Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 870 (854)
⬆️ #Asyncrat 415 (398)
⬆️ #Quasar 395 (329)
⬇️ #Vidar 318 (327)
⬇️ #Lumma 286 (322)
⬆️ #Remcos 273 (212)
⬇️ #Stealc 266 (296)
⬇️ #Gravityrat 241 (302)
⬆️ #Guloader 179 (172)
⬆️ #Smokeloader 155 (144)

Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=081225&utm_content=linktoregister#register

#cybersecurity #Infosec

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 854 (1042)
⬆️ #Asyncrat 398 (381)
⬇️ #Quasar 329 (413)
⬆️ #Vidar 327 (316)
⬇️ #Lumma 322 (370)
⬆️ #Gravityrat 302 (255)
⬆️ #Stealc 299 (251)
⬆️ #Mircop 288 (247)
⬇️ #Remcos 214 (248)
⬆️ #Guloader 172 (168)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=011225&utm_content=linktoregister#register

#Top10Malware

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 1042 (1044)
⬆️ #Quasar 413 (371)
⬇️ #Asyncrat 383 (393)
⬇️ #Lumma 370 (479)
⬇️ #Vidar 316 (370)
⬇️ #Stealc 251 (282)
⬇️ #Remcos 249 (314)
⬆️ #Snake 174 (148)
⬇️ #Agenttesla 170 (192)
⬇️ #Guloader 168 (176)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=241125&utm_content=linktoregister#register

#Top10Malware #cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 1044 (641)
⬆️ #Lumma 479 (476)
⬆️ #Asyncrat 398 (275)
⬇️ #Quasar 371 (390)
⬆️ #Vidar 370 (292)
⬆️ #Remcos 318 (271)
⬆️ #Stealc 282 (174)
⬆️ #Agenttesla 193 (167)
⬆️ #Guloader 176 (171)
⬇️ #Smoke 160 (164)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=171125&utm_content=linktoregister#register

#Top10Malware

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 641 (885)
⬇️ #Lumma 476 (641)
⬇️ #Quasar 390 (554)
⬇️ #Rhadamanthys 296 (463)
⬇️ #Vidar 292 (350)
⬇️ #Asyncrat 278 (368)
⬇️ #Remcos 272 (410)
⬇️ #Snake 181 (346)
⬇️ #Stealc 174 (255)
⬇️ #Guloader 171 (175)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=101125&utm_content=linktoregister#register

#cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 885 (954)
⬆️ #Lumma 641 (448)
⬆️ #Quasar 554 (389)
⬆️ #Rhadamanthys 463 (268)
⬆️ #Remcos 415 (299)
⬆️ #Asyncrat 370 (231)
⬆️ #Dcrat 356 (228)
⬆️ #Vidar 350 (249)
⬆️ #Snake 346 (111)
⬆️ #Agenttesla 323 (116)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=031125&utm_content=linktoregister#register

#cybersecurity

Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 955 (927)
⬆️ #Lumma 448 (429)
⬆️ #Quasar 389 (353)
⬇️ #Remcos 309 (360)
⬆️ #Rhadamanthys 268 (248)
⬇️ #Vidar 249 (293)
⬆️ #Asyncrat 232 (141)
⬇️ #Dcrat 228 (248)
⬆️ #Guloader 185 (169)
⬆️ #Smokeloader 167 (145)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=271025&utm_content=linktoregister#register

#Cybersecurity #infosec

📢 Phishing en Colombie : faux avis judiciaires diffusent AsyncRAT via SVG → HTA/VBS/PowerShell
📝 Selon Seqrite, une campagne de phishing ciblant des utilisateurs en Colombie abuse de faux avis judiciaires en...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-13-phishing-en-colombie-faux-avis-judiciaires-diffusent-asyncrat-via-svg-hta-vbs-powershell/
🌐 source : https://www.seqrite.com/blog/judicial-notification-phish-colombia-svg-asyncrat/
#AsyncRAT #Colombie #Cyberveille

📢 ShinyHunters lance un site d’extorsion après un vol massif de données Salesforce; Red Hat, Discord et un 0‑day Oracle cités
📝 Source et contexte: krebsonsecurit...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-08-shinyhunters-lance-un-site-dextorsion-apres-un-vol-massif-de-donnees-salesforce-red-hat-discord-et-un-0-day-oracle-cites/
🌐 source : https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ASYNCRAT #CVE_2025_61882 #Cyberveille

ShinyHunters Wage Broad Corporate Extortion Spree - A cybercriminal group that used voice phishing attacks to siphon more than a billion reco... https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ #scatteredlapsus$hunters #oraclee-businesssuite #crimsoncollective #neer-do-wellnews #alittlesunshine #charlescarmakal #latestwarnings #thecomingstorm #cve-2025-61882 #austinlarsen #shinyhunters #ransomware #salesforce #salesloft #asyncrat #unc6040 #unc6395

ShinyHunters Wage Broad Corporate Extortion Spree

https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/

#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395

🦠 Malware Analysis
===================

🎯 Threat Intelligence

Executive summary: Exposed command-and-control (C2) panels remain a
high-value reconnaissance target for defenders. Recent tracking
approaches focus on fingerprinting Supershell, HookBot, Chaos RAT,
UnamWebPanel, Metasploit web panels and Mythic deployments using URL
paths, page titles, favicon hashes, repository links and TLS
artifacts.

