home.social

#ta577 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ta577, aggregated by home.social.

  1. Just Another Blue Teamer @[email protected] ·

    Happy Wednesday everyone!

    The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

    After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

    Autorun or ASEP Registry Key Modification
    hunter.cyborgsecurity.io/resea

    Source of article:
    proofpoint.com/us/blog/threat-

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting

    #latrodectus #ta577 #ta578 #cybersecurity #itsecurity #infosec
  2. Just Another Blue Teamer @[email protected] ·

    Happy Wednesday everyone!

    The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

    After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

    Autorun or ASEP Registry Key Modification
    hunter.cyborgsecurity.io/resea

    Source of article:
    proofpoint.com/us/blog/threat-

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting

    #latrodectus #ta577 #ta578 #cybersecurity #itsecurity #infosec
  3. Just Another Blue Teamer @[email protected] ·

    Happy Wednesday everyone!

    The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

    After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

    Autorun or ASEP Registry Key Modification
    hunter.cyborgsecurity.io/resea

    Source of article:
    proofpoint.com/us/blog/threat-

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting

    #latrodectus #ta577 #ta578 #cybersecurity #itsecurity #infosec
  4. Just Another Blue Teamer @[email protected] ·

    Happy Wednesday everyone!

    The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

    After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

    Autorun or ASEP Registry Key Modification
    hunter.cyborgsecurity.io/resea

    Source of article:
    proofpoint.com/us/blog/threat-

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting

    #gethunting #huntoftheday #readoftheday #happyhunting #threatdetection #threathunting
  5. Just Another Blue Teamer @[email protected] ·

    Happy Wednesday everyone!

    The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

    After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

    Autorun or ASEP Registry Key Modification
    hunter.cyborgsecurity.io/resea

    Source of article:
    proofpoint.com/us/blog/threat-

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting

    #latrodectus #ta577 #ta578 #cybersecurity #itsecurity #infosec
  6. Pyrzout :vm: @[email protected] ·

    New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators hackread.com/latrodectus-downl #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot

    #latrodectus #blackbasta #ransomware #security #malware #icedid
  7. Pyrzout :vm: @[email protected] ·

    New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators hackread.com/latrodectus-downl #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot

    #latrodectus #blackbasta #ransomware #security #malware #icedid
  8. Pyrzout :vm: @[email protected] ·

    New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators hackread.com/latrodectus-downl #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot

    #qbot #ta588 #ta577 #icedid #malware #security
  9. Pyrzout :vm: @[email protected] ·

    New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators hackread.com/latrodectus-downl #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot

    #latrodectus #blackbasta #ransomware #security #malware #icedid
  10. Not Simon @[email protected] ·

    Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 proofpoint.com/us/blog/threat-

    #Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime

    #latrodectus #threatintel #icedid #ioc #ta577 #ta578
  11. Not Simon @[email protected] ·

    Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 proofpoint.com/us/blog/threat-

    #Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime

    #latrodectus #threatintel #icedid #ioc #ta577 #ta578
  12. Not Simon @[email protected] ·

    Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 proofpoint.com/us/blog/threat-

    #Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime

    #latrodectus #threatintel #icedid #ioc #ta577 #ta578
  13. Not Simon @[email protected] ·

    Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 proofpoint.com/us/blog/threat-

    #Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime

    #cybercrime #ta578 #ta577 #ioc #icedid #threatintel
  14. Not Simon @[email protected] ·

    Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 proofpoint.com/us/blog/threat-

    #Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime

    #latrodectus #threatintel #icedid #ioc #ta577 #ta578
  15. Not Simon @[email protected] ·

    Proofpoint warned that the TA577 cybercrime group, acting as initial access brokers (IAB), pivoting to stealing the NT LAN Manager (NTLM) hashes. Two distinct email-based campaigns that TA577 carried out on 26-27 February 2024 targeted hundreds of businesses. No IOC provided but Proofpoint lists defense-in-depth steps to defend against this. 🔗 proofpoint.com/us/blog/identit

    cc: @selenalarson

    #TA577 #cybercrime #threatintel #IAB

    #ta577 #cybercrime #threatintel #iab
  16. Not Simon @[email protected] ·

    Proofpoint warned that the TA577 cybercrime group, acting as initial access brokers (IAB), pivoting to stealing the NT LAN Manager (NTLM) hashes. Two distinct email-based campaigns that TA577 carried out on 26-27 February 2024 targeted hundreds of businesses. No IOC provided but Proofpoint lists defense-in-depth steps to defend against this. 🔗 proofpoint.com/us/blog/identit

    cc: @selenalarson

    #TA577 #cybercrime #threatintel #IAB

    #ta577 #cybercrime #threatintel #iab
  17. Not Simon @[email protected] ·

    Proofpoint warned that the TA577 cybercrime group, acting as initial access brokers (IAB), pivoting to stealing the NT LAN Manager (NTLM) hashes. Two distinct email-based campaigns that TA577 carried out on 26-27 February 2024 targeted hundreds of businesses. No IOC provided but Proofpoint lists defense-in-depth steps to defend against this. 🔗 proofpoint.com/us/blog/identit

