Virus Bulletin(@virusbtn) 's Twitter Profileg
Virus Bulletin

@virusbtn

Security information portal, testing and certification body.
Organisers of the annual Virus Bulletin conference. @[email protected]

ID:118059149

linkhttps://www.virusbulletin.com/ calendar_today27-02-2010 13:27:37

24,8K Tweets

58,0K Followers

1,4K Following

Virus Bulletin(@virusbtn) 's Twitter Profile Photo

SEQRITE researchers look into RusticWeb, a phishing campaign targeting various Indian government personnel to steal confidential documents. seqrite.com/blog/operation…

SEQRITE researchers look into RusticWeb, a phishing campaign targeting various Indian government personnel to steal confidential documents. seqrite.com/blog/operation…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

CERT-UA present details of a recent APT28 campaign that created threats to a domain controller within an hour from the moment of the initial compromise. cert.gov.ua/article/6276894

CERT-UA present details of a recent APT28 campaign that created threats to a domain controller within an hour from the moment of the initial compromise. cert.gov.ua/article/6276894
account_circle
Florian Roth(@cyb3rops) 's Twitter Profile Photo

I have a special Christmas present for you guys 🎁

I took the time this morning & completely reworked my 'God Mode YARA Rule'

It's a PoC aimed at crafting a single rule that covers a vast array of threats with minimal FPs

Merry Christmas to you all 🎄

github.com/Neo23x0/god-mo…

I have a special Christmas present for you guys 🎁 I took the time this morning & completely reworked my 'God Mode YARA Rule' It's a PoC aimed at crafting a single rule that covers a vast array of threats with minimal FPs Merry Christmas to you all 🎄 github.com/Neo23x0/god-mo…
account_circle
Karsten Hahn(@struppigel) 's Twitter Profile Photo

New Video: Deobfuscation of JScript malware like GootLoader using 3 methods 🦔

➡️ regex
➡️ AST manipulation
➡️ dynamic deobfuscation


youtube.com/watch?v=DjaptW…

account_circle
Matthew(@embee_research) 's Twitter Profile Photo

✏️12 Lessons I've Learnt From Writing Online About Cyber ✏️

18 Months ago I started writing online. This was scary at first, but over time I've built up confidence and hit some great milestones.

Today I'll share some lessons that I hope can help others do the same

[1/12]

✏️12 Lessons I've Learnt From Writing Online About Cyber ✏️ 18 Months ago I started writing online. This was scary at first, but over time I've built up confidence and hit some great milestones. Today I'll share some lessons that I hope can help others do the same [1/12]
account_circle
Thomas Roccia 🤘(@fr0gger_) 's Twitter Profile Photo

Day #1: Starting the challenge with a bit of planning and visualization. Hopefully, this mind map will help you by providing a better overview and some ideas for the challenge! 🤓💡

👉 Blog: blog.securitybreak.io/100daysofyara-…

Day #1: Starting the #100DaysOfYARA challenge with a bit of planning and visualization. Hopefully, this mind map will help you by providing a better overview and some ideas for the challenge! 🤓💡 #infosec #yara 👉 Blog: blog.securitybreak.io/100daysofyara-…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

Symantec’s Threat Hunter Team present details of a recent Seedworm (Muddywater) campaign targeting organizations operating in the telecommunications sector in Egypt, Sudan & Tanzania. symantec-enterprise-blogs.security.com/blogs/threat-i…

Symantec’s Threat Hunter Team present details of a recent Seedworm (Muddywater) campaign targeting organizations operating in the telecommunications sector in Egypt, Sudan & Tanzania. symantec-enterprise-blogs.security.com/blogs/threat-i…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

Sophos's Andrew Brandt & Sean Gallagher look into a malspam campaign targeting hotels worldwide with password-stealing malware that uses a social engineering lure to gain the trust of the campaign’s targets, before sending them links to malicious payloads. news.sophos.com/en-us/2023/12/…

Sophos's Andrew Brandt & Sean Gallagher look into a malspam campaign targeting hotels worldwide with password-stealing malware that uses a social engineering lure to gain the trust of the campaign’s targets, before sending them links to malicious payloads. news.sophos.com/en-us/2023/12/…
account_circle
ESET Research(@ESETresearch) 's Twitter Profile Photo

ESET Threat Report H2 2023: the 2nd half of 2023 saw various incidents, such as Cl0p’s MOVEit hack, the abuse of the word ChatGPT in malicious domains, and the demise of the Mozi botnet. Learn about the threat landscape in the report, out now web-assets.esetstatic.com/wls/en/papers/…

account_circle
Florian Roth(@cyb3rops) 's Twitter Profile Photo

Introducing YARA-Forge ⚡️
- Streamlined Public YARA Rule Collection

Excited to share my latest project with the community just in time for Christmas! After weeks of hard work, it's finally ready 🎄🎁

Blog Post
cyb3rops.medium.com/introducing-ya…

Project Page
yarahq.github.io

Introducing YARA-Forge ⚡️ - Streamlined Public YARA Rule Collection Excited to share my latest project with the community just in time for Christmas! After weeks of hard work, it's finally ready 🎄🎁 Blog Post cyb3rops.medium.com/introducing-ya… Project Page yarahq.github.io
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

