OTX Bot<p>CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks</p><p>From September to December 2024, incidents involving CrossC2, an extension tool for Cobalt Strike Beacon on Linux, were confirmed. The attacker used CrossC2 along with other tools like PsExec, Plink, and Cobalt Strike to penetrate AD. A custom malware called ReadNimeLoader was used as a loader for Cobalt Strike. The campaign may have affected multiple countries. CrossC2 is an unofficial Beacon and builder compatible with Cobalt Strike 4.1+, designed for Linux and macOS. It contains anti-analysis features and encrypted configuration data. The attack flow involved java.exe, ReadNimeLoader, and OdinLdr to execute Cobalt Strike Beacon. Other tools used include SystemBC, GetNPUsers, and privilege escalation tools. The campaign shows potential connections to BlackBasta based on similar characteristics.</p><p>Pulse ID: 689f1c5321801f3a8be22b42<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689f1c5321801f3a8be22b42" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689f1</span><span class="invisible">c5321801f3a8be22b42</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-15 11:38:59</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MacOS</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Nim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nim</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PsExec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PsExec</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.5Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#cobaltstrike
1 post · 1 participant · 1 post today
OTX Bot<p>SLOW#TEMPEST Cobalt Strike Loader</p><p>An ISO image containing a malicious Cobalt Strike loader was discovered, targeting Chinese-speaking users. The infection chain involves a deceptive LNK file, which executes a legitimate Alibaba executable to sideload a malicious DLL. The loader implements anti-analysis techniques, decrypts an embedded payload, and injects a Cobalt Strike beacon. The beacon is configured to mimic Bilibili traffic and communicates with a specific C2 server. The loader also patches the entry point of the loading executable with an infinite loop. This activity shares similarities with previously reported SLOW#TEMPEST campaigns, including targeting, folder structures, and the use of DLL sideloading for Cobalt Strike beacons.</p><p>Pulse ID: 689481454699dbb15f211f88<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689481454699dbb15f211f88" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68948</span><span class="invisible">1454699dbb15f211f88</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-07 10:34:45</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LNK</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Targeted attacks leverage accounts on popular online platforms as C2 servers</p><p>A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives, exploiting DLL hijacking techniques to deploy Cobalt Strike Beacon. The campaign used profiles on GitHub, Microsoft Learn Challenge, Quora, and Russian social networks to conceal activities. The attacks primarily focused on Russian companies but also affected organizations in China, Japan, Malaysia, and Peru. The complexity of the methods used highlights the evolving tactics of threat actors in concealing well-known tools and emphasizes the need for robust cybersecurity measures.</p><p>Pulse ID: 688a2f161490dbf0763365ef<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/688a2f161490dbf0763365ef" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/688a2</span><span class="invisible">f161490dbf0763365ef</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-30 14:41:26</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Japan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Japan</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialMedia</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Pyrzout :vm:<p>Cobalt Strike Beacon delivered via GitHub and social media – Source: securelist.com <a href="https://ciso2ciso.com/cobalt-strike-beacon-delivered-via-github-and-social-media-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/cobalt-strike-be</span><span class="invisible">acon-delivered-via-github-and-social-media-source-securelist-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/MalwareDescriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MalwareDescriptions</span></a> <a href="https://social.skynetcloud.site/tags/MalwareTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MalwareTechnologies</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Targetedattacks</span></a> <a href="https://social.skynetcloud.site/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberespionage</span></a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLsideloading</span></a> <a href="https://social.skynetcloud.site/tags/Socialnetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Socialnetworks</span></a> <a href="https://social.skynetcloud.site/tags/Windowsmalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windowsmalware</span></a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securelistcom</span></a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.skynetcloud.site/tags/DLLhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLhijacking</span></a> <a href="https://social.skynetcloud.site/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shellcode</span></a> <a href="https://social.skynetcloud.site/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>research</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.skynetcloud.site/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://social.skynetcloud.site/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a></p>
Pyrzout :vm:<p>The SOC files: Rumble in the jungle or APT41’s new target in Africa – Source: securelist.com <a href="https://ciso2ciso.com/the-soc-files-rumble-in-the-jungle-or-apt41s-new-target-in-africa-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/the-soc-files-ru</span><span class="invisible">mble-in-the-jungle-or-apt41s-new-target-in-africa-source-securelist-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a>(Targetedattacks) <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Targetedattacks</span></a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLsideloading</span></a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securelistcom</span></a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.skynetcloud.site/tags/DLLhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLhijacking</span></a> <a href="https://social.skynetcloud.site/tags/TIandIRposts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TIandIRposts</span></a> <a href="https://social.skynetcloud.site/tags/Incidents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Incidents</span></a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://social.skynetcloud.site/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOC</span></a></p>
OTX Bot<p>New Wave of SquidLoader Malware Targeting Financial Institutions</p><p>A sophisticated malware campaign is targeting financial services in Hong Kong with SquidLoader, a highly evasive malware that deploys Cobalt Strike Beacon for remote access. The malware exhibits advanced anti-analysis, anti-sandbox, and anti-debugging techniques, achieving near-zero detection rates on VirusTotal. The attack chain is complex and poses a significant threat to targeted organizations. The analysis provides detailed technical insights into SquidLoader's features and indicators of compromise, including SHA256 hashes for samples found in Hong Kong, Singapore, China, and Australia. The campaign utilizes multiple command and control servers, primarily mimicking Kubernetes API endpoints.</p><p>Pulse ID: 687e2c9e0e25d679d3ea631d<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/687e2c9e0e25d679d3ea631d" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/687e2</span><span class="invisible">c9e0e25d679d3ea631d</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-21 12:03:42</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Endpoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Endpoint</span></a> <a href="https://social.raytec.co/tags/HongKong" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HongKong</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/Singapore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Singapore</span></a> <a href="https://social.raytec.co/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VirusTotal</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>SOC files: an APT41 attack on government IT services in Africa</p><p>Chinese cyberespionage group APT41 conducted a targeted attack against government IT services in Africa. The attackers used various tools including Impacket, Cobalt Strike, and custom malware for lateral movement, privilege escalation, and data exfiltration. They leveraged DLL sideloading techniques and a compromised SharePoint server as a command and control center. The attack involved credential harvesting, use of web shells, and custom stealers to collect sensitive data. Notable TTPs included using hardcoded internal service names and proxy servers in malware, and exploiting a captive SharePoint server for C2 communication. The incident highlights the importance of comprehensive infrastructure monitoring and proper access controls.</p><p>Pulse ID: 687e0dfc3d01c46d9a3c790b<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/687e0dfc3d01c46d9a3c790b" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/687e0</span><span class="invisible">dfc3d01c46d9a3c790b</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-21 09:53:00</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Africa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Africa</span></a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CredentialHarvesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialHarvesting</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberespionage</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Proxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxy</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Pyrzout :vm:<p>Rumble in the jungle: APT41’s new target in Africa – Source: securelist.com <a href="https://ciso2ciso.com/rumble-in-the-jungle-apt41s-new-target-in-africa-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/rumble-in-the-ju</span><span class="invisible">ngle-apt41s-new-target-in-africa-source-securelist-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a>(Targetedattacks) <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Targetedattacks</span></a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLsideloading</span></a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securelistcom</span></a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.skynetcloud.site/tags/DLLhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLhijacking</span></a> <a href="https://social.skynetcloud.site/tags/TIandIRposts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TIandIRposts</span></a> <a href="https://social.skynetcloud.site/tags/Incidents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Incidents</span></a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://social.skynetcloud.site/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOC</span></a></p>
