Is Now on VT!
@Now_on_VT
Followers
4K
Following
833
Media
8
Statuses
276
Stay ahead of cyber threats. Get real-time alerts on notable APT/FIN/ORB indicators from VirusTotal. A threat intel project by @craiu.
Bucharest
Joined September 2023
Sample is now on VT! 🚩Hash: fbd5e3eb17ef62f2ecf7890108a3af9bcc229aaa51820a6e5ec08a56864d864d 🎯Actor name: Lazarus 🔹Comment: The Safe{Wallet} JavaScript used by Lazarus in the ByBit hack that was deployed Feb 19, 2025 17:29:05 and replaced with the original clean version
docsend.com
7
69
329
Sample is now on VT! 🚩Hash: 823a0862d10f41524362ba8e8976ddfd4524c74075bd7f3beffa794afb54f196 🎯Actor name: Earth Kurma 🔹Comment: An APT group dubbed Earth Kurma is actively targeting government and telecommunications organisations in Southeast Asia using advanced malware,
trendmicro.com
0
2
23
Sample is now on VT! 🚩Hash: 8650e83da50bd726f77311b729905c0d 🎯Actor name: CLINKSINK 🔹Comment: Numerous actors have conducted campaigns since December 2023 that leverage the CLINKSINK drainer to steal funds and tokens from Solana (SOL) cryptocurrency users. Drainers are
cloud.google.com
1
11
33
Thank you for the analysis! Unfortunately, no samples on @virustotal but three hashes from your blog were added to monitoring. We'll let y'all know when they show up!
#APT Since the disclosure of the #ZipperDown vulnerability in 2018, this is the first observed case of its in-the-wild exploitation by APT groups. Northeast Asian threat actors used it to target Android devices of individuals in North Korea and Northeast China.
0
1
14
Sample is now on VT! 🚩Hash: c1173628f18f7430d792bbbefc6878bced4539c8080d518555d08683a3f1a835 🎯Actor name: Lockbit related 🔹Comment: obalt Strike and a Pair of SOCKS Lead to LockBit Ransomware. This intrusion began with the download and execution of a Cobalt Strike beacon that
thedfirreport.com
Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…
1
9
42
Sample is now on VT! 🚩Hash: c5fd8cd46290c863c761168d9d8611d14681b87d50c3f4eebc1970bd45460bc5 🎯Actor name: ClayRat 🔹Comment: Over the past few months, zLabs researchers have been tracking ClayRat, a rapidly evolving Android spyware campaign primarily targeting Russian users.
zimperium.com
true
0
6
16
Sample is now on VT! 🚩Hash: b63316223e952a3a51389a623eb283b6 🎯Actor name: MysteriousElephant 🔹Comment: Mysterious Elephant is a highly active advanced persistent threat (APT) group discovered in 2023. It has been consistently evolving and adapting its tactics, techniques, and
securelist.com
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.
1
12
34
Sample is now on VT! 🚩Hash: 856225319df6fbb1ff3ea2b9e418a83fbec300d9 🎯Actor name: Scaly Wolf 🔹Comment: All these artifacts indicate that these malicious tools were created by the same developer, one directly associated with the Scaly Wolf group. Just like two years ago, the
1
5
19
Sample is now on VT! 🚩Hash: fae6192a0648a892c845d9498002ca79497ea58e5315d277f65f7b243f7110e4 🎯Actor name: UNC4990 🔹Comment: Mandiant Managed Defense has been tracking UNC4990, an actor who heavily uses USB devices for initial infection. UNC4990 primarily targets users based
cloud.google.com
UNC4990 uses USB devices for initial infection, targets users based in Italy, and is likely motivated by financial gain.
