Mastodon.ie @mastodonie

OTX BotSOC files: an APT41 attack on government IT services in AfricaKaspersky's MDR team detected a targeted attack by APT41 against government IT services in Africa. The attackers used Impacket tools, Cobalt Strike, and custom agents for lateral movement and data collection. They leveraged DLL sideloading techniques and publicly available tools like Mimikatz and RawCopy. The group established persistence through scheduled tasks and services, and exfiltrated data via a compromised SharePoint server. The attack showcased APT41's ability to adapt their tools to the target infrastructure and leverage internal services for command and control. The incident highlights the importance of comprehensive monitoring and proper privilege management in defending against sophisticated threats.Pulse ID: 68a5a89257ad374e405f6097 Pulse Link: <a href="https://otx.alienvault.com/pulse/68a5a89257ad374e405f6097" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/68a5a89257ad374e405f6097</a> Pulse Author: AlienVault Created: 2025-08-20 10:50:58Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Africa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Africa</a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Kaspersky" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kaspersky</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#SideLoading</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotCrossC2 Expanding Cobalt Strike Beacon to Cross-Platform AttacksFrom September to December 2024, incidents involving CrossC2, an extension tool for Cobalt Strike Beacon on Linux, were confirmed. The attacker used CrossC2 along with other tools like PsExec, Plink, and Cobalt Strike to penetrate AD. A custom malware called ReadNimeLoader was used as a loader for Cobalt Strike. The campaign may have affected multiple countries. CrossC2 is an unofficial Beacon and builder compatible with Cobalt Strike 4.1+, designed for Linux and macOS. It contains anti-analysis features and encrypted configuration data. The attack flow involved java.exe, ReadNimeLoader, and OdinLdr to execute Cobalt Strike Beacon. Other tools used include SystemBC, GetNPUsers, and privilege escalation tools. The campaign shows potential connections to BlackBasta based on similar characteristics.Pulse ID: 689f1c5321801f3a8be22b42 Pulse Link: <a href="https://otx.alienvault.com/pulse/689f1c5321801f3a8be22b42" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/689f1c5321801f3a8be22b42</a> Pulse Author: AlienVault Created: 2025-08-15 11:38:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#Java</a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MacOS</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Nim" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nim</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PsExec" class="mention hashtag" rel="nofollow noopener" target="_blank">#PsExec</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotSLOW#TEMPEST Cobalt Strike LoaderAn ISO image containing a malicious Cobalt Strike loader was discovered, targeting Chinese-speaking users. The infection chain involves a deceptive LNK file, which executes a legitimate Alibaba executable to sideload a malicious DLL. The loader implements anti-analysis techniques, decrypts an embedded payload, and injects a Cobalt Strike beacon. The beacon is configured to mimic Bilibili traffic and communicates with a specific C2 server. The loader also patches the entry point of the loading executable with an infinite loop. This activity shares similarities with previously reported SLOW#TEMPEST campaigns, including targeting, folder structures, and the use of DLL sideloading for Cobalt Strike beacons.Pulse ID: 689481454699dbb15f211f88 Pulse Link: <a href="https://otx.alienvault.com/pulse/689481454699dbb15f211f88" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/689481454699dbb15f211f88</a> Pulse Author: AlienVault Created: 2025-08-07 10:34:45Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mimic</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#SideLoading</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotTargeted attacks leverage accounts on popular online platforms as C2 serversA sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives, exploiting DLL hijacking techniques to deploy Cobalt Strike Beacon. The campaign used profiles on GitHub, Microsoft Learn Challenge, Quora, and Russian social networks to conceal activities. The attacks primarily focused on Russian companies but also affected organizations in China, Japan, Malaysia, and Peru. The complexity of the methods used highlights the evolving tactics of threat actors in concealing well-known tools and emphasizes the need for robust cybersecurity measures.Pulse ID: 688a2f161490dbf0763365ef Pulse Link: <a href="https://otx.alienvault.com/pulse/688a2f161490dbf0763365ef" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/688a2f161490dbf0763365ef</a> Pulse Author: AlienVault Created: 2025-07-30 14:41:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Japan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Japan</a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialMedia</a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpearPhishing</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Pyrzout :vm:Cobalt Strike Beacon delivered via GitHub and social media – Source: securelist.com <a href="https://ciso2ciso.com/cobalt-strike-beacon-delivered-via-github-and-social-media-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/cobalt-strike-beacon-delivered-via-github-and-social-media-source-securelist-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/MalwareDescriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareDescriptions</a> <a href="https://social.skynetcloud.site/tags/MalwareTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareTechnologies</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Targetedattacks</a> <a href="https://social.skynetcloud.site/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberespionage</a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLsideloading</a> <a href="https://social.skynetcloud.site/tags/Socialnetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Socialnetworks</a> <a href="https://social.skynetcloud.site/tags/Windowsmalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windowsmalware</a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securelistcom</a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.skynetcloud.site/tags/DLLhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLhijacking</a> <a href="https://social.skynetcloud.site/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://social.skynetcloud.site/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#research</a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.skynetcloud.site/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://social.skynetcloud.site/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trojan</a>

