"경찰청과 국가인권위를 사칭한 Konni APT 캠페인 분석" published by Genians. #AutoIt, #Konni, #LNK, #DPRK, #CTI https://www.genians.co.kr/blog/threat_intelligence/konni_disguise

"APT Group - Konni Launches New Attacks on South Korea" published by ThreatBook. #Konni, #AutoIt, #LNK, #DPRK, #CTI https://threatbook.io/blog/APT-Group---Konni-Launches-New-Attacks-on-South-Korea

"Threat Tracking: Analysis of puNK-003’s Lilith RAT ported to AutoIt Script" published by S2W. #LINKON, #AutoIt, #puNK-003, #CURKON, #LNK, #LilithRAT, #DPRK, #CTI https://medium.com/s2wblog/threat-tracking-analysis-of-punk-003s-lilith-rat-ported-to-autoit-script-30dd59e68213

"AutoIt 활용 방어 회피 전술의 코니 APT 캠페인 분석" published by Genians. #AutoIt, #LNK, #Konni, #CTI, #OSINT, #LAZARUS https://www.genians.co.kr/blog/threat_intelligence/autoit

Und jetzt die Preisfrage:
Wieso um alles in der Welt habe ich für den ganzen Mist "AutoIT" verwendet, welches ich für ein super tool halte aber für diesen Task eigendlich das falsche Werkzeug?

Aus dem wichtigsten Grund der Toolauswahl: Ich kann damit umgehen.

9/9

#programmieren #AutoIT #VM #storytime

"Konni组织针对虚拟货币行业投递AutoIt恶意软件" published by Qianxin. #AutoIt, #LNK, #Konni, #CTI, #OSINT, #LAZARUS https://zhuanlan.zhihu.com/p/689051421

"DarkGate Malware Unleashed: A New Threat in the Cybersecurity Arena 🚨"

The Splunk Threat Research Team has recently conducted an in-depth analysis of DarkGate malware, uncovering its utilization of the AutoIt scripting language for malicious purposes. This malware is notorious for its sophisticated evasion techniques and persistence, posing a significant threat. DarkGate employs multi-stage payloads and leverages obfuscated AutoIt scripts, making it difficult to detect through traditional methods. It is capable of exfiltrating sensitive data and establishing command-and-control communications, underscoring the need for vigilant detection strategies.

The key tactics and techniques of DarkGate include keylogging, remote connections, registry persistence, browser information theft, and C2 communication. One of its attack vectors involves the use of malicious PDF files that trigger the download of a .MSI file containing the DarkGate payload, demonstrating the complex strategies employed by adversaries.

For threat emulation and testing, the team recommends employing an Atomic Test focused on AutoIt3 execution (as per the MITRE ATT&CK technique T1059). Security teams are advised to concentrate on endpoint telemetry sources such as Process Execution & Command Line Logging, Windows Security Event Logs, and PowerShell Script Block Logging for effective detection.

Special commendations to authors Teoderick Contreras and Michael Haag, and the entire Splunk Threat Research Team, for their comprehensive analysis.

Tags: #DarkGate #AutoIt #MalwareAnalysis #CyberSecurity #ThreatIntelligence #MITREATTACK #InfoSecCommunity #SplunkResearch

Blog Splunk Threat Research Team

"Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey)" published by Ahnlab. #AutoIt, #RftRAT, #Kimsuky, #Amadey, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/59590/

"AutoIt을 사용해 악성코드를 제작하는 Kimsuky 그룹 (RftRAT, Amadey)" published by Ahnlab. #Kimsuky, #RftRAT, #AutoIt, #Amadey, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/ko/59460/

💡 #TIL there's another effort going on to bring inglorious

#AutoHotkey to 🐧 GNU/‬#Linux!
(#X11, that is.)

Meet #AHK_X11 🥳

🌐 https://github.com/phil294/AHK_X11
📖 https://phil294.github.io/AHK_X11

☝️ Caveat: It only supports legacy #AHK 1.1 syntax and does not aim for 100% feature parity/compatibility, but should enable you to use most of your #hotkeys and #hotstrings #crossplattform! (Sync on your own).

#scripting #automation #DesktopAutomation #KeyboardWarriors #xdotool #gtk #AutoIt #AutoKey #AlternativeTo

@nixCraft I was 14 and I was trying to make a program to backup my Minecraft world saves 😅

Before that I had unsuccessfully attempted to learn #python, it never clicked to me. Everyone said that the syntax was easy but it wasn't easy for me.

What did click with me was Windows Shell Script, a.k.a Batch!

I felt very powerful when I started writing my little batch scripts. Soon after I discovered an obscure language called #AutoIt which I loved! I still use it to this day, professionally too.

@craigmaloney

Use #Autohotkey / #Autoit ans make em yourself ...

