Mastodon

Sam Stepanyan :verified: 🐘<a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ivanti</a>: Critical Ivanti Connect Secure <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> Vulnerability CVE-2025-22457 (CVSS score: 9.0) is Actively Exploited by Attackers to Deploy TRAILBLAZE and BRUSHFIRE Malware. Patch now! 👇 <a href="https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html" rel="nofollow noopener" translate="no" target="_blank">https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html</a>

OTX BotDeobfuscating APT28's HTA Trojan: A Deep Dive into VBE Techniques & Multi-Layer ObfuscationThis analysis delves into APT28's cyber espionage campaign targeting Central Asia and Kazakhstan diplomatic relations, focusing on their HTA Trojan. The malware employs advanced obfuscation techniques, including VBE (VBScript Encoded) and multi-layer obfuscation. The investigation uses x32dbg debugging to decode the obfuscated code, revealing a custom map algorithm for character deobfuscation. The process involves decoding strings using embedded characters from Windows vbscript.dll. The analysis identifies the use of Microsoft's Windows Script Encoder (screnc.exe) to create VBE files. By employing various deobfuscation techniques, including a Python script, the final malware sample is extracted and analyzed, showcasing APT28's evolving tactics in cyber espionage.Pulse ID: 67efc6e712b49d46c1423ca9 Pulse Link: <a href="https://otx.alienvault.com/pulse/67efc6e712b49d46c1423ca9" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67efc6e712b49d46c1423ca9</a> Pulse Author: AlienVault Created: 2025-04-04 11:47:51Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a> <a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Asia</a> <a href="https://social.raytec.co/tags/CentralAsia" class="mention hashtag" rel="nofollow noopener" target="_blank">#CentralAsia</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Kazakhstan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kazakhstan</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VBS</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotRussian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing CampaignA Russian-speaking threat actor has launched a new phishing campaign using Cloudflare-branded pages themed around DMCA takedown notices. The attack abuses the ms-search protocol to deliver malicious LNK files disguised as PDFs. Once executed, the malware communicates with a Telegram bot to report the victim's IP address before connecting to Pyramid C2 servers. The campaign leverages Cloudflare Pages and Workers services to host phishing pages, and uses an open directory to store malicious files. The infection chain includes PowerShell and Python scripts, with incremental changes in tactics to evade detection. The actors' infrastructure spans multiple domains and IP addresses, primarily using Cloudflare's network.Pulse ID: 67efc6ed5285702a3440969a Pulse Link: <a href="https://otx.alienvault.com/pulse/67efc6ed5285702a3440969a" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67efc6ed5285702a3440969a</a> Pulse Author: AlienVault Created: 2025-04-04 11:47:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telegram</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotAPT Targets South Korea with Deceptive PDF LuresThe Kimsuky APT group, also known as Black Banshee, has been actively targeting South Korean government entities using evolving tactics. Two distinct campaigns were uncovered, both utilizing government-themed PDF documents as lures. The infection chain begins with a phishing email containing a malicious LNK file attachment, which drops an obfuscated VBA script. This script then deploys additional files, including a PDF and a ZIP containing malicious components. The attacks involve sophisticated techniques such as Base64 encoding, obfuscation, and VM-aware evasion. The malware's functionalities include data exfiltration, cryptocurrency wallet theft, browser data extraction, keylogging, and establishing C2 communication. The campaigns demonstrate the group's continuous efforts to compromise South Korean targets using deceptive tactics and multi-stage malware.Pulse ID: 67efe85af4503af2018d414e Pulse Link: <a href="https://otx.alienvault.com/pulse/67efe85af4503af2018d414e" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67efe85af4503af2018d414e</a> Pulse Author: AlienVault Created: 2025-04-04 14:10:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kimsuky</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#SouthKorea</a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#UK</a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZIP</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotPoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam OperationThe PoisonSeed campaign is targeting enterprise organizations and individuals outside the cryptocurrency industry by phishing CRM and bulk email provider credentials. The attackers export email lists and send bulk spam from compromised accounts, primarily to support cryptocurrency spam operations. The campaign uses a novel cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into copying them into new cryptocurrency wallets for future compromise. While similarities exist with Scattered Spider and CryptoChameleon groups, PoisonSeed is currently classified separately due to unique characteristics. The campaign has targeted companies like Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho, using sophisticated phishing techniques and automated processes to quickly exploit compromised accounts.Pulse ID: 67ef8546d1d9ef9cd8e91906 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ef8546d1d9ef9cd8e91906" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ef8546d1d9ef9cd8e91906</a> Pulse