's views. No endorsement of political groups/entities. Joined October 2012-
Tweets3K
-
Followers7K
-
Following522
-
Likes4K
It seems #Gamaredon #APT is using CVE-2023-3881 to attack Ukraine. This sample was submitted to VT from Poland. d8ccaef116cada9c558f9e912d5cf7ef2978082611e677f6f55ca233f47a2f68
#MustangPanda #PlugX submitted from Mongolia: f1f6024579e7c3475f5182aa177f791d1bdffc2e8ceb1e71758d02c2bdf3715a file. zip 6b35d16ab649078c24b669aafaafdcafc5a527b9a7a9e5ac1ad90d751e377a41 xlbrowser.dll 45.76.132.25 ref: lab52.io/blog/mustang-p…
This looks interesting! It may be related to the #TransparentTribe #APT New Oil License.exe aaaae5f5d7f58eb8c970c4e5407fb2f4597bc81674d006c5e2d1462a3b133d74 88558ef568b3c775b2d79499b74dc3ecde7c049440c8872573fc6622433eec17 176.56.237.126
#APT attack targeting Indian Air Force: 9f8eee2c2096fd9c78488d71af45e59a invite.iso Payload: (Go based stealer) 08e0393a8e4222d4ca8b60459c2db62c scholar.exe Related to this blog post: cyble.com/blog/cyber-esp…
Another sample part of this campagin: #SugarGh0st RAT 852aa98d908fe1e09f985cd403fcf9a5 Presentation HAZARASP FEZ (eng) (1) .lnk 9d2ec11446e0cb5c9ae35575a5eb2031 ~46727395.js account.drive-google-com[.]tk x.com/h2jazi/status/…
Another sample part of this campagin: #SugarGh0st RAT 852aa98d908fe1e09f985cd403fcf9a5 Presentation HAZARASP FEZ (eng) (1) .lnk 9d2ec11446e0cb5c9ae35575a5eb2031 ~46727395.js account.drive-google-com[.]tk x.com/h2jazi/status/… https://t.co/LCqgC6Dhrm
This looks interesting! 4f59ca0bc42171562d3c320e88bb35d5 southafrica.rar It is exploiting the CVE-2023-38831 to drop a python based stealer. 485def7433b510c341f7ea03b021a9d0 token-logger.exe (Looks like it is based on a open source stealer available on Github)
#APT28 phishing: 8d6a24eac7a90860edaf6721856ff11ce0cff9dd3dc9c2b546a3fdf9d15be4ed report.html a5418213e34f81913726f19cdeefa8d9e3d425a8786eda086e56faacea1372ae ukrNet .html 202.55.80.225
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need JobMichael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaFWill @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilGermán Fernández @1ZRR4H
29K Followers 575 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱ςεяβεяμs - м�.. @c3rb3ru5d3d53c
21K Followers 235 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/SfTI8uJa23Virus Bulletin @virusbtn
59K Followers 1K Following Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @[email protected]Max_Malyutin @Max_Mal_
11K Followers 302 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsDebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Kimberly @StopMalvertisin
16K Followers 631 Following Security Researcher | Cyber Threat / Malware Analyst | Ex Sr. Threat Analyst @ Proofpoint | Founder of Stop MalvertisingJames @James_inthe_box
21K Followers 438 FollowingJAMESWT @JAMESWT_MHT
35K Followers 419 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcWCyber_OSINT @Cyber_O51NT
15K Followers 295 Following OSINT treasure hunter, investigator, Cyber Threat Intel analyst, cyberspace explorer. I enjoy studying cyber threat actors. Opinions are my own.Matthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber ContentGi7w0rm @Gi7w0rm
14K Followers 678 Following Threat Intelligence and #URINT Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8pJocal Lo @LoJocal59639
9 Followers 12 FollowingWeinBerg @WeinbergThird3
82 Followers 503 Followingxff @xff16310397
16 Followers 437 FollowingPhantomPanda @Phantom_Panda__
4 Followers 78 FollowingNorris @NorrisN60014
437 Followers 2K Following Just an Indigenous Academic/ Researcher. On my journey to complete my MD & MSc. Specialized in: Applied Psych, BioSci, Native Studies, tech.S@ge£? @s_sge49884650
