abuse.ch 
We have just published our report for December 2022, providing you some insights into malware trends across our platforms, including #URLhaus and #MalwareBazaar 🪲🔎👀
| https://twitter.com/luc4m |
Luc4m
- 133 Followers
- 134 Following
- 13 Posts
(っ◔◡◔)っ
🚨New blog post out! 🚨
Analysis of the latest #NullMixer attack wave uncovered Italy and France as top targets in Europe. Over 8k endpoints hit, including IoT. Also, new polymorphic loaders and controversial code were found.
Link:
https://medium.com/@lcam/updates-from-the-maas-new-threats-delivered-through-nullmixer-d45defc260d1
New blog post out: technical analysis of some tools in the #Makop #ransomware arsenal.
They have not retooled since 2020.. and still be able to successfully attack companies.
https://medium.com/@lcam/makop-the-toolkit-of-a-criminal-gang-53cd44563c11
Interesting payload protected with #Espio #redteam (asas.exe)
#shellcode extracted:
#⃣97319fc83dfed8015ded37bc8069dfe8
Elevator.exe is a UAC bypass tool written in rust.
shellcode: https://pastebin.com/AvbeENgM
and epsio decryption utility:
https://gist.github.com/luca-m/212395d4fa721826106343416b0edd64
H/T:
@r3dbU7z -> https://twitter.com/r3dbU7z/status/1627205584108896256
Virus BulletinPhylum researchers have discovered over 451 unique malicious packages targeting popular PyPI packages. The threat actors attempted to replace cryptocurrency addresses in developer clipboards with their own wallet addresses by using Python to write a malicious JavaScript extension that loads any time a browser is opened on the machine. https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
Nice to track 🇦🇷#phishers preparing a campaign to target "#BancoCiudad" .. eyes on u👀