Well, here goes: #introduction

It started with Apple IIs and Oregon Trail in the late 80s, and in middle school they had a lab full of them and we drew stuff with LOGO and saved our work on the old 5 inch floppies. Was addicted to Hover when it came out. Finally we had a family computer and got dialup, and I was home alone when I experienced my first malware infection, and not wanting to get in trouble, I learned really fast what the command line and the registry were, and I had it all cleaned up with no trace by the time anyone else got home. I'd spend hours tinkering with this or that, or fixing things that went wrong.

Discovered AI/chatbots and built a couple using the Personality Forge, and for a while they were the most advanced chatbots on the site. I'd work on their programming with a Palm IIe and a folding keyboard, while away from my desk, and then I'd 'hotsync' my notes and upload changes via dialup, those were the days! "Get off the computer I need to make a phone call" lol

My interests were anything tech. It went from being an interest to being a professional endeavor when I started doing flash dev and website work for a travel directory site in PV, Mexico, while I was living there, and when I returned to the states I worked for a small ISP doing #WIMAX installs using Motorola Canopy gear, along with whatever malware removal, hardware fixes, repairs, reinstalls, whatever, all manner of PC stuff.

Moved to TX, worked for another ISP down there doing the same thing, involved using slightly older tech gear, and this was around the time malware infections were starting to really plague even smaller businesses, and I started to focus on #infosec and #security, and then they bought a webhosting company and I switched back to website work, updating sites that had been built using... html tables and sketchy code that was often missing tags. Wrote repair articles for #Technibble for a while, then started out on my own, specializing in anything tech, from #networking #troubleshooting #ComputerRepair #programming small stuff using batch scripts, #AutoIT, (am I supposed to tag this stuff? I'm new to this here) and started up my own #webhosting company where I could pick and choose what platforms to use, free reign to give customers the best bang for their buck, and #WordPress was simple enough to get them into, make something that fit the need, and then hand the reins over to them for most of the content changes in the future unless something went terribly wrong.

Worked in retail electronics and got some experience with mobile tech, helped customers with analog phones transfer their stuff to new phones, activation, etc, meanwhile discovering Android, which led to #root discovery and fascination with #CustomRom stuff, which led to #AppDev for a customer using Android and iOS, but I only dabble in that sector.

Returned to WA and helped with a non-tech family business, but the lack of a #CRM that did what I wanted led me to build custom functionality onto an existing CRM using the ol' #php, and then built a custom #IoT system using #micropython for a customer, #ESP32 (love these things) etc, and then the pandemic happened and I went straight into #python and wanted to use #django but the workflow wasn't to my liking, so I took a step back and followed a friend's advice to get more into #javascript which I'm absolutely loving, with a focus on #NodeJS.

My main line of work at the moment is something I'd probably have to add a disclaimer for, so instead I'll just say that it's really fun and keeps me active, and involves tech to a degree, possibly primarily because I prefer to leverage tech solutions wherever possible to save time, money, and 'decision fatigue' to spend that instead on refreshing old skills and learning new ones.

I type really fast, which unfortunately leads to me writing entire novels inside emails (heh) and I also forget a lot of the stuff I've done because I switch focus depending on what solutions are needed, so for a TL;DR:

I'm a nerd who loves anything even lightly tech or security related, sort of a jack of all trades #technologist: If someone has a problem or a tech need, I either find an affordable/free solution or build it. If I need to learn it to build it, no worries, just adds a little time to the project.

I love this #Mastodon thing and look forward to all the awesome stuff I've been seeing here, wishing I had more to share in return. Thank you @jerry!

OK, apparently ShellExecuteWait in #autoIT at least works in interactive mode.

Hi #FOSS !

I just discovered that most modern deployment tools can be used for deploying scripts on #Windows, notably #AutoIT scripts.

I any of them better at that task ?

#jenkins #puppet #ansible #salt #chef

Anyone using #AutoIT here ?

Is there a way to have the autoIT extension for #Scite in #Debian ?

Threat Roundup for February 14 to February 21 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 ... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/4J1oPdwQFdU/threat-roundup-0214-0221.html #vulnerabilities #threatroundup #ciscotalos #generickdz #gandcrab #malware #autoit #nymaim #qakbot #remcos #tofsee #mikey #talos #razy

Loda RAT Grows Up - By Chris Neal.Over the past several months, Cisco Talos has observed a malware campaign that utilize... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/FP1Tfj2Deww/loda-rat-grows-up.html #credentialstealer #threatresearch #malware #autoit #rats #rat

Custom dropper hide and seek - Executive summaryMost users assume they are safe when surfing the web on a daily basis. But informat... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/PUK1ri82T6Q/custom-dropper-hide-and-seek.html #malwareanalysis #agenttesla #dropper #lokibot #malware #autoit #arj #rc4