13 𝑫𝙖𝒚𝙨 𝙤𝒇 𝑯𝙖𝒍𝙡𝒐𝙬𝒆𝙚𝒏: "𝙈𝒊𝙢𝒊𝙘" (1997) 𝙈𝒐𝙫𝒊𝙚 𝙍𝒆𝙫𝒊𝙚𝒘

2025 Theme: Decades of Horror
Director: Guillermo del Toro

#moviereview #halloween #horror #horrormovie #13DaysOfHalloween #mimic #monsterhorror #insects #GuillermodelToro

Team46 and TaxOff: Two Sides of the Same Coin

This intelligence report reveals that Team46 and TaxOff are likely the same APT group, now referred to as Team46. The analysis compares their attack methods, including the use of similar PowerShell commands, URL patterns, and loader functionality. Both groups utilized zero-day exploits and developed sophisticated malware, indicating a long-term strategy for maintaining persistence in compromised systems. The report details the encryption layers and decryption process of the Trinper backdoor, as well as the use of auxiliary tools for system reconnaissance. The unified group's infrastructure mimics legitimate services, and their techniques include phishing emails, DLL hijacking, and the use of Cobalt Strike beacons.

Pulse ID: 6901f129a41c174ffad3e746
Pulse Link: https://otx.alienvault.com/pulse/6901f129a41c174ffad3e746
Pulse Author: AlienVault
Created: 2025-10-29 10:49:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CobaltStrike #CyberSecurity #Email #Encryption #ICS #InfoSec #Malware #Mimic #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #ZeroDay #bot #AlienVault

New Android Malware Mimics Human Behavior to Evade Detection

A new Android malware called Herodotus has been discovered, designed to perform device takeover while mimicking human behavior to bypass biometric detection. Active campaigns have been observed in Italy and Brazil. Herodotus is being offered as Malware-as-a-Service and shows links to the previously known Brokewell malware. It uses side-loading for distribution and employs various techniques to steal credentials and perform remote device control. A unique feature is its attempt to humanize remote actions by randomizing delays between text inputs. The malware targets financial organizations and crypto wallets, with potential for global expansion. Its development highlights the growing threat of Device-Takeover banking Trojans and the need for advanced, layered security approaches.

Pulse ID: 69010a6d2cf6e435ac05b202
Pulse Link: https://otx.alienvault.com/pulse/69010a6d2cf6e435ac05b202
Pulse Author: AlienVault
Created: 2025-10-28 18:24:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #Biometric #Brazil #CyberSecurity #ICS #InfoSec #Italy #Malware #MalwareAsAService #Mimic #OTX #OpenThreatExchange #Trojan #bot #AlienVault

First steps in my new #dungeon 🧙🏻‍♀️
War so klar das ich als erstes Monster die #mimic erwische 😆

#DieInADungeon #dungenerator #rollinkunz

#brettspiele #boardgames #sologames #sologamer #brettspielliebe #dungeoncrawler

@brettspiele

New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials

Pulse ID: 68f93a88b73f5330bdae84be
Pulse Link: https://otx.alienvault.com/pulse/68f93a88b73f5330bdae84be
Pulse Author: cryptocti
Created: 2025-10-22 20:11:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Microsoft #Mimic #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocti

Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance

A new phishing kit named Tykit has been discovered targeting Microsoft 365 accounts across various industries. The campaign, active since May 2025, uses SVG files as delivery vectors and implements a multi-stage attack chain. Tykit mimics Microsoft login pages, employs evasion tactics, and executes client-side code in several stages. The most affected industries include construction, professional services, IT, finance, government, and telecom, with victims spread across the US, Canada, LATAM, EMEA, Southeast Asia, and the Middle East. The kit utilizes Cloudflare Turnstile for anti-bot protection and implements basic anti-debugging measures. It exfiltrates stolen credentials through a series of API calls to its command and control servers.

