OTX Bot1h ago

Live C2 Dump Recovering Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger

On April 11, 2026, researchers analyzed a CHM file (api_reference.chm) tagged as Kimsuky that initiated a three-stage attack chain. The C2 server at check[.]nid-log[.]com had directory listing enabled, allowing recovery of complete source code for all payload stages: a 6,338-byte VBScript performing system reconnaissance and establishing persistence via scheduled task, a 449-byte VBScript bridge to PowerShell, and a 6,234-byte PowerShell keylogger with clipboard monitoring and timed exfiltration. The infrastructure included 79+ domains across 5 C2 IPs spanning Korean VPS providers. The server responded with "Million OK !!!!" signature, matching previously documented Kimsuky infrastructure while showing upgraded Apache/PHP stack. The operation targeted Korean Naver users through credential phishing and tax authority impersonation, with infrastructure linked to previously documented Kimsuky campaigns via shared DAOU Technology subnets.

Pulse ID: 69dd07742196e34ee1615b73
Pulse Link: https://otx.alienvault.com/pulse/69dd07742196e34ee1615b73
Pulse Author: AlienVault
Created: 2026-04-13 15:10:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #Apache #Clipboard #CyberSecurity #InfoSec #KeyLogger #Kimsuky #Korea #OTX #OpenThreatExchange #PHP #Phishing #PowerShell #RAT #RCE #UK #VBS #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot1h ago

REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation

An open directory discovery at refundonex[.]com exposed a complete Phishing-as-a-Service and RAT-as-a-Service platform targeting Spanish and Portuguese-speaking victims. The investigation uncovered 3,788 files including weaponized LNK, VBS, and AES-encrypted PowerShell payloads delivering a remote access trojan. The platform, called Shadow Panel, operates from Bulgarian infrastructure and offers capabilities including remote shell execution, screenshot capture, file management, browser credential theft, clipboard hijacking for cryptocurrency wallets, and multi-operator support. The C2 panel's frontend JavaScript was publicly accessible, revealing 29 API endpoints and the complete architecture. Infrastructure analysis linked the operation to nikola4010@proton[.]me through WHOIS data and historical malicious domain associations dating back to 2021, indicating a long-running cybercriminal operation with minimal detection coverage.

Pulse ID: 69dd066f59e22e6d1ee7315b
Pulse Link: https://otx.alienvault.com/pulse/69dd066f59e22e6d1ee7315b
Pulse Author: AlienVault
Created: 2026-04-13 15:06:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Bulgaria #Clipboard #CyberSecurity #Endpoint #InfoSec #Java #JavaScript #LNK #Nim #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RemoteAccessTrojan #Trojan #VBS #bot #cryptocurrency #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Ivan G.4d ago
After some time another #crafting experiment.
This time I decided to attempt making a #clipboard a project that is pretty easy and quick to do. The only problem I faced was the "rivets" (i don't know what is their real name), I didn't had the proper tool to secure them, so they are a little bit deformed. Follow me on #kofi (all posts are free): https://ko-fi.com/post/A-new-experiment-a-clipboard-homemade-R5R61XH3C6 #art #artandcraft
#bookbinding #craft #crafts #handmade #diy #cardboard #paper #hardcover #papercraft #handcraft
Pepes Hubzilla-SprechstundeApr 5
Der Pepe (Hubzilla) ⁂ wrote the following post Sun, 05 Apr 2026 16:24:25 +0200

Bilder einfügen mit Copy/Paste

Frohe Kunde für alle, die das Einfügen von Bildern in #hubzilla Postings zu "Umständlich" fanden.

"Admin" vom Hub libera.site hat ein Addon gezaubert, mit welchem man nun – was ja verschiedentlich ersehnt wurde – Grafiken/Bilder direkt aus dem Clipboard / der Zwischenablage in den Beitragseditor UND auch in den Kommentareditor einfügen kann.

Befindet sich also ein Bild in der Zwischenablage (z.B. ein Screenshot), dann kann man es direkt ins Posting einfügen, indem man ctrl-v oder rechte Maustaste ➔ Einfügen nutzt.

Es funktioniert prima. Habe es ausprobiert und das Addon ist bei meinem Klackerhub aktiviert. Wer dort einen Kanal hat, kann es direkt ausprobieren. Dazu einfach die App "Paste Image Upload" aus den verfügbaren Apps installieren... fertig!

Administratoren, die einen Hub betreiben, laden sich das Addon hier (ist als Anhang zum Posting vorhanden 📎) herunter und installieren es nach der Anleitung in der enthaltenen Datei README.md.

Für mich ein Kandidat für ein Standard-Addon!