    cc: @selenalarson

    #TA577 #cybercrime #threatintel #IAB

    #ta577 #cybercrime #threatintel #iab
  18. Not Simon @[email protected] ·

    Proofpoint warned that the TA577 cybercrime group, acting as initial access brokers (IAB), pivoting to stealing the NT LAN Manager (NTLM) hashes. Two distinct email-based campaigns that TA577 carried out on 26-27 February 2024 targeted hundreds of businesses. No IOC provided but Proofpoint lists defense-in-depth steps to defend against this. 🔗 proofpoint.com/us/blog/identit

    cc: @selenalarson

    #TA577 #cybercrime #threatintel #IAB

    #iab #threatintel #cybercrime #ta577
  19. Not Simon @[email protected] ·

    Proofpoint warned that the TA577 cybercrime group, acting as initial access brokers (IAB), pivoting to stealing the NT LAN Manager (NTLM) hashes. Two distinct email-based campaigns that TA577 carried out on 26-27 February 2024 targeted hundreds of businesses. No IOC provided but Proofpoint lists defense-in-depth steps to defend against this. 🔗 proofpoint.com/us/blog/identit

    cc: @selenalarson

    #TA577 #cybercrime #threatintel #IAB

    #ta577 #cybercrime #threatintel #iab
  20. Selena Larson @[email protected] ·

    #TA577 is a messy b that lives for drama. Learn more about their wild attack chain we spotted attempting to steal NTLM data. Great work by the team @Ffforward and Kelsey proofpoint.com/us/blog/threat-

    #ta577
  21. Selena Larson @[email protected] ·

    #TA577 is a messy b that lives for drama. Learn more about their wild attack chain we spotted attempting to steal NTLM data. Great work by the team @Ffforward and Kelsey proofpoint.com/us/blog/threat-

    #ta577
  22. Selena Larson @[email protected] ·

    #TA577 is a messy b that lives for drama. Learn more about their wild attack chain we spotted attempting to steal NTLM data. Great work by the team @Ffforward and Kelsey proofpoint.com/us/blog/threat-

    #ta577
  23. Selena Larson @[email protected] ·

    #TA577 is a messy b that lives for drama. Learn more about their wild attack chain we spotted attempting to steal NTLM data. Great work by the team @Ffforward and Kelsey proofpoint.com/us/blog/threat-

    #ta577
  24. Selena Larson @[email protected] ·

    #TA577 is a messy b that lives for drama. Learn more about their wild attack chain we spotted attempting to steal NTLM data. Great work by the team @Ffforward and Kelsey proofpoint.com/us/blog/threat-

    #ta577
  25. Tony Lambert @[email protected] ·

    New blog post! In this one I look at a Java-based dropper for Pikabot that TA577 used in mid-February 2024.
    forensicitguy.github.io/dissec
    #malware #pikabot #ta577

    #malware #pikabot #ta577
  26. Tony Lambert @[email protected] ·

    New blog post! In this one I look at a Java-based dropper for Pikabot that TA577 used in mid-February 2024.
    forensicitguy.github.io/dissec
    #malware #pikabot #ta577

    #malware #pikabot #ta577
  27. Tony Lambert @[email protected] ·

    New blog post! In this one I look at a Java-based dropper for Pikabot that TA577 used in mid-February 2024.
    forensicitguy.github.io/dissec
    #malware #pikabot #ta577

    #malware #pikabot #ta577
  28. Tony Lambert @[email protected] ·

    New blog post! In this one I look at a Java-based dropper for Pikabot that TA577 used in mid-February 2024.
    forensicitguy.github.io/dissec
    #malware #pikabot #ta577

    #ta577 #pikabot #malware
  29. Tony Lambert @[email protected] ·

    New blog post! In this one I look at a Java-based dropper for Pikabot that TA577 used in mid-February 2024.
    forensicitguy.github.io/dissec
    #malware #pikabot #ta577

    #malware #pikabot #ta577
  30. Sekoia.io @[email protected] ·

    #DarkGate gained popularity among threat actors (e.g: #TA577, #DuckTail), our #RE analysis details the internals of the malware, how it implements technique to evade defenses: Union-API, token theft via UpdateProcThreadAttribute, APC injection.

    blog.sekoia.io/darkgate-intern

    #darkgate #ta577 #ducktail #re
  31. Sekoia.io @[email protected] ·

    #DarkGate gained popularity among threat actors (e.g: #TA577, #DuckTail), our #RE analysis details the internals of the malware, how it implements technique to evade defenses: Union-API, token theft via UpdateProcThreadAttribute, APC injection.

    blog.sekoia.io/darkgate-intern

    #darkgate #ta577 #ducktail #re
  32. Sekoia.io @[email protected] ·

    #DarkGate gained popularity among threat actors (e.g: #TA577, #DuckTail), our #RE analysis details the internals of the malware, how it implements technique to evade defenses: Union-API, token theft via UpdateProcThreadAttribute, APC injection.

    blog.sekoia.io/darkgate-intern

    #darkgate #ta577 #ducktail #re
  33. 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @[email protected] ·

    This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿

    HELLO #TA577, IT’S TIME TO WAKE UP!!

