🚨 Beware of Pikabot #malware ! This sneaky loader malware appeared in 2023 and keeps evolving. Now in its latest version as of February 2024, #Pikabot poses a serious threat with anti-analysis features and flexible capabilities.

Learn more 👇
any.run/malware-trends…

I have #decryption keys for these IDs (private keys) of the corporate version of #Mallox
github.com/rivitna/Malwar…

#TA577 - #AiTM - Credential Harvesting via .pdf

File names:
VOLUPTASW.pdf
ODITMY.pdf
EXPEDITAVO.pdf

Example domain:
https://loginmlcrosoftonline.]wobilya.]info

(1/2)👇IOC's continued

Spotted #phorpiex in #italy 🇮🇹- 'Your Document'

EML>.zip(psw protected)>.lnk>windrv.exe>winsvc.exe

🔗staging
p://twizt,net/spl.exe

CloudFlare mi ha informato che il mio progetto Phishing Army è stato oscurato dalla piattaforma anti pirateria #PiracyShield !

#PhishingArmy è un progetto che mensilmente protegge 500mila utenti dal #phishing !

Per interessi privati, #calcio , mettiamo a repentaglio gli utenti! 🤦‍♂️

#AsukaStealer or a “rebrand” of #ObserverStealer

Thank you for the opportunity to contribute to your blog, ANY.RUN

I have updated #Mallox #Ransomware #decryptor .
The decryptor doesn't support the latest version of Mallox.
github.com/rivitna/Malwar…
password: noransom

🤡

🇮🇹 #BaladaInjector sfrutta vulnerabilità conosciuta nel plugin #PopupBuilder di #WordPress compromettendo oltre 3K siti.

👉 Tra questi, sono stati identificati domini italiani coinvolti in questa campagna

ℹ️ #IoC e approfondimenti 👇

🔗 cert-agid.gov.it/news/balada-in…

2024-03-06 (Wednesday): #Pikabot infection led to #Meduza Stealer ( #Meduza Stealer). Indicators and further info available at bit.ly/4c865DG

#TimelyThreatIntel #Unit42ThreatIntel #InfectionTraffic #Wireshark #MalwareAnalysis

#Pikabot #Malware 06.03.24

🔥IoC List: pastebin.com/H0zap0mv

⚙️analysis: app.any.run/tasks/23d5e351…

#infosec #CyberSec

👇
x.com/Tac_Mangusta/s…

#Pikabot #TA577 malspam spotted in #Italy 🇮🇹

EML(Thread Hijacking)>.iso>.exe>cmd.exe curl>.png (.dll)>ctfmon.exe -p 1234

Trend Micro, Inc.

🔗Staging
s://yourunitedlaws,com/mrD/8372

Fault Injection (FI) and Side-Channel (SC) attacks targeting ESP32 SoC eFUSE encryption keys extraction
Great research work by Ledger Donjon

eprint.iacr.org/2023/090.pdf

#espressif #cybersecurity

⚠️ Please beware of a new threat ⚠️

We have observed a mass attack on users between February 23, 2024, and the present moment.

⚙️ Treat Details:

- The initial vector is an email with a ZIP attachment and the question, 'I sent a material your side last day, have you able to get…

🚨 On February 26th and 27th Telekom Security and Bayern-CERT observed threat actor #TA577 phishing campaigns. This time the actor is not spreading malware, but apparently uses NTLMv2 handshakes to steal user credentials/hashes. 🧵1/7

ThreatLabz has observed new #Lockbit ransomware attacks following the law enforcement takedown operation last week.

The latest ransom note can be found in our GitHub repo: github.com/threatlabz/ran…

⚠️TA577 starts spreading #Pikabot #malware

eml>.zip>.html(link)

html files with 0 detections on Virustotal and decoy latin words
🔥staging ip:
204.44.125.68
103.124.104.76
103.124.104.22
66.63.188.19
104.129.20.167

#infosecurity #CyberAttack

#Pikabot malspam spotted in #Italy 🇮🇹

Back to 'classic' TTPs

EML(Thread Hijacked with modified stolen old conv)>.zip>.js (curl)>.dat>.exe>ctfmon.exe

🔥 #Pikabot #malware by #TA577 current wave hits #italy 🇮🇹 with updated TTPs
email>url(samba share)>.zip >.exe> ctfmon.exe -p 1234

🌎SMBs:
funredblog,com
introwebllc,com
vendercompany,com
allterra24,com

⚙️run: app.any.run/tasks/c4299ace…

#infosecurity #CyberSecurity #cyberattacks