Mastodawn

Luc4m Mar 27, 2023

🚨New blog post out! 🚨

Analysis of the latest #NullMixer attack wave uncovered Italy and France as top targets in Europe. Over 8k endpoints hit, including IoT. Also, new polymorphic loaders and controversial code were found.

Link:
https://medium.com/@lcam/updates-from-the-maas-new-threats-delivered-through-nullmixer-d45defc260d1

Updates from the MaaS: new threats delivered through NullMixer

During March 2023, we obtained information and data regarding an ongoing malware operation hitting more than 8.000 targets within a few weeks, with a particular emphasis on North American, Italian…

Medium

Luc4m Mar 13, 2023

New blog post out: technical analysis of some tools in the #Makop #ransomware arsenal.

They have not retooled since 2020.. and still be able to successfully attack companies.

https://medium.com/@lcam/makop-the-toolkit-of-a-criminal-gang-53cd44563c11

Makop: The Toolkit of a Criminal Gang - L M - Medium

The Makop ransomware operators started their infamous criminal business in 2020 leveraging a new variant of the notorious Phobos ransomware. During the last years, the gang maintained a solid…

Medium

Luc4m Feb 19, 2023

Interesting payload protected with #Espio #redteam (asas.exe)

#shellcode extracted:
#⃣97319fc83dfed8015ded37bc8069dfe8

Elevator.exe is a UAC bypass tool written in rust.

shellcode: https://pastebin.com/AvbeENgM
and epsio decryption utility:
https://gist.github.com/luca-m/212395d4fa721826106343416b0edd64

H/T:
@r3dbU7z -> https://twitter.com/r3dbU7z/status/1627205584108896256