1 Followers 76 FollowingThanks Always @iTimonPumbaa
9 Followers 368 FollowingMarsk @Marsk415595
1 Followers 14 FollowingComplex ingredients @bztcYnseX7XwLDr
0 Followers 365 FollowingWill @William48233471
1K Followers 649 Following USMC vet, A & P mechanic and fitness enthusiast. Spent years traveling Central and South Americapyo3nyo @po3nyo
1 Followers 521 FollowingUnkown @derinsiderx
158 Followers 268 FollowingSilicon Freak @FreakSilicon
15 Followers 136 Followinglala guo @lalaguo1
1 Followers 110 FollowingMyl @mylwaremyk
13 Followers 47 Followingoperations6 @_operations6_
1K Followers 1K FollowingMo0n Sha𝄞ow @null001__
46 Followers 2K FollowingMohit Chaudhary @mkmohit257
202 Followers 2K Following Just a random person trying to achieve something 🙄kyle (no relation) @idleAm
54 Followers 1K Following Probably not who you're looking for. Carry on. mastodon: @[email protected]Jay ☕ @Jason_Chiasson
4K Followers 120 Following Ph.D. in CyberSec, living a quiet life 🔕 I focus on simplicity & peace of mind 🍃 I love my family 💗tomas @tomas7959886682
0 Followers 51 Followingmallang @mallangmallan12
1 Followers 13 Followingtsr @tsr1654079
4 Followers 128 FollowingRyan @Chick3nHawk01
705 Followers 2K Following Cyber Security Analyst | MBCS | RITTECH | Lead Organiser @bsidesNCL | Views are my ownEscanor @escanor_rhitta
32 Followers 412 FollowingJohn @CyberDefenseSA
8 Followers 210 Following∞kumaor.xrd.Ӿ @KumaorAkaa
135 Followers 2K Following maxi $XRD, $ICP, and $XNO. pro web3, anonymous security/privacy coins #RADIXDLT #ICP #XNO #ӾShon @_ShonJM
24 Followers 62 Following 🇮🇳🇦🇪🇨🇭🇫🇷🇪🇸|Travelling|books| ‘young lad with lot of dreams ‘. Enthusiast of International policies, strategies and public affairs.deividuchiha @Deividmira56071
19 Followers 371 Following Software Engineer Python, IA Cibersecurity 📚👨🏻💻🚀John @goldenjackel12
6 Followers 99 FollowingCHULYONG @CHULYONG255570
0 Followers 13 Followingcscfufo @cscfufo
27 Followers 2K FollowingInfrason1c @infrason1c
1 Followers 74 FollowingКіріл Несте.. @NesterKiril
42 Followers 138 FollowingFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇MalwareHunterTeam @malwrhunterteam
219K Followers 36 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need JobMichael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaFESET Research @ESETresearch
32K Followers 30 Following Security research and breaking news straight from ESET Research Labs.Will @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilUnit 42 @Unit42_Intel
51K Followers 88 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.Germán Fernández @1ZRR4H
29K Followers 575 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱ςεяβεяμs - м�.. @c3rb3ru5d3d53c
21K Followers 235 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/SfTI8uJa23Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Thomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownVirus Bulletin @virusbtn
59K Followers 1K Following Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @[email protected]BleepingComputer @BleepinComputer
212K Followers 175 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!Max_Malyutin @Max_Mal_
11K Followers 302 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsDebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.Karsten Hahn @struppigel
22K Followers 702 Following Malware Researcher at G DATA. Ransomware hunter. he/him 🦔🌈🏳️⚧️Josh Stroschein | The.. @jstrosch
8K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 700K+ views on YT 😱 Find FREE resources below👇2ero @BaoshengbinCumt