#addon #clipboard
Der Pepe (Hubzilla) ⁂

Ich bin Dampf-Aktivist, Blogger, Hobby-Programmierer, Gitarren-Schrauber, Hunde- und Pferderetter u.v.m. und lebe in Ungarn, wohin ich vor Jahren ausgewandert bin. Mein Nick- bzw. Kanalname? Nun, dazu gibt es eine kleine Story: https://hub.hubzilla.hu/page/dampfdruckpresse/aboutddp#pepecyb I am a vaping activist, blogger, hobby programmer, guitar repairer, dog and horse rescuer and much more. I live in Hungary, where I emigrated years ago. My nick- or channel name? Well, there's a little story about that: https://hub.hubzilla.hu/page/dampfdruckpresse/aboutddp#pepecyb #[zrl=https://hub.pericles.hu/search?tag=ungarn]ungarn[/zrl] #[zrl=https://hub.pericles.hu/search?tag=hungary]hungary[/zrl] #[zrl=https://hub.pericles.hu/search?tag=magyarorsz%C3%A1g]magyarország[/zrl] #[zrl=https://hub.pericles.hu/search?tag=vape]vape[/zrl] #[zrl=https://hub.pericles.hu/search?tag=linux]linux[/zrl] #[zrl=https://hub.pericles.hu/search?tag=gitarre]gitarre[/zrl] #[zrl=https://hub.pericles.hu/search?tag=guitar]guitar[/zrl] #[zrl=https://hub.pericles.hu/search?tag=selfhost]selfhost[/zrl] #[zrl=https://hub.pericles.hu/search?tag=s04]s04[/zrl] #[zrl=https://hub.pericles.hu/search?tag=discworld]discworld[/zrl] #[zrl=https://hub.pericles.hu/search?tag=scheibenwelt]scheibenwelt[/zrl] #[zrl=https://hub.pericles.hu/search?tag=pratchett]pratchett[/zrl] #[zrl=https://hub.pericles.hu/search?tag=hubzilla]hubzilla[/zrl] #[zrl=https://hub.pericles.hu/search?tag=pfrunzel]pfrunzel[/zrl]

Stephen BlumApr 1

Built in shortcuts let you copy text straight to clipboard fast.

#clipboard #shortcuts #tips

OTX BotMar 31

Operation DualScript: Multi-Stage PowerShell Malware Targets Crypto

Operation DualScript is a sophisticated multi-stage malware campaign targeting cryptocurrency and financial activities. It utilizes Windows Scheduled Tasks, VBScript launchers, and PowerShell execution to maintain persistence while minimizing disk artifacts. The attack operates through two parallel chains: a web-based PowerShell loader deploying a cryptocurrency clipboard hijacker, and a secondary chain executing the RetroRAT implant in memory. RetroRAT monitors user activity, captures keystrokes, and tracks interactions with financial services to harvest sensitive information. The malware employs various anti-analysis techniques and establishes a command-and-control channel for remote access and data exfiltration. This campaign highlights the growing abuse of trusted system utilities and in-memory execution techniques to evade traditional detection mechanisms.

Pulse ID: 69cb7349f3c70800ebef7310
Pulse Link: https://otx.alienvault.com/pulse/69cb7349f3c70800ebef7310
Pulse Author: AlienVault
Created: 2026-03-31 07:10:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #CyberSecurity #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PowerShell #RAT #Rust #SMS #VBS #Windows #bot #cryptocurrency #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
HabrMar 27

clipboard-mcp: даём AI-ассистентам доступ к буферу обмена

AI-ассистенты в 2026 году умеют писать код, анализировать данные и управлять инфраструктурой. Но попросите Claude прочитать то, что вы только что скопировали — и он разведёт руками. Буфер обмена — одна из самых базовых вещей в десктопном workflow, и AI к нему доступа не имеет. Я написал clipboard-mcp , чтобы это исправить.

https://habr.com/ru/articles/1015844/

#rust #mcp #clipboard #ai #claude #open_source #model_context_protocol

clipboard-mcp: даём AI-ассистентам доступ к буферу обмена

AI-ассистенты в 2026 году умеют писать код, анализировать данные и управлять инфраструктурой. Но попросите Claude прочитать то, что вы только что скопировали — и он разведёт руками. Буфер обмена —...

Хабр
DanieMar 26

ClipCascade is an open-source lightweight utility that automatically syncs the clipboard across devices

https://squeet.me/display/962c3e10-d36568fa-ed470aa1f42ca3cb

Danie van der MerweMar 26

ClipCascade is an open-source lightweight utility that automatically syncs the clipboard across devices

This is a nice private option to sync across all your devices in real-time, and you can self-host you own sync device, rely on peer-to-peer between devices, or use their cloud sync. Traffic is end-to-end encrypted. It can support multiple users keep ...continues

See https://gadgeteer.co.za/clipcascade-is-an-open-source-lightweight-utility-that-automatically-syncs-the-clipboard-across-devices/

#clipboard #opensource #privacy #technology

ClipCascade Is An Open-source Lightweight Utility That Automatically Syncs The Clipboard Across Devices

This is a nice private option to sync across all your devices in real-time, and you can self-host you own sync device, rely on peer-to-peer between devices,

GadgeteerZA
HabrMar 26

[Перевод] 10 веб-API, заменяющих многие библиотеки JavaScript

Современные браузеры тихо съедают экосистему JavaScript живьем. За последние несколько лет основные браузеры выпустили нативные веб-API, которые заменяют удивительно большое количество утилит, которые мы до сих пор устанавливаем по привычке. Тем не менее, многие разработчики продолжают использовать уже ненужные, но привычные библиотеки. Если зависимость всегда работала, она остается в стеке, даже если браузер уже умеет выполнять ту же работу. Такой подход обходится дороже, чем кажется. Каждый дополнительный пакет увеличивает вес сборки, затраты на обслуживание, частоту обновления версий и риск отказа от проекта в долгосрочной перспективе. Нативные API-интерфейсы стоят пользователям 0 КБ данных, работают глубоко в движке (часто вне основного потока (main thread)) и используют оптимизации, недоступные библиотекам.

https://habr.com/ru/articles/1015134/

#javascript #js #webapi #fetch #formdata #url #popover #clipboard #resizeobserver #viewtransitions

10 веб-API, заменяющих многие библиотеки JavaScript

Современные браузеры тихо съедают экосистему JavaScript живьем. За последние несколько лет основные браузеры выпустили нативные веб-API, которые заменяют удивительно большое количество утилит, которые...

Хабр