🚨New ransom group blog post!🚨

Group name: akira
Post title: Rioja Motor
Info: https://cti.fyi/groups/akira.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

🚨New ransom group blog post!🚨

Group name: qilin
Post title: GROUPE SFPI
Info: https://cti.fyi/groups/qilin.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

🚨New ransom group blog post!🚨

Group name: akira
Post title: Nafco
Info: https://cti.fyi/groups/akira.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

🚨New ransom group blog post!🚨

Group name: akira
Post title: CONCEPTNET
Info: https://cti.fyi/groups/akira.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

🚨New ransom group blog post!🚨

Group name: akira
Post title: Dixon Electrical Systems & Contracting
Info: https://cti.fyi/groups/akira.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

🚨New ransom group blog post!🚨

Group name: akira
Post title: Schmiede
Info: https://cti.fyi/groups/akira.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

🚨New ransom group blog post!🚨

Group name: akira
Post title: Autitransa
Info: https://cti.fyi/groups/akira.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

FamousSparrow / SparrowDoor static analysis.
Legacy variant (2019-2022), SHA256: 8dfaa1f579...

4 findings not present in public vendor reporting
at time of analysis (ESET, UK NCSC, Trend Micro, Microsoft)

→ Inverted anti-sandbox logic
→ Three-table substitution system
→ .text section entropy anomaly
→ 113 indirect call sites in 26KB binary

Thread: [PHIM] findings only.
Full report: https://github.com/seraphimdeck/SerapHim-CTI

#FamousSparrow #SaltTyphoon #MalwareAnalysis #CTI

🚨New ransom group blog post!🚨

Group name: spacebears
Post title: Acuna Fombona (AFOM)
Info: https://cti.fyi/groups/spacebears.html

#ransomware #cti #threatintelligence #cybersecurity #infosec