#MalwareChallenge
How much #malware do you see distributed via #OneNote files?

bazaar.abuse.ch/sample/b13c979…

#Remcos RAT

#MalwareChallenge
Can you spot the 'evil' URLs here? (1)
#onedrive

Btw, these URLs (2, 3) are all from the same samples...

urlhaus.abuse.ch/browse.php?sea…

#RemcosRAT
#Xworm
#AsyncRAT
#AgentTesla
#FormBook

Possibly related to #DESKTOPgroup (?)

#MalwareChallenge 👇👇
Andrea De Pasquale
Cryptolaemus
ExecuteMalware
hazmalware
James
JAMESWT
Joe Roosen
James Quinn
lc4m
MalwareHunterTeam
Microsoft Threat Intelligence
John Lambert
neonprimetime
ps66uk
Racco42
Nilanjana
Hugo Rifflet
Hash Miser

#MalwareChallenge
A cry for HELP for once 😳

I want to know if there was #malware linked from this #phishing site?

What's the URL behind 🟥 'confirmer le paiement'?

What would have been downloaded?

The page may be offline now...
This is all I have: ☹️
urlscan.io/result/3fae5d7…

#MalwareChallenge
Possibly interesting VBS #malware sample?

Not sure if this is right...

#GuLoader (?) -> #TelegramRAT (?)
(or other malware using Telegram?)

See my comments on Bazaar:
➡️ bazaar.abuse.ch/sample/ed2e4f1…

not really a #MalwareChallenge 😜
Andrea De Pasquale
Cryptolaemus
ExecuteMalware
hazmalware
James
JAMESWT
Joe Roosen
James Quinn
lc4m
MalwareHunterTeam
Microsoft Threat Intelligence
John Lambert
neonprimetime
ps66uk
Racco42
Nilanjana
Hugo Rifflet
Hash Miser

RussianPanda 🐼 🇺🇦 karttoon I can relate to that, although blog posts are not part of dayjob 🙄

More Twitter threads instead 😉

Using a unique tag #MalwareChallenge

And point out missings in other blogs

E.g.

TomU | I'm still here... til the end 🕊️🇨🇭 Hey Tom, I would like to be tagged in these #MalwareChallenge tweets to stay up to date with the current threat landscape. Thanks !

#MalwareChallenge
Reversing a Turla Mosquito Implant discovered by ESET
ad316b68bd05e165eb4dc3758a452043

Amit Malviya (मोदी का परिवार) There is someone who has not done a single press conference in 6 years.
Can you identify the person?
#malwarechallenge