YourAnonRiots, 4 months ago to random Japanese

🚨 Exciting News from #ANYRUN:

Introducing Threat Intelligence Lookup! 🚀

Unlock contextual data and malware samples related to specific #IOCs, TTPs, and keywords, speeding up your investigations and boosting your cybersecurity defenses.

Try it now! 🔍 https://thehackernews.co/496HXQ1

th3_protoCOL, 4 months ago to random

WinSCP is a popular target for malware campaign abusing google ads. Here's one from this morning:

1. Google search for winscp
2. Click the first link, user redirection
   ➡️​ winscp-eng[.]org
   ➡️​ winscp-static-746341.c.cdn77[.]org
3. Button click, malware download
   ➡️​ https[:]//parsecworks[.]org/us/downloads/WinSCP-6.1.2-Setup.exe

https://www.virustotal.com/gui/file/b503e810b31151f8d79bc0db2b46daddc53f27a2fd741c30355726892591e5b3/detection

#IOCs #malvertising #malware

VirusTotal submission report with a detection ratio of 1/63
Fake WinSCP site used to distribute malware

YourAnonRiots, 4 months ago to linux Japanese

🚀 ANYRUN now supports #Linux!

🐧 Linux faces frequent cyber threats targeting passwords, browser data, wallets, and logins. But with ANYRUN update you can:

✔️ Collect #IOCs using #Ubuntu VM
✔️ Analyze Linux-based #malware

Try #ANYRUN free today! https://thehackernews.co/malware-sandbox

sekoia_io, 4 months ago to random

We are sharing some additional #IOCs (and associated threat context) linked to the recent #Ivanti critical vulnerabilities (CVE-2023-46805 & CVE-2024-21887) exploitations collected by our #honeypots ⤵️
https://github.com/SEKOIA-IO/Community/blob/main/IOCs/CVE-2023-46805_CVE-2024-21887/Ivanti_iocs_20240124.csv

nnubes256, 4 months ago to infosec

Hello infosec.exchange! Here's an #introduction. I am currently an #infosec student on #europe starting research on #obd2 dongles, but sometimes I also do #threathunting, #reverseengineering and #ctf for the thrill.

I wanna use this account to talk and ask questions to the wider community. I may also share #iocs of ongoing campaigns from time to time. I also have a main account (@Nnubes256) for more general stuff; I'm just moving my #cybersecurity presence where the action is :D

th3_protoCOL, 6 months ago to random

How can anyone reasonably expect a user to detect google ad abuse without visiting the malicious site?

Here's an example of a malicious google ad spoofing anydesk today.

This one redirects users to https[:]//anyowpdesk[.]com before downloading .msi malware:
https://www.virustotal.com/gui/file/9d85ae9e45556067d0b833144e7d9935936a3a3098fe65fc198409083a3a33a6/relations

#malvertising #malware #IOCs

Fake AnyDesk website

risottobias, 11 months ago to Cybersecurity

What was that malware archive / library site?

I think it was something involving vt in the name (not virus total)

It had torrents you could download and such.

I think it also had PDFs about design

#IOCs #digitalforenics #threatresearch #redteam #cybersecurity

dubbel, 1 year ago to programming

Reported malicious python package "colors5", downloading an executable on setup from
https://resetname.peanutgamerdot.repl[.]co/Built.exe

It's the best documented malicious package I've seen, with helpful comments like

write the malware to a file

attempt to add a windows defender exclusion if the person runs our batch as admin

#run the malware

The only attempt at evasion is the screen-full of newlines before this code. :blob_confused:

#python #PyPI #malware #IoCs #ThreatIntel