Mastodawn

BBC6Music 🎶 #NowPlaying Bot Jul 18, 2025

🇺🇦 #NowPlaying on #BBC6Music's #ChrisHawkins

Pebbledash:
🎵 Cartography

#Pebbledash

https://pebbledashband.bandcamp.com/track/cartography

https://open.spotify.com/track/0DcaDx6b5ycTUjIlWrfQmJ

Cartography, by Pebbledash

track by Pebbledash

Pebbledash

NICOROLA Jun 13, 2025

Pebbledash – Asha’s Waltz

Die Band Pebbledash aus Cork hat ihrer aktuellen Tour den Namen Of Seaweed and Sandstone gegeben – ein Titel, der nicht nur schön klingt, sondern auch ziemlich gut beschreibt, worum es ihnen gerade geht. Da, wo Meer auf Fels trifft, entsteht Spannung – genau wie in ihren neuen Songs.

Hier ist die aktuelle und wunderschöne Single Asha’s Waltz.

https://youtu.be/t2FtHoAxtmg?si=lFRVEb4Ptb9LxO66

#Pebbledash

NICOROLA - Music blog Jun 13, 2025

Die Band Pebbledash aus Cork hat ihrer aktuellen Tour den Namen Of Seaweed and Sandstone gegeben – ein Titel, der nicht nur schön klingt, sondern auch ziemlich gut beschreibt, worum es ihnen gerade geht. Da, wo Meer auf Fels trifft, entsteht Spannung – genau wie in ihren neuen Songs. Hier ist die aktuelle und wunderschöne […] …
#Pebbledash
#indiemusic
https://www.nicorola.de/pebbledash-ashas-waltz/

lazarusholic Apr 24, 2025

"Distribution of PebbleDash Malware in March 2025" published by Ahnlab. #Kimsuky, #PebbleDash, #DPRK, #CTI https://asec.ahnlab.com/en/87621/

Distribution of PebbleDash Malware in March 2025 - ASEC

PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. At the time, it was known as the malware of the Lazarus group, but recently, there have been more cases of the PebbleDash malware being […]

ASEC

lazarusholic Apr 22, 2025

"2025년 3월 PebbleDash 악성코드 유포 사례" published by Ahnlab. #Kimsuky, #PebbleDash, #DPRK, #CTI https://asec.ahnlab.com/ko/87613/

2025년 3월 PebbleDash 악성코드 유포 사례 - ASEC

PebbleDash 백도어 악성코드는 지난 2020년에 미국 국토부 산하기관인 CISA에서 명명한 Lazarus(Hidden Corba)의 백도어 악성코드이다. 당시에는 Lazarus 그룹의 악성코드로 알려져있었지만 최근들어 Lazarus 그룹의 공격 사례보다는 개인을 대상으로 악성코드 유포를 일삼는 Kimsuky 그룹의 공격 사례에서 PebbleDash 악성코드가 다수 확인되고 있다. 본 보고서에서는 Kimsuky 그룹의 PebbleDash 악성코드 최신 유포 과정과 PebbleDash와 함께 확인되는 악성코드와 추가 모듈에 대해 다루고자 […]

ASEC

vinyl-keks.eu Apr 20, 2025

Pebble Dash im Café Herzhäuschen – live am 12.04.2025

Die Themen bleiben aber nicht so leicht und unbekümmert wie „die Bicke“ ist – Klimakrise, Social Justice. Ich sagte ja, Punk, aber mit deutlich mehr Akkorden und dadurch, jetzt lehn ich mich mal ein wenig aus dem Fenster, können auch Menschen, die diese Themen weit von sich rücken, hier hervorragend antizipieren.

Hier kommt der Konzertbericht von @AnneReif
https://vinyl-keks.eu/pebbledash-im-cafe-herzhaeuschen-live-am-12-04-2025/

#Bickendorf #CafeHerzhäuschen #Köln #Pebbledash #ReleaseDay

Pebble Dash im Café Herzhäuschen - live am 12.04.2025 | vinyl-keks.eu

Es spielen Pebbledash ihr Releasekonzert, feinsten Singer-Songwritersound,

vinyl-keks.eu

Andreas Klopsch Apr 19, 2025

A common way for malware to disguise its C2 communication and stay under the radar is mimicking widely accepted protocols such as TLS and blend into the existing traffic.