2K Followers 908 Following #APT Hunter #CTI Free analysis of cyber espionage in the Middle East Sr. Security Researcher VB2022&2023 Speaker Twitter only represents my personal opinionTeri Radichel #cybers.. @TeriRadichel
10K Followers 2K Following CEO @2ndSightLab | Cybersecurity Author Pentester Researcher Architect | AWS Security Hero l GSE 240 | IANS Faculty | Blog: https://t.co/cFTkNPKZVe安坂星海 Azaka �.. @AzakaSekai_
9K Followers 1K Following 台湾 / Taiwan (中/En) - 🖌️ #artsyaz Comfy VTuber / threat intelligence researcher (NOT independent) Model + rig @jamama_666 // add. rig @justNovajMatthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber ContentAllison Wikoff @SaltyWikoff
539 Followers 823 Following #threatintel Americas Lead @pwc. Hype woman. Beach Rat. Former Adjunct @Columbia. Lover of all the APTs. | All views are my own. @[email protected]Ryan "Chaps" Chapman @rj_chap
7K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.Szabolcs Schmidt @smica83
2K Followers 314 Following Threat Intel Specialist and Incident Responder. Private account. All opinions expressed here are mine only. https://t.co/7dQQO1JwUdKris McConkey @smoothimpact
5K Followers 867 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.Elastic Security Labs @elasticseclabs
2K Followers 141 Following Elastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.Josh Long (the JoshM.. @theJoshMeister
151K Followers 3K Following Chief Security Analyst; cybersecurity researcher, infosec writer, public speaker, & podcaster. Focused on Apple, Mac, macOS, malware, privacy, & online safety.Arda Büyükkaya @WhichbufferArda
3K Followers 942 Following Cyber Threat Intelligence Analyst @EclecticIQ | Threat Hunter | Malware Analyst |. (All opinions expressed here are mine only). 🇹🇷🇳🇱The DFIR Report @TheDFIRReport
53K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2wChris Duggan @TLP_R3D
4K Followers 2K Following Inventor of Patent Pending Endpoint Threat Intelligence Agent (GB2314601.2)Geri Revay @geri_revay
911 Followers 414 Following Ex-ethical hacker and malware analyst, currently a principal security researcher. I spent the last 15 years learning how hackers work.Zeba Siddiqui @zebatweets
12K Followers 2K Following Reporter at @Reuters covering hacking and disinformation. Earlier in South Asia. [email protected] https://t.co/lv5mW9YH1NJamie 🔜 RSAsí �.. @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.Andrew Northern 𓅓 @ex_raritas
4K Followers 922 Following 🔮 Senior Threat Researcher at @proofpoint 🔮 | Knowledge Piñata 🪅 | Attack Chain Connoisseur | EpicureanParnian @Parnian_7
615 Followers 393 Following Frontline Intrusion Operations Lead|Manager @Mandiant @Google #AdvancedPractices 🦅 #infosec. Ideas my own.Oleg Shakirov @shakirov2036
6K Followers 5K Following Tweets about international relations & diplomacy, Russian foreign policy, arms control, cyber policy. I have fewer followers in real lifeHeidi @Nerdwallah
39 Followers 61 FollowingPierluigi Paganini - .. @securityaffairs
37K Followers 4K Following Founder of Security Affairs, CYBHORUS, and Cybaze. Member Ad-Hoc Working Group on Cyber Threat Landscapes, Ethical Hacker, Security Evangelist, Security AnalystP4nch0_19 @P4nch019
59 Followers 290 Following Research, Ciberseguridad, ML, DataScience. Mis opiniones son personales y no reflejan la postura de mi empleador ni mis colaboradores.Daniel Lunghi @thehellu
2K Followers 600 Following Threat researcher @TrendMicroRSRCH mostly focused on #APTFortinet @Fortinet
153K Followers 3K Following Our mission is to secure people, devices, and data everywhere. #FortinetAzim @AShukuhi