Technical details:

• Datasets used: httpv2 provides HTTP response bodies and headers;
urlx provides broad URL indexing for reconnaissance; crawler stores
page snapshots, scripts and favicons. These datasets enable pivoting
from a candidate URL to certificates, page artifacts and related
hosts.

• Fingerprints observed: predictable admin/login paths (default paths
and titles), identical favicons across domains, repo/hash references
(for Chaos RAT), and default panel titles (Supershell, UnamWebPanel).
Reused TLS certificates and exposed open directories are common
staging indicators.

Analysis:

• Attack surface: Publicly reachable panels give operators full
situational awareness over victims, credential dumps, wallets and
payload distribution. Trojans like AsyncRAT have been observed behind
trojanized ScreenConnect installers and exposed staging directories
that reveal panel artifacts.

• Correlation value: Matching favicon hashes and identical static
assets is an effective way to cluster infrastructure when X.509 or IP
overlap is insufficient.

Detection:

• Practical queries: search for common admin/login URL path patterns,
compare title strings for known panel names, compute and match favicon
hashes across domains, and query certificate reuse across urlx/httpv2.

• Sample detection approach:

SELECT url FROM httpv2 WHERE title LIKE '%Supershell%' OR path LIKE
'/admin' OR favicon_hash IN (known_hashes);

Mitigation:

• Defensive controls: block or take down exposed panels via abuse
channels, revoke reused certificates, and patch exposed staging
systems. Harden remote access installers (ScreenConnect) and validate
upstream artifacts to prevent trojanization.

References & limitations:

• Evidence-based correlation is effective but contingent on dataset
coverage; absence of a fingerprint is not proof of safety. Attribution
requires further telemetry.

🔹 ThreatIntel #C2 #AsyncRAT #HuntSQL #OSINT

🔗 Source: https://hunt.io/blog/hunting-c2-panels-beginners-guide

📢 HeartCrypt : un packer-as-a-service infiltre des logiciels légitimes pour déployer RAT et voleurs d’identifiants
📝 Selon Sophos (Sophos News), des chercheurs publient une a...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-26-heartcrypt-un-packer-as-a-service-infiltre-des-logiciels-legitimes-pour-deployer-rat-et-voleurs-didentifiants/
🌐 source : https://news.sophos.com/en-us/2025/09/26/heartcrypts-wholesale-impersonation-effort/
#AsyncRAT #DLL_sideloading #Cyberveille

This widely used Remote Monitoring tool is being used to deploy AsyncRAT to steal passwords | TechRadar https://www.techradar.com/pro/security/this-widely-used-remote-monitoring-tool-is-being-used-to-deploy-asyncrat-to-steal-passwords
#cybersecurity #ScreenConnect #AsyncRAT #fileless #malware

Attackers abuse #ConnectWise #ScreenConnect to drop #AsyncRAT
https://securityaffairs.com/182090/malware/attackers-abuse-connectwise-screenconnect-to-drop-asyncrat.html
#securityaffairs #hacking #malware

New investigation reveals attackers used a fileless malware chain via a compromised #ScreenConnect client to deploy AsyncRAT, enabling credential theft, keylogging, and wallet scans.

Read: https://hackread.com/fileless-malware-attack-asyncrat-credential-theft/

#CyberSecurity #AsyncRAT #Malware #CyberAttack #InfoSec

@SarlackLab The same IP also runs #AsyncRAT on TCP 9003

Top 10 last week's threats by uploads 🌐
⬇️ #Lumma 813 (856)
⬇️ #Quasar 478 (497)
⬇️ #Xworm 421 (471)
⬇️ #Agenttesla 345 (515)
⬇️ #Asyncrat 285 (327)
⬇️ #Vidar 264 (302)
⬇️ #Snake 258 (372)
⬇️ #Redline 251 (274)
⬇️ #Dcrat 247 (346)
⬇️ #Amadey 238 (377)

Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=010925

#cybersecurity #infosec

Top 10 last week's threats by uploads 🌐
⬆️ #Lumma 881 (691)
⬆️ #Agenttesla 521 (402)
⬆️ #Quasar 509 (253)
⬆️ #Xworm 476 (384)
⬆️ #Amadey 388 (175)
⬆️ #Mirai 381 (138)
⬆️ #Snake 378 (277)
⬆️ #Dcrat 351 (164)
⬆️ #Asyncrat 346 (233)
⬆️ #Vidar 310 (141)
Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=250825

#cybersecurity #infosec

Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\.com
https://lol-julian-impossible-bermuda.trycloudflare\.com
https://italia-committees-practical-violence.trycloudflare\.com

#asyncrat #purehvnc #quasarrat

jskeywon.duckdns\.org
jbsak.duckdns\.org
jul5050quasae.duckdns\.org
ksj43ts.duckdns\.org