The deep dive below into PebbleDash’s FakeTLS C2 protocol shows how North Korean APTs fake TLS handshakes and use hardcoded RC4 encryption to blend in with legit HTTPS traffic. Sneaky stuff — and a must-read for threat hunters. 🔍💻

https://malwareandstuff.com/reversing-pebbledashs-faketls-c2-protocol/

#malware #infosec #reverseengineering #pebbledash #cybersecurity #windows

Reversing PebbleDash’s FakeTLS Protocol

So I was looking through the CISA’s recent publications regarding three tools named PebbleDash[1], Copperhedge[2] and Taintedscribe[3] which are believed to be used by the state-sponsored Nor…

Malware and Stuff

lazarusholic Feb 14, 2025

"北 해킹 조직, 거래처 업무 메일로 위장한 스피어 피싱 공격 주의!" published by ESTSecurity. #Kimsuky, #PebbleDash, #DPRK, #CTI https://blog.alyac.co.kr/5526

北 해킹 조직, 거래처 업무 메일로 위장한 스피어 피싱 공격 주의!

안녕하세요? 이스트시큐리티 시큐리티대응센터(이하 ESRC)입니다.  최근 거래처 업무메일을 위장한 스피어 피싱 공격이 발견되어 기업 사용자분들의 각별한 주의가 필요합니다. 이번 공격은 이메일 수신자가 거래처와 업무상 메일을 주고 받는 과정 중에 공격자가 회신메일을 보냄으로써 사용자가 의심하지 못하도록 교묘하게 속이는 수법을 사용했습니다. 이를 위해 공격자는 사전에 메일 수신자의 계정을 탈취한 뒤 이메일 수신내역을 확인하는 작업을 진행했을 것으로 유추됩니다. 악성 메일은 ‘정기점검서 송부 건’ 과 ‘노트북 견적 문의’ 에 대한 회신메일에 도용된 계정을 사용하여 발신자명 조작 후 동일한 수신자에게 발송되었습니다. 첫 번째 메일의 경우 먼저 발송된 정상 회신메일과 동일한 내용으로 첨부파일만 교체하여 다시 발송..

이스트시큐리티 알약 블로그

lazarusholic Feb 13, 2025

"Lazarus Backdoor with IT Lure" published by dmpdump. #Lazarus, #PebbleDash, #DPRK, #CTI https://dmpdump.github.io/posts/Lazarus-Backdoor-ITLure/

Lazarus Backdoor with IT Lure

On January 27, 2025, @smica83 shared a sample on X indicating that it looked like Lazarus malware. I reviewed the sample and concluded that, indeed, it is a North Korean backdoor, likely the latest version of a backdoor publicly tracked as PEBBLEDASH.

dmpdump

Just Another Blue Teamer Feb 6, 2025

Good day everyone!

The wonderful researchers at AhnLab, Inc. Security Intelligence Center (ASEC) publishes their findings on recent attacks they observed coming from the #Kimsuky group. The APT group delivered malicious .LNK files through spear-phishing attacks and these files contained the company's they were targeting names, which would suggested this was a targeted attack. As the attack progressed, the #PebbleDash backdoor and a custom version of #RDPWrapper (which is a software that enabled remote desktop on systems that may not support Windows Native RDP).

Behavior Summary (With MITRE ATT&CK):
Initial Access:
Phishing: Spearphishing Attachment (T1566.001) - Kimsuky delivered their malicious .LNK files through email.

Execution:
Comand and Scripting Interpreter: Powershell (T1059.001) - When the LNK file is executed, a powershell (or mshta.exe) is executed to download and execute addtional payloads from external sources.

Defense Evasion:
System Binary Proxy Execution: Mshta (T1218.005) - When the LNK file is executed it could lead to mshta executed to download and execute addtional payloads from external sources.

Masquerading: Masquerade File Type (T1036.008) - The .LNK files are disguised as a document file with an Office document icon such as PDF, Excel, or Word.

Collection/Credential Access:
Input Capture: Keylogging (T1056.001)
The APT group used a powershell script to perform keylogging and also installs keyloggers in executable file format.

You know the drill! Go check out the article for a lot more technical details! Enjoy and Happy Hunting!

Persistent Threats from the Kimsuky Group Using RDP Wrapper
https://asec.ahnlab.com/en/86098/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Persistent Threats from the Kimsuky Group Using RDP Wrapper - ASEC

AhnLab SEcurity intelligence Center (ASEC) has previously analyzed cases of attacks by the Kimsuky group, which utilized the PebbleDash backdoor and their custom-made RDP Wrapper. The Kimsuky group has been continuously launching attacks of the same type, and this post will cover additional malware that have been identified. 1. Overview Threat actors are distributing […]

ASEC