4K Followers 2K Following CTI guy focused on cybercrime and moonlights as a rowing coachChris Bing @Bing_Chris
35K Followers 10K Following @Reuters reporter. Covers hacking + foreign affairs. @SAISHopkins student.📧: [email protected] I☎️Signal: 2O2-51O-O174. More contact info: https://t.co/FnTdrahhi0pro2c@l @aamirlakhani
23K Followers 2K Following Blogger, tech guy, infosec specialist, secret agent, and all-around good guy.Sekoia.io @sekoia_io
3K Followers 147 Following A #SOCplatform driven by #threatintelligence and combining #SIEM, #SIRP, #TIP, #logmanagement in a single solution. Used by End-users, MSSP and APIsItay Cohen🌱 @megabeets_
5K Followers 488 Following Animal liberation activist & Reverse Engineer 🌟 Forbes 30 Under 30 • Maintainer of Cutter and Rizin • Leading Research @ Check Point • I don't eat animals.Wendi Whitmore @wendiwhitmore
3K Followers 470 Following SVP, Palo Alto Networks Unit 42. Member DHS CSRB, WEF Cybersecurity Council. USAF Veteran.Former CrowdStrike, Mandiant, & IBM Security X-Force.All views my own.Mathieu Tartare @mathieutartare
528 Followers 521 Following Malware Researcher at @ESETresearch @[email protected]ali karimi @alikarimi_ak8
1.9M Followers 33 FollowingDara Sklar @DaraSklar
244 Followers 980 Following Tech PR & cybersecurity nerd by day. Yoga and dance parties at night. Lighthearted all the time. She/herNeil Jenkins @nejenkins
1K Followers 1K Following PhD Chemist doing cyber @Cisco @TalosSecurity. Opinions = my own. Homies w/ @IST_org, @MasonNatSec. Former @DHSgov, @CyberAlliance. @[email protected]Daniel @dansomware
364 Followers 748 Following threat research @proofpoint // tweets are probably someone else'sTonya Riley @TonyaJoRiley
10K Followers 3K Following Privacy reporter @BLaw. Vice-chair @GuildatBIG. Formers @cyberscoop @washingtonpost Cat tweets. Flash fiction. Revising a novel. ✉️[email protected]Ethan Jewell @EthanJewell
415 Followers 346 Following 📍Dallas | 👔 Software Engineer @ JP Morgan Chase & Co. | 🗣 En/한/中Dmitry Melikov @DmitriyMelikov
2K Followers 284 Following Threat Researcher @BlackBerry #Cylance #cti #apt Former Threat Researcher @InQuestLawrence Abrams @LawrenceAbrams
17K Followers 834 Following Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepincomputer. Signal: (646) 961-3731 * https://t.co/LXVRoICs8ZLaura Whitt-Winyard @L_WhittWinyard
2K Followers 4K Following ICIT Fellow| HMG Strategy Advisory Board Member| Featured: Women Know Cyber available on Amazon| Advisor on https://t.co/qkYNb1nXc4SwitHak (👁) @SwitHak
5K Followers 710 Following French Security Analyst (Fmr TelcoSec) Cyber / Security / Geopolitics & and others. Personal Account, My opinion! Lang: ENglish & FRench@malwrhunterteam @ShadowChasing1 @h2jazi @cyb3rops Very interesting execution: "C:\Windows\system32\cmd.exe" /c ftp.exe -s:"CV-Nguyen-Quang-Sang.rar" & cmd.exe /c ftp.exe -s:"oracle-certified-expert.png" 🧐 Next stages from (down now): hxxps://dftcl3xcjw5rs[.]cloudfront[.]net/
"CV-Nguyen-Quang-Sang.rar": 1f912f07df26475797d26bd8dadf461f9aaaf52ff39f323935939c375a60fbbe 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
Pivoting possible Volt Typhoon 🇨🇳 infrastructure Each of the infrastructure is using: SSL Certifacte C=en, ST=rg, L=df, O=vb, OU=ty, CN=jdyfj nginx 1.20.1 and redirect to google 2[.]58[.]15[.]30 66[.]85[.]27[.]190 45[.]32[.]174[.]131 cc @DrunkBinary @TomHegel @BushidoToken
@h2jazi also #mustangpanda #apt - the resulting payload is a variant of the TOneShell family
@h2jazi Ah yeah this one is relatively old by now. It uses ADS to trigger its payload - though the ADS is either corrupt or was never working to begin with as its file size is zero.
"Archive files with a non-matching extension" is a great hunt technique. IE, in this case, it was a RAR as a "TAR", exploiting to go jpg->cmd. This is very rare. (victim is outing themselves). PDF attachment -> box -> "tar"/rar -> jpg->cmd->b64 cert->hex->file -> google drive
#ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. blog.talosintelligence.com/arcanedoor-new… Great collaboration between Cisco PSIRT, Talos and various intelligence partners. #CVE-2024-20353 #CVE-2024-20359 #LineRunner #LineDancer #UAT4356 #STORM-1849
@h2jazi @ShadowChasing1 @cyb3rops Thanks! I had no time (nor interest really) to look more yesterday. So, interesting/strange: - if it was used in 2019 summer, why last modified in 2020 May? - even more, the file remained on the university's website for ~4 years from 2020 May, as it was still there past week. 🤔
Based on experts agreed that the recent "test_interview.zip" sample (x.com/malwrhuntertea…) was from North Korean actors, let me present you this @github account that should be related to them: https://github[.]com/TimothyGomez59168093 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
"test_interview.zip": 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca Maybe @ESET caught something interesting here... 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
@github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H Look for a "gift" in "sports_platform_app/backend/imageDetails.js" file...
@github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H @ESET @pkalnai There's also this "Centex-Staking-Master-master.rar" some hours ago uploaded sample that is too detected by @ESET: a229e8df494cd747832f7884b9265771ed9d8b45d8efa9df5181e8f8fc69db9d I have no time to verify, but would bet that this too a real catch and not a FP from them...
@malwrhunterteam @github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H TimothyGomez59168093@gmail[.]com - is the email attached to the Git account, last updated 2024-02-23 01:38:14 (UTC). Name/Email looks a bit auto generated but who knows. I know Git's internal TI are usually pretty quick to take down malicious repos - i've flagged this to them
@malwrhunterteam @github @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H Here is another one #Lazarus #GitHub
@ESET @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H Related "test-task\.zip": f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a
@dimitribest Big thanks for the credit and sharing the great summary! Tracking this campaign has its challenges; Virustotal only scans a few scripts inside the uploaded package, not the entire file. So, my Yara rule mostly missed malicious ones. Thankfully, ESET's detection helps me keep…
A NukeSped verdict usually corresponds to the #Lazarus cluster. After validating it with the master @unpacker, it is safe to say it is a North Korean Op. Threat Actor: North Korean Cluster 🇰🇵 Context: infosec.exchange/@spark/1116213… Malicious file name: test_interview.zip 📃 Malicious…
"test_interview.zip": 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca Maybe @ESET caught something interesting here... 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H
"Cqlqb.hta": 7715217f4230e3ecdc2a38f120a5b8bbd542426b96d43d38213ca6d83a35a7fc From (404 now): https://evangelia[.]edu/img/503/Cqlqb.hta Question is the university cleaned or the actors moved on so they removed the files? 🤔 @ShadowChasing1 @h2jazi @cyb3rops
"test_interview.zip": 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca Maybe @ESET caught something interesting here... 🤔 @ShadowChasing1 @h2jazi @cyb3rops @1ZRR4H