Mangusta(@Tac_Mangusta) 's Twitter Profile Photo
Mangusta
@Tac_Mangusta

3 months ago

malspam spotted in 🇮🇹

EML>.pdf>url>.zip>.js>notepad.exe

🔗s://diretkontakt,com/Quote-Services

#Wikiloader #TA544 malspam spotted in #Italy 🇮🇹 EML>.pdf>url>.zip>.js>notepad.exe 🔗s://diretkontakt,com/Quote-Services
account_circle
Cryptolaemus(@Cryptolaemus1) 's Twitter Profile Photo
Cryptolaemus
@Cryptolaemus1

3 days ago

- - .pdf > url > .zip > .js > .js > .dll

wscript.exe Invoice-808.js

wscript.exe sso.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

(1/3)👇

IOC's
github.com/pr0xylife/Wiki…

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll wscript.exe Invoice-808.js wscript.exe sso.js C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇 \npp.8.6.3.portable.x64\plugins\mimeTools.dll (1/3)👇 IOC's github.com/pr0xylife/Wiki…
account_circle
Tommy M (TheAnalyst)(@ffforward) 's Twitter Profile Photo
Tommy M (TheAnalyst)
@ffforward

5 months ago

back using after using briefly last week. Unique page,link URLs redir to .url file with file://.zip/.vhd SMB target abusing CVE-2023-36025 so it will mount the VHD by just opening the .URL. Exe using w. local payload. cc Will Dormann

#TA544 back using #Remcos after using #SystemBC briefly last week. Unique page,link URLs redir to .url file with file://.zip/.vhd SMB target abusing CVE-2023-36025 so it will mount the VHD by just opening the .URL. Exe using #DOILoader #IDATLoader w. local payload. cc @wdormann
account_circle
Ptrace Security GmbH(@ptracesecurity) 's Twitter Profile Photo
Ptrace Security GmbH
@ptracesecurity

4 months ago

innovation in cyber intrusions the evolution of ta544 yoroi.company/en/research/in…

innovation in cyber intrusions the evolution of ta544 yoroi.company/en/research/in… #pentesting #cybersecurity #Infosec
account_circle
Patrice Duhazé(@PDuhaze) 's Twitter Profile Photo
Patrice Duhazé
@PDuhaze

4 months ago

TA544, aka Bamboo Spider or Zeus Panda, spreads WailingCrab via delivery-themed emails. This sophisticated malware infiltrates systems, prioritizing stealth to resist analysis efforts. Learn more about this threat in our report. okt.to/E3otsY

TA544, aka Bamboo Spider or Zeus Panda, spreads WailingCrab via delivery-themed emails. This sophisticated malware infiltrates systems, prioritizing stealth to resist analysis efforts. Learn more about this threat in our #ThreatAdvisoryTuesday report. okt.to/E3otsY
account_circle
Richard S.(@Richard_S81) 's Twitter Profile Photo
Richard S.
@Richard_S81

2 years ago


TA544 group behind a spike in Ursnif malware campaigns targeting Italy.
proofpoint.com/us/blog/securi…

#Hacking #Ursnif #Malware #Vulnerability #Cyberespionage #CyberCrime #CyberAttack #CyberSecurity TA544 group behind a spike in Ursnif malware campaigns targeting Italy. proofpoint.com/us/blog/securi…
account_circle
Zadig ♉︎🪽(@KamalZiadah) 's Twitter Profile Photo
Zadig ♉︎🪽
@KamalZiadah

3 years ago

Autograph and manuscript notes from Library of Virginia’s copy of: Leybourn, William, 1626-1716. The compleat surveyor, or, The whole art of surveying of land. London : Printed for S. Ballard, 1722

TA544 .L68 1722

Autograph and manuscript notes from Library of Virginia’s copy of: Leybourn, William, 1626-1716. The compleat surveyor, or, The whole art of surveying of land. London : Printed for S. Ballard, 1722 TA544 .L68 1722
account_circle
Cryptolaemus(@Cryptolaemus1) 's Twitter Profile Photo
Cryptolaemus
@Cryptolaemus1

2 weeks ago

- - .pdf > url > .zip > .js > .js > .dll

wscript Invoice_818493.js

wscript out.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

(1/3) 👇

IOC's
github.com/pr0xylife/Wiki…

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll wscript Invoice_818493.js wscript out.js C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇 \npp.8.6.3.portable.x64\plugins\mimeTools.dll (1/3) 👇 IOC's github.com/pr0xylife/Wiki…
account_circle
CSIRT Financiero Asobancaria(@CSIRTFinanciero) 's Twitter Profile Photo
CSIRT Financiero Asobancaria
@CSIRTFinanciero

6 months ago

🔎 Se ha observado un nuevo downloader denominado WikiLoader que ha sido detectado en varias campañas dirigidas específicamente a organizaciones financieras en Italia. Este está relacionado con el actor de amenaza (TA) conocido como TA544.
👉 Más info: csirtasobancaria.com/sala-de-prensa…

account_circle
Threat Insight(@threatinsight) 's Twitter Profile Photo
Threat Insight
@threatinsight

2 months ago

back in email threat data? You botcha. On 14 Feb, TA544 targeted Italian organizations using Agenzia delle Entrate lures to distribute Google Firebase PageLink URLs.

