₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware - North Korea in action
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Volexity
₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity […]
DuckLogs - New Malware Strain Spotted In The Wild as part of a Malware as a Service - performs multiple malicious activities such as Stealer, Keylogger, Clipper, Remote access, etc.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Cyble
Cyble - DuckLogs - New Malware Strain Spotted In The Wild
Cyble analyzes DuckLogs - a new Malware-as-a-Service that provides sophisticated malware features to Threat Actors at a relatively low price.
kitabisa/teler release v2.0.0-dev
🗣dwisiswant0
Nice. So this kind of got me thinking why not just use suricata or Snort as an IPS since teler „just detects“ and basically my conclusion
Docker Compose:
Nginx (terminates HTTPS) -> Snort -> nginx-> PHP (in my case)
I mean technically you’d re-encrypt after snort and send it the rest of the way but in Docker I think it’s fine to send unencrypted from snort to Webserver (if not exposed)
👤coder_karl
🎖@malwr
🗣dwisiswant0
Nice. So this kind of got me thinking why not just use suricata or Snort as an IPS since teler „just detects“ and basically my conclusion
Docker Compose:
Nginx (terminates HTTPS) -> Snort -> nginx-> PHP (in my case)
I mean technically you’d re-encrypt after snort and send it the rest of the way but in Docker I think it’s fine to send unencrypted from snort to Webserver (if not exposed)
👤coder_karl
🎖@malwr
GitHub
GitHub - teler-sh/teler: Real-time HTTP Intrusion Detection
Real-time HTTP Intrusion Detection. Contribute to teler-sh/teler development by creating an account on GitHub.
Noob here, tried adding via hash sets, but failed. Any idea on how to add in SHA1 values in the Metadata for Autopsy while viewing a outlook.pst file? I'm able to view the MD5 & SHA256 hash values of the file, however I'm unable to view the SHA1 value. Any advise would be greatly appreciated
🗣LMJR500Army
Looks like only MD5 and SHA256 are supported as of the last revision to hashdb. See here: https://github.com/sleuthkit/autopsy/issues/175
👤positronikal
🎖@malwr
🗣LMJR500Army
Looks like only MD5 and SHA256 are supported as of the last revision to hashdb. See here: https://github.com/sleuthkit/autopsy/issues/175
👤positronikal
🎖@malwr
WindowSpy: WindowSpy is a Cobalt Strike Beacon Object File meant for targetted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser login pages, confidential documents, VPN logins etc.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - CodeXTF2/WindowSpy: WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance. - CodeXTF2/WindowSpy