1
4
19
Sample is now on VT! 🚩Hash: 6190b13df521306bfa7ee973b864ba304ee0971865a66afbe0b4661c986099f4 🎯Actor name: Earth Kurma 🔹Comment: Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors. An APT group dubbed Earth Kurma is actively targeting government and
trendmicro.com
1
8
25
Sample is now on VT! 🚩Hash: 2d1dca9c10996143b698a9351d1eb446c19f92a7 🎯Actor name: NullBulge 🔹Comment: SentinelLabs has identified a new cybercriminal threat group, NullBulge, which targets AI- and gaming-focused entities. In July 2024, the group released data allegedly stolen
0
4
20
Sample is now on VT! 🚩Hash: 3b83739da46e20faebecf01337ee9ff4d8f81d61ecbb7e8c9d9e792bb3922b76 🎯Actor name: UnknownCW:Remcos 🔹Comment: We observed multiple waves of malspam from a campaign using email attachments between the end of 2024 and early 2025. The most prominent of
unit42.paloaltonetworks.com
Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader. Unit 42 details...
0
6
18
We did it: 🇩🇪Germany will OPPOSE Chat Control! 🥳 Thanks everyone for writing to the ministers. 🫶 #ChatControl will not get a majority in the EU Council - at least for now.
311
2K
9K
Hmm... what we do we have here? "ORACLE_EBS_NDAY_EXPLOIT_POC_SCATTERED_LAPSUS_RETARD_CL0P_HUNTERS.zip"
5
13
124
Sample is now on VT! 🚩Hash: cc9a50e2e6a6456c9f8b86f3ba4451cd7306c57ca9c4377ca0e29b357e1b1dd5 🎯Actor name: UAC-0245 🔹Comment: CABINETRAT is used by UAC-0245 for targeted cyberattacks against Ukraine... 🌐URL: https://t.co/ts6AcFEjBW 🔎OnVT:
cert.gov.ua
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
0
8
23
Sample is now on VT! 🚩Hash: e70dd343ea3897409deac26ca2b9dca09209d162e0dfe11e69f119527ffeb0bd 🎯Actor name: UAC-0245 🔹Comment: CABINETRAT is used by UAC-0245 for targeted cyberattacks against Ukraine... 🌐URL: https://t.co/ts6AcFEjBW 🔎OnVT:
cert.gov.ua
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
1
4
17
Sample is now on VT! 🚩Hash: 162b24784dd0dd19c2ce08961a9b836b5ff645d1d02da9c18616a0d348467e61 🎯Actor name: Kimsuky 🔹Comment: In recent months, North Korean based threat actors have been ramping up attack campaigns in order to achieve a myriad of their objectives, whether it be
1
5
20
Sample is now on VT! 🚩Hash: 1d78b4de1b283fd622633d45e5c82bf02e03727f390e4fcfdc87a5190a49b8ff 🎯Actor name: Thumtais 🔹Comment: In order to combat the latest cyber attacks, LAC's threat analysis team investigates a variety of attacks targeting Japanese organizations on a daily
lac.co.jp
2023年2月、日本のコンサルティング会社を対象とした標的型攻撃を観測。中国圏を拠点とする攻撃者グループによる攻撃とみられ、Thumtais(別名:EAGERBEE)マルウェアや未知のマルウェアが利用された。新しいThumtaisと背後に潜む攻撃者グループについて紹介する。
0
4
12
Sample is now on VT! 🚩Hash: 375ba7f864c0aad0537dd22b8bc357e9 🎯Actor name: Cs137_ransomware 🔹Comment: n/a 🌐URL: https://t.co/rP1716NOix 🔎OnVT:
#Ransomware Cs-137 Group (Onion come soon) 27BB7CA3598746938C6B6B9D8E06CF6F 375BA7F864C0AAD0537DD22B8BC357E9
0
0
8
Sample is now on VT! 🚩Hash: cddd5514b7ed3d33ff8eaa16b7b71621ced857755246683e0d28c4650ea744bf 🎯Actor name: MuddyWater 🔹Comment: Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and Security
blog.talosintelligence.com
Cisco Talos has observed a new campaign targeting Turkish private organizations alongside governmental institutions. * Talos attributes this campaign with high confidence to MuddyWater — an APT...
0
5
23
Sample is now on VT! 🚩Hash: 2629de99f35a283ad44e8fea20a3b536187c8babb24f18763429390f77144128 🎯Actor name: Earth Lamia 🔹Comment: Trend has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at
trendmicro.com
Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor...
1
5
35