tarnkappeinfo, 28 days ago to random German

📬 Foxit PDF Exploit: Ein unbedachter Klick löst Angriffskette aus
#ITSicherheit #AgentTesla #DoNotTeam #Exploid #FOXITPDF #FoxitReader #pdf https://sc.tarnkappe.info/17d3b6

simontsui, 7 months ago to Discord

Trellix: Threat actors, including APTs, are abusing the Discord application for payload delivery, information stealing and data exfiltration. Trellix identified several malware families leveraging Discord's capabilities to conduct their operations, uncovering when they started abusing them. IOC provided.
Link: https://www.trellix.com/en-us/about/newsroom/stories/research/discord-i-want-to-play-a-game.html

Tags: #Discord #cyberthreatintelligence #cyberespionage #cybercrime #IOC #APT #agenttesla #NjRAT #venomRAT

malware_traffic, 8 months ago to random

2023-09-21 (Thursday) thru 09-25 (Monday): I collected examples of #AgentTesla from my honeypot email accounts, and thought I'd share, since this is an ongoing threat.

Although it's something I consider a "low-hanging fruit," AgentTesla remains part of our threat landscape, with compromised accounts used for data exfiltration active for months at a time.

IOCs are available at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-09-21-thru-09-25-IOCs-for-AgentTesla-activity.txt

Email/malware samples and #pcap from one of the infections are available at: https://www.malware-traffic-analysis.net/2023/09/25/index.html