Abnormal's Mike Britton explores how BazarCall/BazaCall attacks use Google Forms to boost the appearance of legitimacy. abnormalsecurity.com/blog/bazarcall…

Abnormal's Mike Britton explores how BazarCall/BazaCall attacks use Google Forms to boost the appearance of legitimacy. abnormalsecurity.com/blog/bazarcall…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

ESET's Zuzana Hromcová (Zuzana Hromcova) & Adam Burgher look into how OilRig actively developed & used a series of downloaders (ODAgent, OilCheck, OilBooster & SC5k) that use various legitimate cloud service APIs for C&C communication & data exfiltration. welivesecurity.com/en/eset-resear…

ESET's Zuzana Hromcová (@zuzana_hromcova) & Adam Burgher look into how OilRig actively developed & used a series of downloaders (ODAgent, OilCheck, OilBooster & SC5k) that use various legitimate cloud service APIs for C&C communication & data exfiltration. welivesecurity.com/en/eset-resear…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

Trellix's Vihar Shah & Rohan Shah show how threat actors have abused Predator and how this tool has been used in multiple phishing campaigns with frequently changing URL patterns in a very short span. The tool was designed to combat bots and web crawlers. trellix.com/about/newsroom…

Trellix's Vihar Shah & Rohan Shah show how threat actors have abused Predator and how this tool has been used in multiple phishing campaigns with frequently changing URL patterns in a very short span. The tool was designed to combat bots and web crawlers. trellix.com/about/newsroom…
account_circle
Matthew(@embee_research) 's Twitter Profile Photo

🔥Free Ghidra Content for Beginners 🔥

A series of 7 free tutorials demonstrating the most common Ghidra workflows.

These are the most common and approachable workflows that you can use day-to-day to begin analysing malware with Ghidra.

[1/8] 🧵

account_circle
ANY.RUN(@anyrun_app) 's Twitter Profile Photo

📌 Comparison of QakBot and PikaBot servers configuration

is a malware loader and initial access tool. It was active until August and suddenly appeared in mid-December 2023.

malware has a modular structure including a loader and a core with a Shell backdoor,…

📌 Comparison of QakBot and PikaBot servers configuration #QakBot is a malware loader and initial access tool. It was active until August and suddenly appeared in mid-December 2023. #PikaBot malware has a modular structure including a loader and a core with a Shell backdoor,…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

In their latest report researchers from The DFIR Report profile a threat actor by analysing an open directory that includes more than a year's worth of historical activity such as tools, logs and artifacts. thedfirreport.com/2023/12/18/let…

In their latest report researchers from The DFIR Report profile a threat actor by analysing an open directory that includes more than a year's worth of historical activity such as tools, logs and artifacts. thedfirreport.com/2023/12/18/let…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

In a Check Point report hasherezade presents a comprehensive review of the Rhadamanthys steale agent modules, looking at their capabilities and implementation, with a focus on how the stealer components are loaded and how they work. research.checkpoint.com/2023/rhadamant…

In a Check Point report @hasherezade presents a comprehensive review of the Rhadamanthys steale agent modules, looking at their capabilities and implementation, with a focus on how the stealer components are loaded and how they work. research.checkpoint.com/2023/rhadamant…
account_circle
Virus Bulletin(@virusbtn) 's Twitter Profile Photo

Malwarebytes' Jérôme Segura shares details of a new PikaBot campaign distributed via malvertising. PikaBot was previously only distributed via malspam campaigns. malwarebytes.com/blog/threat-in…

Malwarebytes' Jérôme Segura shares details of a new PikaBot campaign distributed via malvertising. PikaBot was previously only distributed via malspam campaigns. malwarebytes.com/blog/threat-in…
account_circle
Germán Fernández(@1ZRR4H) 's Twitter Profile Photo

So, we have new activity with low-volume attacks targeting the hospitality industry 🔥.

EMAIL > PDF > URL > MSI ( by 'SOFTWARE AGILITY LIMITED'). Campaign: tchk06, Version: 0x500.

PDF template is the same one used by a few days ago, of course.

Some…

So, we have new #Qakbot activity with low-volume attacks targeting the hospitality industry 🔥. EMAIL > PDF > URL > MSI (#Signed by 'SOFTWARE AGILITY LIMITED'). Campaign: tchk06, Version: 0x500. PDF template is the same one used by #PikaBot a few days ago, of course. Some…
account_circle
Jen Easterly🛡️(@CISAJen) 's Twitter Profile Photo

Some of the best things in life are FREE! We updated the Cybersecurity and Infrastructure Security Agency free cybersecurity services page with added functionality to make it easier for you to find the services & tools you need to defend your networks. Take a look: go.dhs.gov/42y

Some of the best things in life are FREE! We updated the @CISAgov free cybersecurity services page with added functionality to make it easier for you to find the services & tools you need to defend your networks. Take a look: go.dhs.gov/42y
account_circle