OTX Bot<p>Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities</p><p>The article details malware and tactics used in attacks targeting Ivanti Connect Secure vulnerabilities from December 2024 to July 2025. It describes MDifyLoader, a loader based on libPeConv, which deploys Cobalt Strike Beacon through DLL side-loading. The attackers also utilized vshell, a multi-platform RAT, and Fscan, a network scanning tool. After gaining initial access, the threat actors performed lateral movement using brute-force attacks, exploited vulnerabilities, and used stolen credentials. They established persistence by creating domain accounts and registering malware as services or scheduled tasks. The attackers employed various evasion techniques, including the use of legitimate files and ETW bypasses.</p><p>Pulse ID: 6879f8b560d48aaf15291507<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6879f8b560d48aaf15291507" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6879f</span><span class="invisible">8b560d48aaf15291507</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-18 07:33:09</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting</p><p>Between March and June 2025, three Chinese state-sponsored threat actors conducted targeted phishing campaigns against the Taiwanese semiconductor industry. The campaigns targeted organizations involved in semiconductor manufacturing, design, testing, supply chain, and financial analysis. This activity likely reflects China's strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains. The threat actors used various tactics including job application lures, investment collaboration pitches, and credential phishing. They deployed custom malware like Voldemort backdoor and HealthKick, as well as tools like Cobalt Strike. The targeting extended beyond semiconductor companies to include financial analysts specializing in the Taiwanese semiconductor market, indicating comprehensive intelligence collection efforts across the sector.</p><p>Pulse ID: 687957dc6d81747b3ef02228<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/687957dc6d81747b3ef02228" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68795</span><span class="invisible">7dc6d81747b3ef02228</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-17 20:06:52</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ELF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ELF</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Manufacturing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Manufacturing</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>DNS: A Small but Effective C2 system</p><p>This analysis explores the exploitation of DNS for command-and-control operations and data exfiltration. It details how cybercriminals leverage DNS tunneling to create covert communication channels, bypassing traditional security measures. The article examines various DNS tunneling families, including Cobalt Strike, DNSCat2, and Iodine, discussing their prevalence and unique characteristics. It also highlights Infoblox's Threat Insight machine learning algorithms, which can detect and block tunneling domains within minutes. The study provides insights into the detection rates of different tunneling families and discusses the challenges in differentiating between legitimate and malicious DNS traffic.</p><p>Pulse ID: 6878f6e5d14da64ae460ad61<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6878f6e5d14da64ae460ad61" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6878f</span><span class="invisible">6e5d14da64ae460ad61</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-17 13:13:08</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>UNG0002 (Unknown Group 0002): Espionage Campaigns Uncovered</p><p>UNG0002, an espionage-focused threat group, has been conducting campaigns across Asian jurisdictions including China, Hong Kong, and Pakistan. The group employs sophisticated multi-stage attacks using LNK files, VBScript, and custom RAT implants. Their operations span two major campaigns: Operation Cobalt Whisper and Operation AmberMist, targeting various sectors such as defense, aviation, gaming, and academia. UNG0002 utilizes social engineering techniques like ClickFix and abuses DLL sideloading to evade detection. The group demonstrates high adaptability, evolving from using Cobalt Strike to developing custom implants like Shadow RAT and INET RAT. Attribution challenges persist, but the group is assessed to originate from South-East Asia with a focus on espionage activities.</p><p>Pulse ID: 6877c4526c004d0e49615050<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6877c4526c004d0e49615050" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6877c</span><span class="invisible">4526c004d0e49615050</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-16 15:25:06</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/HongKong" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HongKong</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LNK</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Pakistan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pakistan</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VBS</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Pyrzout :vm:<p>New Detection Method Uses Hackers’ Own Jitter Patterns Against Them – Source:hackread.com <a href="https://ciso2ciso.com/new-detection-method-uses-hackers-own-jitter-patterns-against-them-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/new-detection-me</span><span class="invisible">thod-uses-hackers-own-jitter-patterns-against-them-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/JitterTrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JitterTrap</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a></p>