    #icedid #backconnect #ta577
  34. 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @[email protected] ·

    This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿

    HELLO #TA577, IT’S TIME TO WAKE UP!!

    #icedid #backconnect #ta577
  35. 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @[email protected] ·

    This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿

    HELLO #TA577, IT’S TIME TO WAKE UP!!

    #icedid #backconnect #ta577
  36. 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @[email protected] ·

    This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿

    HELLO #TA577, IT’S TIME TO WAKE UP!!

    #ta577 #backconnect #icedid
  37. 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @[email protected] ·

    This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿

    HELLO #TA577, IT’S TIME TO WAKE UP!!

    #icedid #backconnect #ta577
  38. Selena Larson @[email protected] ·

    #TA577 returned yesterday from their month long break to deliver #Qbot via URLs to zipped OneNote. #TA570 came back too (after the blog was sent for publishing) with OneNote attachments to deliver Qbot.

    #ta577 #qbot #ta570
  39. Selena Larson @[email protected] ·

    #TA577 returned yesterday from their month long break to deliver #Qbot via URLs to zipped OneNote. #TA570 came back too (after the blog was sent for publishing) with OneNote attachments to deliver Qbot.

    #ta577 #qbot #ta570
  40. Selena Larson @[email protected] ·

    #TA577 returned yesterday from their month long break to deliver #Qbot via URLs to zipped OneNote. #TA570 came back too (after the blog was sent for publishing) with OneNote attachments to deliver Qbot.

    #ta577 #qbot #ta570
  41. Selena Larson @[email protected] ·

    #TA577 returned yesterday from their month long break to deliver #Qbot via URLs to zipped OneNote. #TA570 came back too (after the blog was sent for publishing) with OneNote attachments to deliver Qbot.

    #ta570 #qbot #ta577
  42. Selena Larson @[email protected] ·

    #TA577 returned yesterday from their month long break to deliver #Qbot via URLs to zipped OneNote. #TA570 came back too (after the blog was sent for publishing) with OneNote attachments to deliver Qbot.

    #ta577 #qbot #ta570
  43. Opalsec :verified: @[email protected] ·

    #TA570 and #TA577 actors, distributing #Qakbot/#Qbot #malware have gotten in on the #OneNote action, delivering lures going undetected by many AV engines.

    Highest number of flags is 2/60 based on this C2 IP called by malicious OneNote lures:

    virustotal.com/gui/ip-address/

    TA570/Obama Sample: bazaar.abuse.ch/sample/b45ace5

    TA577/BB## Sample: bazaar.abuse.ch/sample/bd040a7

    #ta570 #ta577 #qakbot #malware #onenote
  44. Opalsec :verified: @[email protected] ·

    #TA570 and #TA577 actors, distributing #Qakbot/#Qbot #malware have gotten in on the #OneNote action, delivering lures going undetected by many AV engines.

    Highest number of flags is 2/60 based on this C2 IP called by malicious OneNote lures:

    virustotal.com/gui/ip-address/

    TA570/Obama Sample: bazaar.abuse.ch/sample/b45ace5

    TA577/BB## Sample: bazaar.abuse.ch/sample/bd040a7

    #ta570 #ta577 #qakbot #malware #onenote
  45. Opalsec :verified: @[email protected] ·

    #TA570 and #TA577 actors, distributing #Qakbot/#Qbot #malware have gotten in on the #OneNote action, delivering lures going undetected by many AV engines.

    Highest number of flags is 2/60 based on this C2 IP called by malicious OneNote lures:

    virustotal.com/gui/ip-address/

    TA570/Obama Sample: bazaar.abuse.ch/sample/b45ace5

    TA577/BB## Sample: bazaar.abuse.ch/sample/bd040a7

    #ta570 #ta577 #qakbot #malware #onenote
  46. Opalsec :verified: @[email protected] ·

    #TA570 and #TA577 actors, distributing #Qakbot/#Qbot #malware have gotten in on the #OneNote action, delivering lures going undetected by many AV engines.

    Highest number of flags is 2/60 based on this C2 IP called by malicious OneNote lures:

    virustotal.com/gui/ip-address/

    TA570/Obama Sample: bazaar.abuse.ch/sample/b45ace5

    TA577/BB## Sample: bazaar.abuse.ch/sample/bd040a7

    #onenote #malware #qakbot #ta577 #ta570
  47. Opalsec :verified: @[email protected] ·

    #TA570 and #TA577 actors, distributing #Qakbot/#Qbot #malware have gotten in on the #OneNote action, delivering lures going undetected by many AV engines.

    Highest number of flags is 2/60 based on this C2 IP called by malicious OneNote lures:

    virustotal.com/gui/ip-address/

    TA570/Obama Sample: bazaar.abuse.ch/sample/b45ace5

    TA577/BB## Sample: bazaar.abuse.ch/sample/bd040a7

    #ta570 #ta577 #qakbot #malware #onenote