CTI researcher @BushidoToken looks at a financially motivated Kenyan threat actor. GreenMwizi set up 12 fake Booking[.]com Twitter accounts targeting users who make public complaints, the aim being to socially engineer them into sending funds via Remitly. https://blog.bushidotoken.net/2023/05/greenmwizi-kenyan-scamming-campaign.html
🗣virusbtn


🎖@malwr

ESET has released its Q4 2022 ­- Q1 2023 APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated & analysed by ESET's researchers during that period. https://www.welivesecurity.com/2023/05/09/eset-apt-activity-report-q42022-q12023/
🗣virusbtn


🎖@malwr

As a #Reverse #Engineering enthusiast, I recently wrote a configuration extractor using Python to decrypt data encrypted by Qbot malware. With this code, I can easily extract the strings from the decrypted data and analyze the malware's configuration

https://github.com/FarghlyMal/QBotConfig-Extractor/blob/main/Config%20Extractor.py
🗣FarghlyMal


🎖@malwr

Funny shit you find when hex editing a camera firmware file :
🗣alexbloor


🎖@malwr

Firewall Testing Checklist

#cybersecurity #infosec #cyberattack

https://en.iguru.gr/firewall-einai-kai-giati-prepei-chrisimopoieite/
🗣Anastasis_King


🎖@malwr

(recommended reading) Hunting Russian Intelligence “Snake” Malware:

HTML: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

PDF: https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf

#cybersecurity #infosec #cyberespionage #threathunting #threatintel #cybersecurity #threatintelligence
🗣blackstormsecbr


🎖@malwr

McAfee's Anandeshwar Unnikrishnan analyses recent GULoader campaigns in which NSIS-based installers, delivered via email as malspam, use plugin libraries to execute the GU shellcode on the victim system. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
🗣virusbtn


🎖@malwr

Ransomware Risk Management
Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8374.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE


🎖@malwr

Digital Forensics and Incident Response (DFIR) Framework for OT
Source: NIST
Download Link:
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8428.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb


🎖@malwr

We’ve just published another great Plugin Focus article! Can Bölük ( @_can1357 ) introduces his NtRays plugin for automated simplification of Windows Kernel decompilation. Read more 🌐 https://hex-rays.com/blog/plugin-focus-ntrays/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Plugin-Focus-ntrays

#IDAPro #IDAPython #IDAPlugin #NtRays
🗣HexRaysSA


🎖@malwr

Medusa Ransomware technical analysis report
MedusaLocker ransomware has been active since September 2019. MedusaLocker actors typically access victims’ networks by exploiting vulnerabilities in Remote Desktop Protocol (RDP).


https://link.medium.com/G8YxzhstHzb

ℹ️ Sent from one of our channel members

🎖@malwr

Check out my writeup on #Vidar #Stealer https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer 😊
@esthreat
🗣AnFam17


🎖@malwr

Sophos researchers look into a recently observed ransomware family dubbed Akira and describe how it was deployed by different actors in two incidents they assisted with. https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/
🗣virusbtn


🎖@malwr