Pyrzout :vm:The SOC files: Rumble in the jungle or APT41’s new target in Africa – Source: securelist.com <a href="https://ciso2ciso.com/the-soc-files-rumble-in-the-jungle-or-apt41s-new-target-in-africa-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/the-soc-files-rumble-in-the-jungle-or-apt41s-new-target-in-africa-source-securelist-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a>(Targetedattacks) <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Targetedattacks</a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLsideloading</a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securelistcom</a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.skynetcloud.site/tags/DLLhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLhijacking</a> <a href="https://social.skynetcloud.site/tags/TIandIRposts" class="mention hashtag" rel="nofollow noopener" target="_blank">#TIandIRposts</a> <a href="https://social.skynetcloud.site/tags/Incidents" class="mention hashtag" rel="nofollow noopener" target="_blank">#Incidents</a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> <a href="https://social.skynetcloud.site/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOC</a>

Pyrzout :vm:Rumble in the jungle: APT41’s new target in Africa – Source: securelist.com <a href="https://ciso2ciso.com/rumble-in-the-jungle-apt41s-new-target-in-africa-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/rumble-in-the-jungle-apt41s-new-target-in-africa-source-securelist-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a>(Targetedattacks) <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Targetedattacks</a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLsideloading</a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securelistcom</a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.skynetcloud.site/tags/DLLhijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLhijacking</a> <a href="https://social.skynetcloud.site/tags/TIandIRposts" class="mention hashtag" rel="nofollow noopener" target="_blank">#TIandIRposts</a> <a href="https://social.skynetcloud.site/tags/Incidents" class="mention hashtag" rel="nofollow noopener" target="_blank">#Incidents</a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> <a href="https://social.skynetcloud.site/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOC</a>

OTX BotDNS: A Small but Effective C2 systemThis analysis explores the exploitation of DNS for command-and-control operations and data exfiltration. It details how cybercriminals leverage DNS tunneling to create covert communication channels, bypassing traditional security measures. The article examines various DNS tunneling families, including Cobalt Strike, DNSCat2, and Iodine, discussing their prevalence and unique characteristics. It also highlights Infoblox's Threat Insight machine learning algorithms, which can detect and block tunneling domains within minutes. The study provides insights into the detection rates of different tunneling families and discusses the challenges in differentiating between legitimate and malicious DNS traffic.Pulse ID: 6878f6e5d14da64ae460ad61 Pulse Link: <a href="https://otx.alienvault.com/pulse/6878f6e5d14da64ae460ad61" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/6878f6e5d14da64ae460ad61</a> Pulse Author: AlienVault Created: 2025-07-17 13:13:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Pyrzout :vm:New Detection Method Uses Hackers’ Own Jitter Patterns Against Them – Source:hackread.com <a href="https://ciso2ciso.com/new-detection-method-uses-hackers-own-jitter-patterns-against-them-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/new-detection-method-uses-hackers-own-jitter-patterns-against-them-sourcehackread-com/</a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#1CyberSecurityNewsPost</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://social.skynetcloud.site/tags/JitterTrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#JitterTrap</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://social.skynetcloud.site/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>

