Mastodawn

Threat Intelligence Sep 4, 2025

(seqrite.com) Noisy Bear APT: Multi-Stage Campaign Targeting Kazakhstan Energy Sector with DOWNSHELL PowerShell Loaders

https://www.seqrite.com/blog/operation-barrelfire-noisybear-kazakhstan-oil-gas-sector/

#TheatIntel #Cybersecurity #Infosec
@[email protected] @cybersecurity

1/2

Operation BarrelFire: NoisyBear Targets Kazakhstan Oil & Gas

Seqrite Labs uncovers Operation BarrelFire by NoisyBear, a cyber-espionage campaign targeting Kazakhstan’s oil & gas sector through phishing and malware.

Blogs on Information Technology, Network & Cybersecurity | Seqrite

Fafner [_KeyZee_]May 4, 2024

Should we continue to let DLS website visible on the public instance of RansomLook.io ?
Should we continue to let full access to the API too ?
#ransomware #theatIntel

Volexity

Sep 22, 2023

@volexity's #theatintel team works with some of the most targeted groups in the world. Today, at the LABScon conference, we are sharing details of a long-running campaign by EvilBamboo. We have also just published details on our blog: https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/.

Our analysis has uncovered evidence of the attacker building online communities on various social media & messaging platforms, creating fake personas on social media sites, and using other #socialengineering techniques in order to distribute #Android malware, including #BADBAZAAR. Additionally, there is strong evidence of #iOS device targeting and likely exploitation using IRONSQUIRREL.

#dfir #security

Renée Burton Jul 25, 2023

A few months ago I posted about a DNS malware C2 we had discovered— Decoy Dog — that was based on Pupy, had been undetected for over a year, and had some inexplicable behavior. We hoped the community would easily find the infected devices based on the info we provided. No suck luck. Since then we have used DNS to learn and an astonishing amount about the operations. Once we realized Decoy Dog was more advanced than Pupy, and we saw how the actors responded to our original relesases, we went back to the binaries. Today we released an indepth technical analysis of Decoy Dog, a Pupy research data set, and a new Yara rule. This is the exec summary. Link to the full technical paper and other tidbits in the comments. #dns #theatintel #malware #decoydog #rat #c2 #infoblox #datascience #threatresearch https://blogs.infoblox.com/cyber-threat-intelligence/decoy-dog-is-no-ordinary-pupy-distinguishing-malware-via-dns/

Decoy Dog: Separating a Sly DNS Malware from the Pack | Infoblox

Infoblox details how the DNS malware Decoy Dog is the work of advanced persistent threat actors and why it should worry organizations worldwide.

Infoblox Blog

Gonçalo Ribeiro Dec 5, 2022

What kind of scam is this? DM received on birdsite.

hxxps://btcusdt365.com

#scam #theatIntel #phishing #IoC