-
#Dymalloy,#Electrum, and#Xenotime Hacking Groups Set Their Targets on US Energy Sector https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/dymalloy-electrum-and-xenotime-hacking-groups-set-their-targets-on-us-energy-sector …#Dragonfly#Sandworm#APT28 -
Just put up a new blog post. Check it out and let me know what you think. Hunting for APT28 malware in a stockpile of samples. https://blog.ring-zer0.com/2020/02/hunting-for-apt28-malware-in-stockpile.html …
#APT28#malware#infosec#cyber#threatintel -
If you missed it and you look for a reading, please take a look here.
#APT28 Attacks Evolution http://rviv.ly/FqhDIX#cybersecurity -
@marklevinshow If the Russians hacked the DNC email server, it means that CrowdStrike's industry-leading flagship cybersecurity product FAILED to perform its most BASIC function against a KNOWN and well-documented threat.#APT28#APT29https://twitter.com/jefferymyers/status/1220052023720251392?s=20 …
-
MOFA.docx lure impersonating
#UAE#MOFA uploaded from Jordan, payload looks like#APT28#fancybear Hash: 7c487d8462567a826da95c799591f5fb TTP: Template Injection (downloaded from google drive) https://app.any.run/tasks/12a3671e-33c0-4b55-ab16-e39af4b1f642/ …@Anomali@James_inthe_box@P3pperP0tts@rpsanch@geboospic.twitter.com/FGz9kZAqK1
-
Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time.
#APT28#Russia https://securityaffairs.co/wordpress/94747/apt/evolutions-apt28-attacks.html … -
Useful timeline for APT28 using ATT&CK framework -> APT28 Attacks Evolution https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/ … via
@Marco_Ramilli#cti#threatintel#apt28 -
Golang
#Zebrocy downloaders: f3ec38b8d5a6e29db299e2eadacbcebe 79.142.70[.]106 e1509c589fde2272c0d20072dfe09722 37.120.140[.]215#APT#APT28#Sofacy#FancyBear -
2019-11-07:
[#Free RE Course] Let's Learn: New on "Zero to Hero"
"Here We GO: #Crimeware &#APT Journey From "#RobbinHood" to#APT28 | Importance of "gopclntab”-> function table w/ { FF FF FF FB 00 00 } Bytes -> Resolver Name, Version & Module Data https://www.sentinelone.com/blog/here-we-go-crimeware-apt-journey-from-robbinhood-to-apt28/ …pic.twitter.com/e8wMC42C9z
-
A new Lazarus campaign extended its interests to different financial institutions around the world, including Italy
https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-first-stone/ …
#APT28#Lazarus#Bank#Malware#Financial#Cybersecuritypic.twitter.com/itQ0Oi0vhk
Prikaži ovu nit -
Microsoft has identified
#APT28 cyberattacks on sporting and anti-doping organizations. Read more at https://go.usa.gov/xprhU .#Cyber#Cybersecurity#InfoSec#FancyBear -
Yes, an old
#Sigma rule that detect Office programs spawning processes in user folders would have detected#APT28's recent campaign agains Kazakhstan Tweet by@MeltX0R https://twitter.com/meltx0r/status/1187598948749303808?s=12 … Dropper in Sandbox https://app.any.run/tasks/7d7fa4a0-6970-4428-828b-29572abf9ceb/ … Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_office_spawn_exe_from_users_directory.yml …pic.twitter.com/qRxQ9Ldc5y
Prikaži ovu nit -
Suspected
#APT28 Targeted attacks against mining corporations in Kazakhstan IOCS: 27e9247d28598207794424eeb5ea4b1b a863c2944581bc734619bf8d6ab1aef8 57c2b46c7f2ad9aba80e4b6248f9367a Analysis: https://meltx0r.github.io/tech/2019/10/24/apt28.html …#ThreatIntelpic.twitter.com/6Vt0tT5abO
Prikaži ovu nit -
-
#Sednit Decoy document seems utilized by#APT28 to target the Ministry of Foreign Affairs of#Ukraine. Template injection has been used to reduce detection rate and the malicious macro from remote extracts#Nim downloader to retrieve the final payload. https://www.virustotal.com/gui/file/cd7660ddb2a022a89312965bf29d81c8dd3d5585d8858e626ccac945942c4b4c …pic.twitter.com/Zr0BRxNkg7
-
#Sofacy#Strontium#APT28 spread new campaign. Target:#IoT devices. C2: 167.114.153.55 94.237.37.28 82.118.242.171 31.220.61.251 128.199.199.187 Persistence obtained by a script shell. Among the#IoC once again Hostinger.pic.twitter.com/Zj7jLs1SnY
-
Regarding the
#STRONTIUM#APT28#FancyBear on IOT devices report For your convenience - I've added the IOCs (C2s & script keywords) to the standard IOC set of Fenrir, my simple Bash IOC scanner Happy hunting
https://github.com/Neo23x0/Fenrir pic.twitter.com/o0BAjiPivz
-
#APT#FancyBear Microsoft-like#typosquatting recent C2 domains onedrv-live[.]com onedrive-sharedfile[.]com microsoft-onthehub[.]com my-sharepoints[.]com my-sharefile[.]com#malware#APT28 -
2019-06-30:
#APT28/#Zebrocy Delphi#Implant
Custom b64 Decode | Check - lamer.exe & python.exe
C2: http://213.252.245 .32/ControllerReset/view/register/comid/sid.php
ht/ @DrunkBinary MD5: 01095fb2e3f6e8bfff536686982998ba
Similar to previous ->
https://www.vkremez.com/2019/01/lets-learn-overanalyzing-one-of-latest.html …pic.twitter.com/gjdcHD1hGB
Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.