Pyrzout :vm:New Detection Method Uses Hackers’ Own Jitter Patterns Against Them <a href="https://hackread.com/cyber-detection-hackers-jitter-patterns-against-them/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/cyber-detection-hackers-jitter-patterns-against-them/</a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://social.skynetcloud.site/tags/JitterTrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#JitterTrap</a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://social.skynetcloud.site/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Privacy</a>

abuse.ch :verified:Active <a href="https://ioc.exchange/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> botnet C2 with watermark 100000000 🔥⛔️https://api.micosoftr .icu/djiowejdf ⛔️https://www.googleapi .top/jquery-3.3.1.min.jsPointing to: 📡43.163.107 .212:443 Tencent 🇨🇳Sample: 📄<a href="https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/" rel="nofollow noopener" translate="no" target="_blank">https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/</a>IOCs on ThreatFox 🦊 <a href="https://threatfox.abuse.ch/browse/tag/cs-watermark-100000000/" rel="nofollow noopener" translate="no" target="_blank">https://threatfox.abuse.ch/browse/tag/cs-watermark-100000000/</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨AggressorScripts is a curated collection of .cna scripts enhancing Cobalt Strike's functionality. From Beacon-to-Empire migrations to Slack notifications for new Beacons, it’s packed with Red Team utilities. Highlights: OPSEC profiles, mimikatz automation, and stale beacon alerts. <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> 👉 <a href="https://github.com/bluscreenofjeff/AggressorScripts" rel="nofollow noopener" translate="no" target="_blank">https://github.com/bluscreenofjeff/AggressorScripts</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Pyrzout :vm:Finding Minhook in a sideloading attack – and Sweden too – Source: news.sophos.com <a href="https://ciso2ciso.com/finding-minhook-in-a-sideloading-attack-and-sweden-too-source-news-sophos-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/finding-minhook-in-a-sideloading-attack-and-sweden-too-source-news-sophos-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/DLLsideloading" class="mention hashtag" rel="nofollow noopener" target="_blank">#DLLsideloading</a> <a href="https://social.skynetcloud.site/tags/ThreatResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatResearch</a> <a href="https://social.skynetcloud.site/tags/nakedsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#nakedsecurity</a> <a href="https://social.skynetcloud.site/tags/nakedsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#nakedsecurity</a> <a href="https://social.skynetcloud.site/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#cobaltstrike</a> <a href="https://social.skynetcloud.site/tags/minhook" class="mention hashtag" rel="nofollow noopener" target="_blank">#minhook</a>

Sajid Nawaz Khan :donor:For hobbyist Cobalt Strike Beacon collectors, note that the recently announced 4.11 update introduces a number of changes to frustrate Beacon configuration extraction, namely through the new `transform-obfuscate` field.When set, this field can apply multiple layers of encoding, encryption and compression (with some recent Beacons observed with a 32 byte XOR key, configurable upto 2048 bytes!).While still reasonably trivial to decode manually, standard automated workflows (say, through the SentinelOne parser) will now fail, not least because of changes to the well-known field markers.Beacons with these characteristics have thus far been observed with watermarks indicative of licensed instances, though I imagine it is only a matter of time before the 4.11 capabilities become accessible to all manner of miscreants.A sample configuration, via a staged Beacon on 104.42.26[.]200 is attached, including the three distinct XOR keys used to decode it.<a href="https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping" rel="nofollow noopener" translate="no" target="_blank">https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping</a><a href="https://infosec.exchange/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#cobaltstrike</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#forensics</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a>

Pyrzout :vm:Cobalt Strike Abuse Dropped 80% in Two Years – Source: www.securityweek.com <a href="https://ciso2ciso.com/cobalt-strike-abuse-dropped-80-in-two-years-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/cobalt-strike-abuse-dropped-80-in-two-years-source-www-securityweek-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityweekcom</a> <a href="https://social.skynetcloud.site/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#cobaltstrike</a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityweek</a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> <a href="https://social.skynetcloud.site/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#abuse</a>

Pyrzout :vm:Cobalt Strike Abuse Dropped 80% in Two Years <a href="https://www.securityweek.com/cobalt-strike-abuse-dropped-80-in-two-years/" rel="nofollow noopener" translate="no" target="_blank">https://www.securityweek.com/cobalt-strike-abuse-dropped-80-in-two-years/</a> <a href="https://social.skynetcloud.site/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> <a href="https://social.skynetcloud.site/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#abuse</a>

Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. <a href="https://kolektiva.social/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://kolektiva.social/tags/haking" class="mention hashtag" rel="nofollow noopener" target="_blank">#haking</a> <a href="https://www.bleepingcomputer.com/news/security/hackers-exploit-cityworks-rce-bug-to-breach-microsoft-iis-servers/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-exploit-cityworks-rce-bug-to-breach-microsoft-iis-servers/</a>

Recent searches

Search options

Administered by:

Server stats:

#cobaltstrike