Author: AlienVault Created: 2025-04-04 07:07:50Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Chameleon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chameleon</a> <a href="https://social.raytec.co/tags/CryptoChameleon" class="mention hashtag" rel="nofollow noopener" target="_blank">#CryptoChameleon</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Edge" class="mention hashtag" rel="nofollow noopener" target="_blank">#Edge</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spam</a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotGootloader Returns: Malware Hidden in Google Ads for Legal DocumentsThe Gootloader malware campaign has evolved its tactics, now using Google Ads to target victims seeking legal templates. The threat actor advertises legal documents, primarily agreements, through compromised ad accounts. Users searching for templates are directed to a malicious website where they are prompted to enter their email address. They then receive an email with a link to download a seemingly legitimate document, which is actually a zipped .JS file containing malware. When executed, the malware creates a scheduled task and uses PowerShell to communicate with compromised WordPress blogs. The campaign demonstrates a shift in Gootloader's strategy, moving from poisoned search results to controlled infrastructure for malware delivery.Pulse ID: 67ef0696f2790ccbd23c46a9 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ef0696f2790ccbd23c46a9" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ef0696f2790ccbd23c46a9</a> Pulse Author: AlienVault Created: 2025-04-03 22:07:18Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GootLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#GootLoader</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener" target="_blank">#Troll</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZIP</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotOutlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly EffectiveOUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified XMRig miners, uses IRC for command and control, and includes publicly available scripts for persistence and defense evasion. OUTLAW's infection chain spans nearly the entire MITRE ATT&CK framework, offering many detection opportunities. It propagates in a worm-like manner, using compromised hosts to launch further SSH brute-force attacks on local subnets, rapidly expanding the botnet.Pulse ID: 67ef069f9224aa64d79e6a8e Pulse Link: <a href="https://otx.alienvault.com/pulse/67ef069f9224aa64d79e6a8e" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ef069f9224aa64d79e6a8e</a> Pulse Author: AlienVault Created: 2025-04-03 22:07:27Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> <a href="https://social.raytec.co/tags/Worm" class="mention hashtag" rel="nofollow noopener" target="_blank">#Worm</a> <a href="https://social.raytec.co/tags/XMRigMiner" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMRigMiner</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/botnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#botnet</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotThe Espionage Toolkit: A Closer Look at its Advanced TechniquesEarth Alux, a China-linked APT group, is actively conducting cyberespionage attacks against key sectors in the APAC and Latin American regions. The group exploits vulnerable services in exposed servers to gain initial access and deploys web shells like GODZILLA. Their primary backdoor, VARGEIT, is used alongside COBEACON for various stages of attack. Earth Alux employs advanced techniques such as DLL side-loading, anti-API hooking, and execution guardrails. They utilize tools like RAILLOAD and RAILSETTER for persistence and evasion. The group's capabilities include system information collection, file manipulation, command execution, and tool injection via mspaint processes. Earth Alux targets industries such as government, technology, logistics, and manufacturing, demonstrating a strategic focus on high-value information across different sectors.Pulse ID: 67ea7b3862f607c0d857f9d8 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ea7b3862f607c0d857f9d8" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ea7b3862f607c0d857f9d8</a> Pulse Author: AlienVault Created: 2025-03-31 11:23:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/APAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#APAC</a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberespionage</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/LatinAmerica" class="mention hashtag" rel="nofollow noopener" target="_blank">#LatinAmerica</a> <a href="https://social.raytec.co/tags/Manufacturing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Manufacturing</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Spain" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spain</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotGootloader Uses Google Ads to Spread Malware via Fake DocumentsThe Gootloader malware has resurfaced with enhanced tactics now exploiting Google Search ads to lure unsuspecting users searching for legal document templates such as non-disclosure agreements.Pulse ID: 67ee6d7f6745344b4767fa7f Pulse Link: <a href="https://otx.alienvault.com/pulse/67ee6d7f6745344b4767fa7f" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ee6d7f6745344b4767fa7f</a> Pulse Author: cryptocti Created: 2025-04-03 11:14:07Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GootLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#GootLoader</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/SearchAds" class="mention hashtag" rel="nofollow noopener" target="_blank">#SearchAds</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocti</a>

