As others have mentioned, the "presidents" #qakbot #qbot distribution (obama221) is back to using "DLL Search Order Hijacking" today (see screenshot). Here are the IOCs: https://t.co/JqSmNQxUIf

Anyone seeing #Socgholish using localsys-shield[.]com today?

#IcedID mixing it up today with CHM files BotID: 1609463178 Loader C2: trolspeaksunt\.com pw-protected, zipped ISO attachments https://t.co/9PDXgxpRAF https://t.co/1jlSljsrFu

I added my solution for the Task 8: https://t.co/xFNGIxz6eX // #FlareOn9

so, #FlareOn9 is over! congrats to all the finishers! you can find some of my solution here: https://t.co/GO75tCwZUl (work-in-progress, I will be adding more)

Ok got this post started if anyone wants a "Certain type" of obfuscation added

Hey... I'm thinking of a blog post for my site about "Understanding obfuscation" Is there anything special that anyone would like to see explained ?

New #socgholish stage 3 C2 seen today. Block all *[.]rate[.]coinangel[.]online .

Malware dirigido a empresas en Perú 🇵🇪 email > html > zip +password > vbs Descarga desde (#geofenced): /sunat-mail.xyz/2/ /easynsecureinvest.com/cobr/?id=1 Payloads/C2 desde: /gringox1.chickenkiller.com/g1/ +Header: UA-CPU Samples: https://t.co/jBl2ihkPju Sin atribución 🤔

Here are some #icedid #bokbot IOCs from today. Arrived via email with a password protected .zip file attachment. https://t.co/JUofXCsrfO

new Emotet E5 urls detected. [DLL] (1/2) hxxp://www[.]muyehuayi[.]com/cmp/8asA99KPsyA/v6lUsWbLen/ hxxps://wijsneusmedia[.]nl/cgi-bin/kFB/ hxxp://concivilpa[.]com[.]py/wp-admin/i3CQu9dzDrMW/

#Bumblebee HTML Attachments rolling in. general pattern: Document_[0-9]{4]_Scan_(Nov8)\.html Looks like some updated evasion in this sample. https://t.co/Vl4LdCICft

Also an few #Emotet today. @James_inthe_box @pr0xylife @0xToxin @0n315 @Cryptolaemus1 @JRoosen All of the sheets are visible in this one and each is the same as sheet 1? Did Ivan do a drunk again? https://t.co/NQz2LU8sIk

#TA551 HTML Attachments incoming ID 1559130321 #IcedID Loader C2: anisamnatyrel\.com https://t.co/IZtT9LcHSc https://t.co/lPDcMjpR7t

🏭 In May, SentinelLabs has investigated a supply-chain attack against the Rust development community that we refer to as ‘CrateDepression’. Learn more https://t.co/oZXYvPS5tj @LabsSentinel #infosec #cybersecurity #supplychain

[UPDATE] Here's a #maldoc with (still) live C2 that is quite evasive and shows the detection capability ex-OSINT. Download URL has a "ski" gTLD. Download the sample with a user account (it's not on VT) for free: https://t.co/8iQSfnliQH // #DFIR #malware #analysis

anyone know of companies hiring director level folks? ideally mobile/web work? i have a good friend looking and he'd be an epic hire.

Noticed an interesting registry export with powershell loader working completely on data stored in the registry Reg export https://t.co/jw9Ak4rdR7 Sample https://t.co/SJkIfwwvmT

Saw a couple of Emotet messages land here this afternoon. First from this recent revival. Thread hijacking. XLM4.0 maldoc attachment. Epoch4 botnet. Sample: https://t.co/dmFV5pxQ1G

I also received a handful of #emotet (E4) emails today. I saw traffic to the same C2 as yesterday. Here are the IOCs: https://t.co/OlFNfSOb4q