Andy Moore

@malwaresoup

Yet another cyber threat analyst. Standard "thoughts and opinions are my own" disclaimer

Vrijeme pridruživanja: rujan 2016.
5 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @malwaresoup

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @malwaresoup

  1. prije 5 sati

    Pretty interesting campaign we've been following. It's stated there, but despite the use of the packer/loader seen in MINEDOOR (packer used by ), we're tracking this activity as separate from TA505 - TTPs are quite different from what we've seen from that group

    It was my pleasure to work on this with and , two excellent analysts. Malware analysis provided by the awesome .
    Prikaži ovu nit
    3 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    2020-01-31:[INTEL]🙏💬Please remember: is not necessarily (linked to operation). 🕯️While there might be some distribution member overlap, these groups are not the same and cannot be equated. I'm not sure why TA505 is being again AKA'ed as EvilCorp here.

    Dudear (aka TA505/SectorJ04/Evil Corp), used in some of the biggest malware campaigns today, is back in operations this month after a short hiatus. While we saw some changes in tactics, the revived Dudear still attempts to deploy the info-stealing Trojan GraceWire.
    Prikaži ovu nit
    29 proslijeđenih tweetova 46 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    27. sij

    back again. Stage 1 still GET to 7 character png, followed by 9 character png -> poshAdvisor

    4 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Poništi
  4. 20. velj 2019.

    Two very different takes on the snow this morning...

    1 reply
    Poništi
  5. 29. stu 2018.

    Pretty shameful stuff right here

    JUST IN: Veterans Affairs Dept. tells congressional staffers it won't repay underpaid GI Bill recipients, sources say.
    Poništi
  6. proslijedio/la je Tweet
    23. kol 2018.

    One way to deal with imposter syndrome is to engage with your peers and put your ideas out there. You'll probably find out that those ideas aren't as crazy as you think. :)

    8 proslijeđenih tweetova 21 korisnik označava da mu se sviđa
    Poništi
  7. proslijedio/la je Tweet
    22. kol 2018.

    LMK if you would like to hunt for bad guys on a massive and ever changing network. Work for a company that encourages and values innovation. Be part of a global team that is focused on detecting / responding to threats of all types.

    30 proslijeđenih tweetova 24 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    22. kol 2018.

    New research: Analysis of the Outlook Backdoor. It is fully controlled by PDF attachments sent by emails. It was allegedly used against the German Foreign Office last year. Blogpost: Full WP:

    5 replies 325 proslijeđenih tweetova 462 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. 6. srp 2018.

    "Normal" or "expected" behavior does not always look normal at first glance. Just spent 2 days investigating traffic I was convinced was malicious only to discover some fun quirks in the way WPAD works.

    3 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    27. lip 2018.

    More on my team @ large growing FinTech in NoVA. Unfortunately not remote need to be willing to be based in McLean or Richmond. Internal InfoSec consultant w/2-5yrs in risk management and AppSec. Will consider even if you were more tech side than security side. DM

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  11. 1. lip 2018.

    TLDR: -2017-11882 exploits work using either 0x00430C12 or 0x00630C12 as the target memory address bc input is converted to uppercase before the buffer overflow occurs. 63 = 'c' and 43 = 'C'. Neat signature evasion trick.

    1 reply 9 proslijeđenih tweetova 13 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    30. svi 2018.

    📢🔔 Just 1 more month to submit your talk at BSides DC cc !

    8 proslijeđenih tweetova 1 korisnik označava da mu se sviđa
    Poništi
  13. proslijedio/la je Tweet
    23. tra 2018.

    Red team: “we can’t tell you how we did that” “...then what good are you?” We can wrap up right now, that’s the takeaway for the week.

    6 replies 26 proslijeđenih tweetova 144 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    11. tra 2018.

    Automatically Stealing Password Hashes with Microsoft Outlook and OLE. Put the case that rather than a remote image file, it's an OLE document that is loaded from a remote SMB server... cc: and

    69 proslijeđenih tweetova 99 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    4. tra 2018.

    Powershell Download Cradles: an overview about executing code typically at the end of a maldoc or exploit. "A download cradle is a single line command for download and code execution". Via cc:

    36 proslijeđenih tweetova 38 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    19. ožu 2018.

    New blogpost announcing the release of Endgame Red Team Automation (RTA), which is an open source toolkit to enable organizations to test their defenses against a range of tactics within MITRE’S ATT&CK matrix:

    233 proslijeđena tweeta 411 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    13. ožu 2018.
    Odgovor korisniku/ci

    If it’s not a hypothesis led proactive investigation it doesn’t fit. Also it has to go beyond your current automation footprint, so by default if a tool is doing it it’s not threat hunting. But an analyst could use any tool to go on a hunt if it helps test the hypothesis

    6 replies 12 proslijeđenih tweetova 41 korisnik označava da mu se sviđa
    Poništi
  18. proslijedio/la je Tweet
    9. velj 2018.

    Here’s a question for you... If you could step away from your job for three months, and with that time your goal was to use your tech skills to help improve as many people lives as possible...what would you do?

    14 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    18. velj 2018.

    Blue Team Summit speakers & of will explain how pack hunting can demonstrate the value of integrating a well-defined hunt program into an organization's detection strategy | April 23-24 | Louisville, KY | Agenda:

    5 proslijeđenih tweetova 9 korisnika označava da im se sviđa
    Poništi
  20. 14. velj 2018.

    Excited to be speaking along side at (April 23-24 | Louisville, KY). We'll be talking about threat hunting as a team and some of our lessons learned from implementing a hunt program in a large organization.

    2 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Poništi

@malwaresoup još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·