Wokebloke for DemocracyNot sure if the American Gestapo cares about bad publicity, but here's one detainee story that's getting coverage.<a href="https://www.npr.org/2025/04/02/nx-s1-5341465/jasmine-mooney-canadian-actress-ice-detention" rel="nofollow noopener" translate="no" target="_blank">https://www.npr.org/2025/04/02/nx-s1-5341465/jasmine-mooney-canadian-actress-ice-detention</a> <a href="https://libretooth.gr/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://libretooth.gr/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trump</a> <a href="https://libretooth.gr/tags/Fascism" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fascism</a>

OTX BotAnalysis of Konni RAT: Stealth, Persistence, and Anti-Analysis TechniquesKonni RAT, a sophisticated remote access Trojan targeting Windows systems, employs a multi-stage attack process using batch files, PowerShell scripts, and VBScript. It exploits Windows Explorer limitations, obfuscates file paths, dynamically generates URLs, and uses temporary files to erase activity traces. The malware efficiently exfiltrates critical data to remote servers and maintains persistence through registry modifications. Key tactics include exploiting file extension hiding, the 260-character limit in LNK files, and complex variables for detection evasion. Konni RAT's modular design and advanced strategies present substantial risks to system security, highlighting the need for robust cybersecurity measures and proactive defense strategies.Pulse ID: 67ebfca2fae9b2cbac99f5ae Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfca2fae9b2cbac99f5ae" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ebfca2fae9b2cbac99f5ae</a> Pulse Author: AlienVault Created: 2025-04-01 14:48:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Konni" class="mention hashtag" rel="nofollow noopener" target="_blank">#Konni</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#RemoteAccessTrojan</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VBS</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotRemcos RAT Malware Disguised as Major Carrier's WaybillA sophisticated malware campaign has been discovered, utilizing the Remcos RAT disguised as a shipping company waybill. The attack begins with an email containing an HTML script, which when executed, downloads a JavaScript file. This file creates and downloads several components, including a configuration file, an encoded Remcos binary, a legitimate AutoIt loader, and a malicious AutoIt script. The AutoIt script employs evasion techniques, establishes persistence, decrypts the Remcos binary, and executes shellcode. The shellcode injects Remcos into a legitimate process (RegSvcs.exe) using various API calls. The Remcos RAT, once active, can steal information and execute remote commands based on C2 instructions. The campaign demonstrates the evolving tactics of cybercriminals, emphasizing the need for caution when handling emails from unknown sources.Pulse ID: 67ebfc9f824c09e5b3ce991b Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfc9f824c09e5b3ce991b" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ebfc9f824c09e5b3ce991b</a> Pulse Author: AlienVault Created: 2025-04-01 14:47:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Autoit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Autoit</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/HTML" class="mention hashtag" rel="nofollow noopener" target="_blank">#HTML</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#Java</a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/Remcos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Remcos</a> <a href="https://social.raytec.co/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RemcosRAT</a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShellCode</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotSVG Phishing Malware Being Distributed with Analysis Obstruction FeatureA sophisticated phishing malware using Scalable Vector Graphics (SVG) format has been identified. The malware embeds malicious scripts within SVG files, using Base64 encoding to bypass detection. It employs various techniques to obstruct analysis, including blocking automation tools, preventing specific keyboard shortcuts, disabling right-clicks, and detecting debugging attempts. The malware redirects users to a fake CAPTCHA page, which, when interacted with, leads to further malicious actions, potentially a phishing site impersonating Microsoft login pages. This evolving threat highlights the need for increased user vigilance, especially when dealing with SVG files from unknown sources.Pulse ID: 67ebfca3de542aee8e8fc2ef Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfca3de542aee8e8fc2ef" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ebfca3de542aee8e8fc2ef</a> Pulse Author: AlienVault Created: 2025-04-01 14:48:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CAPTCHA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CAPTCHA</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SVG" class="mention hashtag" rel="nofollow noopener" target="_blank">#SVG</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotEvolution of Sophisticated Phishing Tactics: The QR Code PhenomenonSince late 2024, attackers have employed new tactics in phishing documents containing QR codes. These include concealing final phishing destinations using legitimate websites' redirection mechanisms and adopting Cloudflare Turnstile for user verification. Some phishing sites specifically target credentials of particular victims. QR code phishing, or quishing, embeds phishing URLs into QR codes, enticing recipients to scan them with smartphones. This bypasses traditional security measures and targets personal devices. Attackers use URL redirection, exploit open redirects, and incorporate human verification within redirects to evade detection. The phishing operations typically involve redirection, human verification, and credential harvesting. These evolving tactics challenge both security detection mechanisms and user awareness.Pulse ID: 67ec07e8a8b6f59ba9eabc0d Pulse Link: <a href="https://otx.alienvault.com/pulse/67ec07e8a8b6f59ba9eabc0d" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ec07e8a8b6f59ba9eabc0d</a> Pulse Author: AlienVault Created: 2025-04-01 15:36:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CredentialHarvesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#CredentialHarvesting</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMS</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotAnalysis: SmokeLoader malware distributionA malicious campaign targeting First Ukrainian International Bank has been observed using the Emmenhtal loader to distribute SmokeLoader malware. The infection chain begins with a deceptive email containing a 7z archive, which extracts to reveal a bait PDF and a shortcut file. The shortcut downloads additional files, leading to the execution of PowerShell and Mshta to retrieve the Emmenhtal loader. This loader, disguised as a modified Windows utility, deploys SmokeLoader while maintaining a stealthy execution flow. SmokeLoader, a modular malware, can download additional payloads, steal credentials, and execute remote commands. The campaign demonstrates the evolving tactics of financially motivated threat actors, leveraging LOLBAS techniques and commercial protection tools for obfuscation.Pulse ID: 67eae76c43a650185f3f9970 Pulse Link: <a href="https://otx.alienvault.com/pulse/67eae76c43a650185f3f9970" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67eae76c43a650185f3f9970</a> Pulse Author: AlienVault Created: 2025-03-31 19:05:16Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bank</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#UK</a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukr</a> <a href="https://social.raytec.co/tags/Ukrainian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukrainian</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotNew HijackLoader Evasion TacticsHijackLoader, a malware loader discovered in 2023, has evolved with new modules and evasion tactics. Recent updates include call stack spoofing to mask function call origins, virtual machine detection to identify analysis environments, and persistence establishment via scheduled tasks. The loader now implements anti-VM checks, mutex creation, custom injection paths, and additional modules for various functions. Notable changes include the addition of new blocklisted processes and modifications to module decryption methods. HijackLoader's modular nature and continuous updates suggest ongoing efforts to enhance its anti-detection capabilities and complicate analysis.Pulse ID: 67eae76dad6de69b5a3d9079 Pulse Link: <a href="https://otx.alienvault.com/pulse/67eae76dad6de69b5a3d9079" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67eae76dad6de69b5a3d9079</a> Pulse Author: AlienVault Created: 2025-03-31 19:05:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/HijackLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#HijackLoader</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

CyberWarrior26🗣️ The Latest Buzz About <a href="https://infosec.exchange/tags/OTsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTsecurity</a> Our cyber adversaries are not stopping; nor are we when it comes to protecting <a href="https://infosec.exchange/tags/CriticalInfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#CriticalInfrastructure</a>. We help you keep your fingers on the pulse of the OT cyber world.And for the right solutions, download the Industrial Cyber 2025 Buyers Guide. <a href="https://industrialcyber.co/download/industrial-cybersecurity-buyers-guide-2025/" rel="nofollow noopener" translate="no" target="_blank">https://industrialcyber.co/download/industrial-cybersecurity-buyers-guide-2025/</a>Find us here: <a href="https://blueridgenetworks.com/" rel="nofollow noopener" translate="no" target="_blank">https://blueridgenetworks.com/</a><a href="https://infosec.exchange/tags/CyberCloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCloak</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/AssetManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#AssetManagement</a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkSecurity</a> <a href="https://infosec.exchange/tags/NetworkProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkProtection</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener" target="_blank">#OT</a>#NetworkSegementation <a href="https://infosec.exchange/tags/SecureRemoteAccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecureRemoteAccess</a>

CyberResearcherVA🗣️ The Latest Buzz About <a href="https://mastodon.social/tags/OTsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTsecurity</a> Our cyber adversaries are not stopping; nor are we when it comes to protecting <a href="https://mastodon.social/tags/CriticalInfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#CriticalInfrastructure</a>. We help you keep your fingers on the pulse of the OT cyber world.And for the right solutions, download the Industrial Cyber 2025 Buyers Guide. <a href="https://industrialcyber.co/download/industrial-cybersecurity-buyers-guide-2025/" rel="nofollow noopener" translate="no" target="_blank">https://industrialcyber.co/download/industrial-cybersecurity-buyers-guide-2025/</a>Find us here: <a href="https://blueridgenetworks.com/" rel="nofollow noopener" translate="no" target="_blank">https://blueridgenetworks.com/</a><a href="https://mastodon.social/tags/CyberCloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCloak</a> <a href="https://mastodon.social/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://mastodon.social/tags/AssetManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#AssetManagement</a> <a href="https://mastodon.social/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkSecurity</a> <a href="https://mastodon.social/tags/NetworkProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkProtection</a> <a href="https://mastodon.social/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://mastodon.social/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://mastodon.social/tags/OT" class="mention hashtag" rel="nofollow noopener" target="_blank">#OT</a>#NetworkSegementation <a href="https://mastodon.social/tags/SecureRemoteAccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecureRemoteAccess</a>

OTX BotPulling the Threads on the Phish of Troy HuntA sophisticated phishing attack targeted Troy Hunt, compromising his Mailchimp account. The analysis reveals connections to the Scattered Spider group through domain pivoting. Using Validin's DNS, host response, and registration data, dozens of related domain names were uncovered. The investigation exposed a fake Cloudflare turnstile and bogus registration details. Pivoting on various features led to the discovery of multiple related domains and IP addresses. The attack's tactics strongly resemble those of Scattered Spider, including the reuse of previously used domains. The findings demonstrate the power of Validin's databases for uncovering adversary infrastructure and strengthening threat intelligence.Pulse ID: 67e848f9c64772d54fd7164b Pulse Link: <a href="https://otx.alienvault.com/pulse/67e848f9c64772d54fd7164b" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67e848f9c64772d54fd7164b</a> Pulse Author: AlienVault Created: 2025-03-29 19:24:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

AntoineÐPour une semaine d’événement, un agenda sur NextCloud a été créé et c’est super. Par contre pour en faire une version imprimée c’est moche et peu lisible… Est‑ce que vous connaissez des outils qui convertissent des .ics en un visuel lisible et beau ? <a href="https://kwak.cab/tags/agenda" rel="nofollow noopener" target="_blank">#agenda</a> <a href="https://kwak.cab/tags/calendrier" rel="nofollow noopener" target="_blank">#calendrier</a> <a href="https://kwak.cab/tags/ics" rel="nofollow noopener" target="_blank">#ics</a>

Recent searches

Search options

Administered by:

Server stats:

#ics