Pulse ID: 68f7ffe93793818f9533f09b
Pulse Link: https://otx.alienvault.com/pulse/68f7ffe93793818f9533f09b
Pulse Author: AlienVault
Created: 2025-10-21 21:49:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Canada #Cloud #CyberSecurity #Government #ICS #InfoSec #Microsoft #MiddleEast #Mimic #OTX #OpenThreatExchange #Phishing #RAT #SVG #Telecom #bot #AlienVault

Malicious package with AdaptixC2 framework agent found in npm registry

A malicious package named 'https-proxy-utils' was discovered in the npm registry, posing as a utility for using proxies but containing a post-install script that downloads and executes the AdaptixC2 post-exploitation framework agent. The package mimicked popular legitimate packages and cloned functionality from another package. It included OS-specific adaptations for Windows, Linux, and macOS, using various techniques to load and launch the implant. Once deployed, the AdaptixC2 agent provides remote access, command execution, and persistence capabilities. This incident highlights the growing trend of abusing open-source software ecosystems as an attack vector, following a similar high-profile incident involving the Shai-Hulud worm.

Pulse ID: 68f7a91437326ccb64b8452c
Pulse Link: https://otx.alienvault.com/pulse/68f7a91437326ccb64b8452c
Pulse Author: AlienVault
Created: 2025-10-21 15:39:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #HTTP #HTTPS #InfoSec #Linux #Mac #MacOS #Mimic #NPM #OTX #OpenThreatExchange #Proxy #RCE #Windows #Worm #bot #AlienVault

Microsoft Branding Used in New Tech Support Scam

A new campaign has been identified that exploits Microsoft's brand recognition to lure users into tech support scams. The attack begins with an email promising a payment, which leads to a fake CAPTCHA challenge. Upon completion, users are redirected to a landing page where their browser appears locked, mimicking a ransomware attack. Multiple pop-ups resembling Microsoft security alerts overwhelm the user, urging them to call a fake support number. This sophisticated approach combines payment lures, fake CAPTCHA challenges, and fraudulent Microsoft overlays with phone-based social engineering to exploit victims and potentially gain access to their systems. The campaign highlights the dangers of blindly trusting familiar branding and emphasizes the need for multi-layered security and user vigilance.

Pulse ID: 68f7ae53ea264f8e7bfdcefd
Pulse Link: https://otx.alienvault.com/pulse/68f7ae53ea264f8e7bfdcefd
Pulse Author: AlienVault
Created: 2025-10-21 16:01:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CAPTCHA #CyberSecurity #Email #InfoSec #Microsoft #Mimic #OTX #OpenThreatExchange #RansomWare #Rust #SocialEngineering #bot #AlienVault

Malicious package with AdaptixC2 framework agent found in npm registry

A malicious package named 'https-proxy-utils' was discovered in the npm registry, posing as a utility for using proxies but containing a post-install script that downloads and executes the AdaptixC2 post-exploitation framework agent. The package mimicked popular legitimate packages and cloned functionality from another package. The script included payload delivery methods for Windows, Linux, and macOS, using specific techniques for each operating system. Once deployed, the AdaptixC2 agent provides remote access, command execution, and persistence capabilities. This incident highlights the growing trend of abusing open-source software ecosystems as an attack vector, following a similar high-profile incident involving the Shai-Hulud worm.

Pulse ID: 68f22e20dbd8823524fbecb6
Pulse Link: https://otx.alienvault.com/pulse/68f22e20dbd8823524fbecb6
Pulse Author: AlienVault
Created: 2025-10-17 11:53:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #HTTP #HTTPS #InfoSec #Linux #Mac #MacOS #Mimic #NPM #OTX #OpenThreatExchange #Proxy #RAT #RCE #Windows #Worm #bot #AlienVault

Mimicking as OpenAI and Sora Services for Credential Theft

Pulse ID: 68f148cba5f7f2efc13dc3bd
Pulse Link: https://otx.alienvault.com/pulse/68f148cba5f7f2efc13dc3bd
Pulse Author: cryptocti
Created: 2025-10-16 19:34:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #bot #cryptocti