CovenantDecryptor: designed to decrypt the communication data of Covenant traffic - Extract_privatekey script retrieves the p and q primes from a minidump file to construct an RSA private key. decrypt_covenant_traffic script decrypts..
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - naacbin/CovenantDecryptor
Contribute to naacbin/CovenantDecryptor development by creating an account on GitHub.
Microsoft Defender for Endpoint Internals 0x05 โ Telemetry for sensitive actions
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Medium
Microsoft Defender for Endpoint Internals 0x05โโโTelemetry for sensitive actions
In the previous edition of this series I discussed the Timeline telemetry. Since that blog the amount of events has certainly grown. Iโveโฆ
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service โ Follow The Money
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
๐@malwr
McAfee Blog
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Follow The Money | McAfee Blog
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to
๐1
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server โ a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
๐@malwr
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server โ a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
๐@malwr
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server โ a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behaviorโฆ
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.Continue reading
https://securitycafe.ro/2023/10/16/trench-tales-the-college-account-takeover-that-never-happened/
๐@malwr
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.Continue reading
https://securitycafe.ro/2023/10/16/trench-tales-the-college-account-takeover-that-never-happened/
๐@malwr
Security Cafรฉ
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research projectโฆ
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
๐@malwr
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
๐@malwr
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
๐@malwr
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
๐@malwr
Cisco Talos
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software โ CVE-2023-20198 and CVE-2023-20273 โ when exposed to the internet or untrusted networks.
How to Analyze Malicious Microsoft Office Files
Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in Intezer for both on-demand sandboxing and automated alert triage. Phishing attacks are one of the three primary ways attackers get access to organizations according to Verizonโs 2023 Data Breach Investigations Reportโฆ and many...
https://intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/
๐@malwr
Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in Intezer for both on-demand sandboxing and automated alert triage. Phishing attacks are one of the three primary ways attackers get access to organizations according to Verizonโs 2023 Data Breach Investigations Reportโฆ and many...
https://intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/
๐@malwr
Intezer
How to Analyze Malicious Microsoft Office Files
Got malicious Microsoft Office files? Check out this deep dive into the different Office file formats and how they are abused by attackers.
Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html
๐@malwr
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html
๐@malwr
Trend Micro
Email Security Best Practices for Phishing Prevention
Explore the latest phishing trends, how to prevent attacks, and email security best practices to enhance your email security and reduce cyber risk.
The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
https://blog.virustotal.com/2023/10/the-path-from-vt-intelligence-queries.html
๐@malwr
https://blog.virustotal.com/2023/10/the-path-from-vt-intelligence-queries.html
๐@malwr
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
๐@malwr
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
๐@malwr
Cisco Talos
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
The forgotten malvertising campaign
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
๐@malwr
Malwarebytes
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are...
2023-10-17 - TA577 Pikabot infection with Cobalt Strike
https://www.malware-traffic-analysis.net/2023/10/17/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/17/index.html
๐@malwr
2023-10-16 - TA577 IcedID infection
https://www.malware-traffic-analysis.net/2023/10/16/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/16/index.html
๐@malwr
AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI
Intezerโs AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, weโre always pushing the boundaries of whatโs possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...
https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/
๐@malwr
Intezerโs AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, weโre always pushing the boundaries of whatโs possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...
https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/
๐@malwr
Intezer
AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI
Revolutionize threat analysis with AI Insights. Get comprehensive verdicts and summaries for text-based scripts.