#DanaBot back in email threat data? You botcha. On 14 Feb, TA544 targeted Italian organizations using Agenzia delle Entrate lures to distribute Google Firebase PageLink URLs.
account_circle
JAMESWT(@JAMESWT_MHT) 's Twitter Profile Photo
JAMESWT
@JAMESWT_MHT

1 month ago

Too in -

'Invoice Reminder: Your payment to Allen&Overy LLP '
EML>PDF>url>zip>js>js>dll

⚠️zip Url
https[:]//infplaute[.]com/international-commercial

❇️Samples
bazaar.abuse.ch/browse/tag/Wik…

Too in #italy #WikiLoader - #TA544 #quickbooks 'Invoice Reminder: Your payment to Allen&Overy LLP ' EML>PDF>url>zip>js>js>dll ⚠️zip Url https[:]//infplaute[.]com/international-commercial ❇️Samples bazaar.abuse.ch/browse/tag/Wik…
account_circle
MalwarePotato(@MalwarePotato) 's Twitter Profile Photo
MalwarePotato
@MalwarePotato

1 year ago

☢️ 🇮🇹

Subject: Emissione bolletta PEC

xls: 109d15a7d33e671ded911d97bc4a15ab
url (503): dooxil[.]com

Enel Energia Clienti Enel Group

☢️#TA544 #phishing #Italy 🇮🇹 Subject: Emissione bolletta PEC xls: 109d15a7d33e671ded911d97bc4a15ab url (503): dooxil[.]com @EnelEnergiaHelp @EnelGroupIT
account_circle
Cryptolaemus(@Cryptolaemus1) 's Twitter Profile Photo
Cryptolaemus
@Cryptolaemus1

1 month ago

- - .pdf > url > .zip > .js > .js > .dll

wscript Inv_03_20_2024.js

wscript confidential-legal.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

IOC's
github.com/pr0xylife/Wiki…

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll wscript Inv_03_20_2024.js wscript confidential-legal.js C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇 \npp.8.6.3.portable.x64\plugins\mimeTools.dll IOC's github.com/pr0xylife/Wiki…
account_circle
Cert AgID(@AgidCert) 's Twitter Profile Photo
Cert AgID
@AgidCert

2 months ago

🇮🇹 Il gruppo cambia ancora strategia sfruttando il malware

⚠️ La lista individuata comprende gli URL di 20 banche italiane. Si tratta di un modulo in grado di modificare dinamicamente il contenuto delle pagine iniettando codice JS.

🔗 cert-agid.gov.it/news/il-gruppo…

🇮🇹 Il gruppo #TA544 cambia ancora strategia sfruttando il malware #Danabot ⚠️ La lista individuata comprende gli URL di 20 banche italiane. Si tratta di un modulo in grado di modificare dinamicamente il contenuto delle pagine iniettando codice JS. 🔗 cert-agid.gov.it/news/il-gruppo…
account_circle
Michael R(@nahamike01) 's Twitter Profile Photo
Michael R
@nahamike01

4 years ago

Continuing to learn different libraries in Python, I wanted to create a scatter plot of different domain names attrib'd to . A lot of work left to clean it up, but it always feels good when you see the end product of something you created.

Continuing to learn different libraries in Python, I wanted to create a scatter plot of different domain names attrib'd to #TA544. A lot of work left to clean it up, but it always feels good when you see the end product of something you created.
account_circle
SicurezzaInformatica(@SicurezzaICT) 's Twitter Profile Photo
SicurezzaInformatica
@SicurezzaICT

2 years ago

TA544 group behind a spike in Ursnif malware campaigns targeting Italy dlvr.it/S8rkGs

TA544 group behind a spike in Ursnif malware campaigns targeting Italy dlvr.it/S8rkGs
account_circle
Cert AgID(@AgidCert) 's Twitter Profile Photo
Cert AgID
@AgidCert

2 months ago

Sintesi riepilogativa delle campagne malevole nella settimana del 10 - 16 Febbraio 2024

➡️ Attacchi a device con e
➡️ > e
➡️ con XLS e

💣 276
🦠 9
🐟 8

🔗 cert-agid.gov.it/news/sintesi-r…

Sintesi riepilogativa delle campagne malevole nella settimana del 10 - 16 Febbraio 2024 ➡️ Attacchi a device #Android con #SpyNote e #IRATA ➡️ #TA544 > #Danabot e #AgenziaEntrate ➡️ #Pikabot con XLS e #SMB 💣 #IoC 276 🦠 #Malware 9 🐟 #Phishing 8 🔗 cert-agid.gov.it/news/sintesi-r…
account_circle
Tata Communications(@tata_comm) 's Twitter Profile Photo
Tata Communications
@tata_comm

4 months ago

TA544, aka Bamboo Spider or Zeus Panda, spreads WailingCrab via delivery-themed emails. This sophisticated malware infiltrates systems, prioritizing stealth to resist analysis efforts. Learn more about this threat in our report. okt.to/PjNphF

TA544, aka Bamboo Spider or Zeus Panda, spreads WailingCrab via delivery-themed emails. This sophisticated malware infiltrates systems, prioritizing stealth to resist analysis efforts. Learn more about this threat in our #ThreatAdvisoryTuesday report. okt.to/PjNphF
account_circle
Siber Muhbir - Teknoloji Dünyasının Muhbiri(@MuhbirSiber) 's Twitter Profile Photo
Siber Muhbir - Teknoloji Dünyasının Muhbiri
@MuhbirSiber

2 weeks ago

HijackLoader Gelişiyor: Araştırmacılar En Son Kaçınma Yöntemlerinin Kodunu Çözüyor

sibermuhbir.com/haber/hijacklo…

account_circle
sugimu(@sugimu_sec) 's Twitter Profile Photo
sugimu
@sugimu_sec

2 years ago

TA544の話についてはJSAC2020で、ばらまきメール回収の会のメンバーも発表をしているので、気になる方は。

jsac.jpcert.or.jp/archive/2020/p…

TA544の話についてはJSAC2020で、ばらまきメール回収の会のメンバーも発表をしているので、気になる方は。 jsac.jpcert.or.jp/archive/2020/p…
account_circle