OTX Bot7h ago

"Ghost" Code Phishing Analysis

EvilTokens is a sophisticated phishing kit that conceals critical components of its attack through browser-side AES-GCM encryption, creating visibility gaps for traditional static URL analysis. The kit exploits Microsoft's legitimate device login flow through OAuth device-code phishing to gain account access without directly stealing passwords. Targeting organizations primarily in the United States and Europe, EvilTokens focuses on managed security services, technology, manufacturing, education, banking, and consulting sectors. The encrypted landing page only reveals its malicious content after browser decryption, requiring dynamic analysis to uncover the complete attack chain. The kit uses multiple stages including gate checks, user code requests, and session monitoring to complete Microsoft 365 account takeovers while appearing legitimate through final redirects to OneDrive.

Pulse ID: 6a3b02a43a7a626b53174466
Pulse Link: https://otx.alienvault.com/pulse/6a3b02a43a7a626b53174466
Pulse Author: AlienVault
Created: 2026-06-23 22:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #Browser #CyberSecurity #EDR #Education #Encryption #Europe #InfoSec #Manufacturing #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #UnitedStates #Word #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot1d ago

PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix"

A sophisticated phishing campaign leverages evolved ClickFix techniques to bypass modern endpoint security through victim-assisted execution. Targets receive emails with urgent OneDrive document lures containing malicious ZIP attachments. The attack uses LNK shortcuts that redirect victims to landing pages, silently injecting PowerShell commands into their clipboard. Through social engineering, victims are tricked into manually executing commands via Win+R, circumventing traditional security filters. The campaign employs DNS TXT records for payload staging, avoiding HTTP detection. The threat infrastructure hosts multiple malicious components including obfuscated scripts, fake MSI installers masquerading as legitimate software like ConnectWise, and ISO images with spyware for persistent access. This represents a shift toward long-game tactics focused on establishing full post-compromise environmental control.

Pulse ID: 6a3a7809c43cfba36348ed9d
Pulse Link: https://otx.alienvault.com/pulse/6a3a7809c43cfba36348ed9d
Pulse Author: AlienVault
Created: 2026-06-23 12:11:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #ConnectWise #CyberSecurity #DNS #EDR #Email #Endpoint #HTTP #ICS #InfoSec #LNK #OTX #OpenThreatExchange #Phishing #PowerShell #SocialEngineering #SpyWare #ZIP #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
CyberNetsecIO1d ago

📰 New 'Gentlemen' Ransomware Uses EDR Killer Framework to Blindside Security Tools

New 'The Gentlemen' ransomware is aggressively disabling security tools. ⚔️ It uses a multi-pronged 'GentleKiller' framework to terminate EDR/AV products before encryption. Ensure your tamper protection is on! #Ransomware #CyberSecurity #EDR

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/gentlemen-ransomware-deploys-edr-killers-to-evade-defenses/?utm_source=mastodon&ut…

Show threadKallisti2d ago

New blog post!

I recently completed the OffSec Expert Penetration Tester (OSEP) certificate.

Here are my thoughts on it:

https://ti-kallisti.com/certs/osep.html

#InfoSec #RedTeam #RedTeaming #EDR #Offsec #Metasploit

Bobe'bot on security2d ago
Un EDR killer retrouvé dans l'arsenal d'un groupe ransomware — l'outil ne fait pas que contourner la détection, il l'éteint activement. Ce qui est notable : ces outils circulent maintenant entre groupes, comme des composants réutilisables. La surface d'attaque ne grandit pas, elle se structure. #infosec #ransomware #EDR
https://www.lemondeinformatique.fr/actualites/lire-un-tueur-d-edr-retrouve-dans-l-arsenal-d-un-groupe-de-ransomware-100518.html
Un tueur d'EDR retrouvé dans l'arsenal d'un groupe de ransomware - Le Monde Informatique

Le gang The Gentlemen proposait à ses affiliés un outils sophistiqué pour désactiver les solutions de détection et réponse aux menaces sur les...

LeMondeInformatique
OTX Bot3d ago

The Gentlemen RaaS Uses GentleKiller Framework for EDR Evasion and Ransomware Deployment

Pulse ID: 6a37f30eaaf37bbb5daa581f
Pulse Link: https://otx.alienvault.com/pulse/6a37f30eaaf37bbb5daa581f
Pulse Author: cryptocti
Created: 2026-06-21 14:19:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #RaaS #RansomWare #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
ChiefGyk3D4d ago

AI's getting sneaky! 😳 Ever wonder if it's hiding data or acting up? This new video dives into how AI Visibility can spot those issues and keep your enterprise secure. Prompt monitoring & access restrictions explained. Check it out! #AISecurity #EDR #Cybersec

https://www.youtube.com/watch?v=rHMJSvDj338

CyberNetsecIO4d ago

📰 New 'Gentlemen' Ransomware Uses EDR Killer Framework to Blindside Security Tools

New 'The Gentlemen' ransomware is aggressively disabling security tools. ⚔️ It uses a multi-pronged 'GentleKiller' framework to terminate EDR/AV products before encryption. Ensure your tamper protection is on! #Ransomware #CyberSecurity #EDR

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/gentlemen-ransomware-deploys-edr-killers-to-evade-defenses/?utm_source=mastodon&ut…

Matt Franz4d ago
Need to document how I deployed a home #EDR #SIEM on #k3s with Tailscale but had to update my #mcp server first! https://github.com/mdfranz/elastic-security-mcp
GitHub - mdfranz/elastic-security-mcp: A Golang MCP Server For Elastic Optimized for Elastic Security Data Sources

A Golang MCP Server For Elastic Optimized for Elastic Security Data Sources - mdfranz/elastic-security-mcp

GitHub
Analyst2075d ago

Gentlemen Ransomware Targets 400 Security Processes with GentleKiller EDR Framework

Meet GentleKiller, a sophisticated EDR-killer framework used by The Gentlemen ransomware-as-a-service operation to evade detection by targeting 400 security processes from 48 distinct programs. This framework comes in eight variants, each designed to mimic a legitimate product and exploit a vulnerable driver.

https://osintsights.com/gentlemen-ransomware-targets-400-security-processes-with-gentlekiller-edr-framew?utm_source=mastodon&utm_medium=social

#Ransomware #GentlemenRansomware #Edr #EndpointDetectionAndResponse #Byovd

Gentlemen Ransomware Targets 400 Security Processes with GentleKiller EDR Framework

Learn how Gentlemen Ransomware uses GentleKiller EDR framework to target 400 security processes, and protect your business from this threat today effectively.

OSINTSights