Pyrzout :vm:<p>New Detection Method Uses Hackers’ Own Jitter Patterns Against Them <a href="https://hackread.com/cyber-detection-hackers-jitter-patterns-against-them/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/cyber-detection-h</span><span class="invisible">ackers-jitter-patterns-against-them/</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/JitterTrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JitterTrap</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a></p>
abuse.ch :verified:<p>Active <a href="https://ioc.exchange/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> botnet C2 with watermark 100000000 🔥</p><p>⛔️https://api.micosoftr .icu/djiowejdf<br>⛔️https://www.googleapi .top/jquery-3.3.1.min.js</p><p>Pointing to:<br>📡43.163.107 .212:443 Tencent 🇨🇳</p><p>Sample:<br>📄<a href="https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bazaar.abuse.ch/sample/91e851f</span><span class="invisible">8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/</span></a></p><p>IOCs on ThreatFox 🦊<br><a href="https://threatfox.abuse.ch/browse/tag/cs-watermark-100000000/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">threatfox.abuse.ch/browse/tag/</span><span class="invisible">cs-watermark-100000000/</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>AggressorScripts is a curated collection of .cna scripts enhancing Cobalt Strike's functionality. From Beacon-to-Empire migrations to Slack notifications for new Beacons, it’s packed with Red Team utilities. Highlights: OPSEC profiles, mimikatz automation, and stale beacon alerts. <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeam</span></a> <a href="https://infosec.exchange/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/bluscreenofjeff/AggressorScripts" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/bluscreenofjeff/Agg</span><span class="invisible">ressorScripts</span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Pyrzout :vm:<p>Finding Minhook in a sideloading attack – and Sweden too – Source: news.sophos.com <a href="https://ciso2ciso.com/finding-minhook-in-a-sideloading-attack-and-sweden-too-source-news-sophos-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/finding-minhook-</span><span class="invisible">in-a-sideloading-attack-and-sweden-too-source-news-sophos-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DLLsideloading</span></a> <a href="https://social.skynetcloud.site/tags/ThreatResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatResearch</span></a> <a href="https://social.skynetcloud.site/tags/nakedsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nakedsecurity</span></a> <a href="https://social.skynetcloud.site/tags/nakedsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nakedsecurity</span></a> <a href="https://social.skynetcloud.site/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cobaltstrike</span></a> <a href="https://social.skynetcloud.site/tags/minhook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>minhook</span></a></p>
Sajid Nawaz Khan :donor:<p>For hobbyist Cobalt Strike Beacon collectors, note that the recently announced 4.11 update introduces a number of changes to frustrate Beacon configuration extraction, namely through the new `transform-obfuscate` field.</p><p>When set, this field can apply multiple layers of encoding, encryption and compression (with some recent Beacons observed with a 32 byte XOR key, configurable upto 2048 bytes!).</p><p>While still reasonably trivial to decode manually, standard automated workflows (say, through the SentinelOne parser) will now fail, not least because of changes to the well-known field markers.</p><p>Beacons with these characteristics have thus far been observed with watermarks indicative of licensed instances, though I imagine it is only a matter of time before the 4.11 capabilities become accessible to all manner of miscreants.</p><p>A sample configuration, via a staged Beacon on 104.42.26[.]200 is attached, including the three distinct XOR keys used to decode it.</p><p><a href="https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cobaltstrike.com/blog/cobalt-s</span><span class="invisible">trike-411-shh-beacon-is-sleeping</span></a></p><p><a href="https://infosec.exchange/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cobaltstrike</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a></p>
Pyrzout :vm:<p>Cobalt Strike Abuse Dropped 80% in Two Years – Source: www.securityweek.com <a href="https://ciso2ciso.com/cobalt-strike-abuse-dropped-80-in-two-years-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/cobalt-strike-ab</span><span class="invisible">use-dropped-80-in-two-years-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cobaltstrike</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.skynetcloud.site/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuse</span></a></p>
Pyrzout :vm:<p>Cobalt Strike Abuse Dropped 80% in Two Years <a href="https://www.securityweek.com/cobalt-strike-abuse-dropped-80-in-two-years/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/cobalt-strike</span><span class="invisible">-abuse-dropped-80-in-two-years/</span></a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.skynetcloud.site/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuse</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload