Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
grep_security
head of security research • threat research • threat Intelligence • threat hunting • supply-chain security & random stuff
Maximizing Threat Detections of Qakbot with #Osquery
IcedID Malware: Traversing Through its Various Incarnations
grep_security boosted:
We're excited to welcome @loginsoft to the Tidal Product Registry! You can now explore their System-41 analytics to detect potential cyber threats in the Tidal Community Edition, and add them to your matrix to check coverage against specific threat actors or groups. Be sure to check them out!
#tidalproductregistry #threatinformeddefense #threatintel #cybersecurity
@HcInfosec Mural seems a commercial product but freemium version serves my purpose. Cool thing is that, they offer tagging and searching features
Hey all, here I created a quick map of resources if you're interested in hunting/tracking
threat actors or malware. You can learn different techniques employed by researchers in our community.
I am not keeping this list to just infostealers, will keep updating with more.
I am using Mural for mindmap which has cool features like search & tagging..
#threatintel #infosec #cybersecurity #malware #threathunting
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
Decrypted: BianLian Ransomware
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/
Breaking the silence - Recent Truebot activity
https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/
A Variant Of CIA’s HIVE Attack Kit Emerges
https://blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/
This is beyond the Threat Attribution..! Great Post
Detecting malicious artifacts using an ETW consumer in kernel mode
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/
Kasablanka #APT Group Probably Conducted Compaigns Targeting Russia
https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/
@rmceoin This is interesting, took some time to investigate. I feel this is an Ad campaign, not a malware campaign. These domains behaves differently on each time you browse. I have observed these redirecting to mcafee, Opera GX products and some lame hentai-porn. On the last run, it redirected to chrome extension market place to download an extension which I could not find it on google neither on CRXcavator. Thought to analyze the extension for crown jewels
here's the analysis, take a look at recording.
https://tria.ge/230108-nyx8xade24/behavioral1
I think it redirects to google.com if there's no referrer header
https://urlscan.io/result/b99cf01d-a7ec-4fee-94b9-62c7b8700929/
here's crxcavator giving 404. This is important because they scan the marketplace very frequently and maintain historical data. So logically, I should find this extension if it exists.
https://crxcavator.io/report/ifidkgmkpihooaknfaapgkejcgcbniek/
anyone else from #infosec can shed some light :flan_shrug:
BitRAT Now Sharing Sensitive Bank Data as a Lure
Detecting Unconstrained Delegation Exposures in AD Environment
https://www.sentinelone.com/blog/detecting-unconstrained-delegation-exposures-in-ad-environment/
Security Support Provider (SSP) for Credential Dumping
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst