home.social

#ta866 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ta866, aggregated by home.social.

  1. Super excited to share research that we just published related to activity associated with #TA866 #AsylumAmbuscade since 2021 as well as links to recent #WarmCookie/#BadSpace activity. Check it out!

    blog.talosintelligence.com/hig

    We also did an comparative analysis of the code execution flow in #Resident backdoor and #WarmCookie and took a look at recent changes in #WarmCookie functionality!

    blog.talosintelligence.com/war

  2. Super excited to share research that we just published related to activity associated with #TA866 #AsylumAmbuscade since 2021 as well as links to recent #WarmCookie/#BadSpace activity. Check it out!

    blog.talosintelligence.com/hig

    We also did an comparative analysis of the code execution flow in #Resident backdoor and #WarmCookie and took a look at recent changes in #WarmCookie functionality!

    blog.talosintelligence.com/war

  3. Super excited to share research that we just published related to activity associated with #TA866 #AsylumAmbuscade since 2021 as well as links to recent #WarmCookie/#BadSpace activity. Check it out!

    blog.talosintelligence.com/hig

    We also did an comparative analysis of the code execution flow in #Resident backdoor and #WarmCookie and took a look at recent changes in #WarmCookie functionality!

    blog.talosintelligence.com/war

  4. Super excited to share research that we just published related to activity associated with #TA866 #AsylumAmbuscade since 2021 as well as links to recent #WarmCookie/#BadSpace activity. Check it out!

    blog.talosintelligence.com/hig

    We also did an comparative analysis of the code execution flow in #Resident backdoor and #WarmCookie and took a look at recent changes in #WarmCookie functionality!

    blog.talosintelligence.com/war

  5. Super excited to share research that we just published related to activity associated with #TA866 #AsylumAmbuscade since 2021 as well as links to recent #WarmCookie/#BadSpace activity. Check it out!

    blog.talosintelligence.com/hig

    We also did an comparative analysis of the code execution flow in #Resident backdoor and #WarmCookie and took a look at recent changes in #WarmCookie functionality!

    blog.talosintelligence.com/war

  6. New research published today on #TA866 making their return to email. Interesting new TTPs to deliver the custom WasabiSeed and Screenshotter toolkit. This is yet another actor that uses #TA571 for payload delivery.

    proofpoint.com/us/blog/threat-

  7. New research published today on #TA866 making their return to email. Interesting new TTPs to deliver the custom WasabiSeed and Screenshotter toolkit. This is yet another actor that uses #TA571 for payload delivery.

    proofpoint.com/us/blog/threat-

  8. New research published today on #TA866 making their return to email. Interesting new TTPs to deliver the custom WasabiSeed and Screenshotter toolkit. This is yet another actor that uses #TA571 for payload delivery.

    proofpoint.com/us/blog/threat-

  9. New research published today on #TA866 making their return to email. Interesting new TTPs to deliver the custom WasabiSeed and Screenshotter toolkit. This is yet another actor that uses #TA571 for payload delivery.

    proofpoint.com/us/blog/threat-

  10. New research published today on #TA866 making their return to email. Interesting new TTPs to deliver the custom WasabiSeed and Screenshotter toolkit. This is yet another actor that uses #TA571 for payload delivery.

    proofpoint.com/us/blog/threat-

  11. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  12. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  13. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  14. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  15. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  16. A Russian threat group, dubbed #TA866 by #Proofpoint, is suspected of using a new technique to steal sensitive information. The group has been taking screenshots of infected devices and uploading them to a remote server. #cybersecurity andreafortuna.org/2023/02/08/r