OTX Bot18h ago

Shuckworm Deploys GammaSteel Malware in Advanced Cyber Espionage Campaign

The Shuckworm group also known as Gamaredon or Armageddon has intensified its cyber espionage efforts focusing on Ukraine and extending its attacks to a Western military mission in Eastern Europe.

Pulse ID: 6818fb9a89b821c4c7636049
Pulse Link: https://otx.alienvault.com/pulse/6818fb9a89b821c4c7636049
Pulse Author: cryptocti
Created: 2025-05-05 17:55:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EasternEurope #Espionage #Europe #Gamaredon #InfoSec #Malware #Military #OTX #OpenThreatExchange #UK #Ukr #Ukraine #Worm #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot19h ago

Malware Campaign Uses JScript and PowerShell to Deploy XWorm and Rhadamanthys

Pulse ID: 6818f05fa7df75667b0912a2
Pulse Link: https://otx.alienvault.com/pulse/6818f05fa7df75667b0912a2
Pulse Author: cryptocti
Created: 2025-05-05 17:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #PowerShell #Rhadamanthys #Worm #XWorm #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Zzyzx/P2d ago

Why didn't the #worm eat the entire brain of this #stupid #idiot? It would've done us all a huge favor.

https://arstechnica.com/health/2025/04/rfk-jr-s-anti-vaccine-stance-is-rooted-in-a-disbelief-in-germ-theory/

#HHS #antiscience #antivaxxer #government #USPolitics

RFK Jr. rejects cornerstone of health science: Germ theory

In his 2021 book vilifying Anthony Fauci, RFK Jr. lays out support for an alternate theory.

Ars Technica
Peter Guckes4d ago
Friday is fish day! This week it’s a frugal #anglerfish - have a great weekend.
.
Zum heutigen Freitag habe ich einen frugalen #Anglerfisch für euch. Schönes Wochenende!
.
#sketchbook #drawing #sketching #illustration #freitagsgibtesfisch #freitagsfisch #freitagsfischbild #fishfriday #freitagistfischtag #freitagsgibtsfisch #fischamfreitag #worm #apple #collage
Itamar Reiner6d ago
PLP122: Non-Newtonian Entity #art #MastoArt #DigitalArt #DigitalPainting #Photoshop #Sketch #SpeedPaint #Fantasy #Horror #Creature #Worm #Monster
Bob Nicholls ArtApr 29

My 25 years of palaeoart chronology...

Here's a study of Kingnites, commissioned in 2022 for a project I cannot talk about yet. Kingnites, is an exceptionally large (1m long) Silurian polychaete annelid.

#Art #Painting #PaleoArt #PalaeoArt #SciArt #SciComm #DigitalArt #Illustration #Dinosaurs #Palaeontology #Paleontology #Kingnites #Silurian #Polychaete #Annelid #Worm #Fossil

the all devouring wormApr 20

Fried eggs skistomid

#worm #originalspecies #monster

OTX BotApr 18

Proton66: Compromised WordPress Pages and Malware Campaigns

This intelligence briefing focuses on malware campaigns linked to Proton66, particularly those targeting Android devices through compromised WordPress websites. It details how these sites were injected with malicious scripts to redirect Android users to fake Google Play Store pages. The report also covers the XWorm campaign targeting Korean-speaking users, the Strela Stealer targeting German-speaking countries, and the WeaXor ransomware. The analysis provides insights into the infection chains, malware configurations, and command-and-control servers used in these campaigns. Additionally, it offers recommendations for blocking associated IP ranges and lists numerous indicators of compromise (IOCs) for each campaign.

Pulse ID: 6802094e89f266c72f83bda4
Pulse Link: https://otx.alienvault.com/pulse/6802094e89f266c72f83bda4
Pulse Author: AlienVault
Created: 2025-04-18 08:11:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #CyberSecurity #Google #GooglePlay #InfoSec #Korea #Malware #OTX #OpenThreatExchange #RAT #RDP #RansomWare #Word #Wordpress #Worm #XWorm #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Jasper LangedijkApr 17
Gisteren kreeg ik een map met allerlei schrijfwerk uit het verleden die mijn opa Aat kennelijk bewaard had. Aat. Ik blader er doorheen. Allemaal korte dialogen in toneel vorm opgeschreven (dik gedrukt een naam, cursief een regieaanwijzing en daarachter een stukje gesproken tekst), dagboekachtige overpijnzingen, vreemde gedichten en een aantal brieven aan hem. Een wonderlijke nostalgische wandeling door vooral de negentiger jaren, toen ik tussen de 17 en de 27 was. Een deel op van dat kettingpapier. Bijgevoegd plaatje is van een gedichtje waarboven stond 'gedicht van Claudius'. Dat slaat op I, Claudius van Robert Graves. Daar was ik toen veel mee bezig. Onderaan de pagina staat de datum waarop ik het kennelijk schreef:

Oorspronkelijk geplaatst op -het inmiddels verlaten- Instagram op: jan 21, 2019 12:05 pm.

18 februari 1996. #poezie #gedichtje #brieven #aanstormendtalent #vogel #worm #kat #teruggevonden
OTX BotApr 16

JScript to PowerShell: Breaking Down a Loader Delivering XWorm and Rhadamanthys

This analysis examines a sophisticated malware loader that utilizes JScript to launch obfuscated PowerShell code, ultimately delivering payloads such as XWorm and Rhadamanthys. The loader employs geofencing tactics, targeting victims in the United States with XWorm RAT, while deploying Rhadamanthys stealer to users outside the U.S. The attack chain involves multiple stages of obfuscation and deobfuscation, including decimal encoding and string manipulation. The final payload is injected into RegSvcs.exe using reflective loading techniques. The loader also performs various cleanup actions to evade detection and remove traces of its activity. Both XWorm and Rhadamanthys are advanced malware variants with capabilities ranging from DDoS attacks to cryptocurrency theft.

Pulse ID: 67ff46c3697a4976dc919b5d
Pulse Link: https://otx.alienvault.com/pulse/67ff46c3697a4976dc919b5d
Pulse Author: AlienVault
Created: 2025-04-16 05:57:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #ICS #InfoSec #Malware #OTX #OpenThreatExchange #PowerShell #RAT #Rhadamanthys #UnitedStates #Worm #XWorm #bot #cryptocurrency #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange