'NVUnityPlugin.dll' seen from Pakistan: 09d152aa2b6261e3b0a1d1c19fa8032f215932186829cfcca954cc5e84a6cc38
C2 domain: www.mingeloem[.]com - Namecheap.com registered...
Shadow Chaser Group Jazi

Due to some reasons, I will deactivate all activities related to crazyman_army from now on. Please follow the new account crazyman

At the same time, all information about crazyman_army will be invalid

#Patchwork #APT
Password to open pdfs.txt.lnk
dfb97438f0ec94e78a2a1e3d32bc11d5
ruz98.b-cdn[.]net/pass (decoy)
cbc2a1b89136e3d7bb00eee6eb777fbb
ruz98.b-cdn[.]net/22 (Winver.exe)
13dcd6f1fd44f7f15651153167b646cc
Backdoor written in Go, signed with valid certificate 👀

Today our researcher found an sample which maybe belongs to #Konni #APT group
ITW:
ZIP:8e7bd31ba55449c888d3b013612f539a
LNK:655893b1641565f8ea04da4d74116b8a
(첨부1_성명_개인정보수집이용동의서.docx.lnk)
C2:
hxxp://stuckss.com/upload.php
hxxp://stuckss.com/list.php

#SideWinder #WhisperGate > Pakistan 🇵🇰

🦠6509a51daf061b40fef419d641ea73ed (BenevolentFundAndGroupInsurance.pdf)

Connects to
https://finance-gov-pk.rf[.]gd/BenevolentFundAndGroupInsurance to download a zip file 2ce216e4c430e4445c7e9682493e3a27 (BenevolentFundAndGroupInsurance)

#Lazarus

#APT28 seems to have used #SmartScreen Zero-Day[CVE-2024-21412]
http[:]//194.126.178[.][email protected]/webdav/Python39/Client.py

I'm looking for some work opportunities with basic reverse (malware analysis) and some forensic knowledge. Have experience in malware tracking. The account is Shadow Chaser Group . Welcome to DM me and email of [email protected]. I'd be happy to work for you.

Exciting News!

The first CTF R3CTF/YUANHENGCTF 2024 organised by r3kapig will be held this year from 5.18-20.

We will provide more information as the game approaches.

CTFtime link: ctftime.org/event/2273

Discord: discord.gg/zU64ekBsgA

We are organising a conference on 26th - 27th June 2024
Attention Speakers: Our 2024 Call for Papers is now open! #OffByOne2024 ? Learn all about it:
offbyone.sg/cfp/

Nice Hunt MalwareHunterTeam
I guess the backdoor is here -> pycryptoenv\__init__.py -> crypt() func. So i guess the actor will first install this backdoor python module and drop some script to run it.But it's really weriod.And seems we won't know the key.

The biggest leaks of 2024

Introducing Sora, our text-to-video model.

Sora can create videos of up to 60 seconds featuring highly detailed scenes, complex camera motion, and multiple characters with vibrant emotions.

openai.com/sora

Prompt: “Beautiful, snowy…

Another sample part of this campagin: #SugarGh0st RAT
852aa98d908fe1e09f985cd403fcf9a5
Presentation HAZARASP FEZ (eng) (1) .lnk

9d2ec11446e0cb5c9ae35575a5eb2031
~46727395.js

account.drive-google-com[.]tk

twitter.com/h2jazi/status/…

One of our members has written a cool online assembly and disassembly tool that can handle most architectures. You are welcome to use it. If you have any needs and related feedback, please contact us in time.

Checkout this new tool I’ve built: It compiles GNU/binutils to WASM for fast, realtime (dis)assembly in the browser. Targeting multiple architectures (see image), works similarly to PwnTools’ asm functions. Try it out at binutils-wasm.vercel.app. Feedback & bug reports welcome.

Hello potential sponsors, we currently need some funds to support our trip to DiceCTF 2024 final. Of course if you are interested please contact [email protected]. We will provide more information. Welcome to mail!

Fresh #DarkPink sample
'Proposed_Concept_Note_on_the_AOIP-based_Comprehensive_Regional_Architecture.zip'
virustotal.com/gui/file/5c4f8…

side-loads via wwlib.dll

#APT28 phishing:

8d6a24eac7a90860edaf6721856ff11ce0cff9dd3dc9c2b546a3fdf9d15be4ed
report.html

a5418213e34f81913726f19cdeefa8d9e3d425a8786eda086e56faacea1372ae
ukrNet .html

202.55.80.225

#북한 #NorthKorea #APT37

genians.co.kr/blog/webinar-a…

485AF6EA63BBEC8AE02F8A6184CAE96F
300FB8E4294E902EFE736E42EA262266
2304183C6738E42BA89FC29F881B0684
4825FC554F9565AD356501293363C901