🚨#DarkCloud, New research of this #malware #stealer. Seen in numerous campaigns, hits companies and users for all kinds of information🚨 🔗Full Analysis: https://t.co/es70EHJqB3 #RE #intel #threat #malwareanalysis #infosec #cti

Última jornada de la 'Navaja Negra Conference'. En la Sala Crowdstrike @RexorVc0 abre la sesión con su charla 'CTI: The Dark Cloak'. ¡Vamos a terminar a lo grande! 💪 📺 Sigue las charlas en directo a través de nuestro canal de Twitch https://t.co/uppGoU4xHH #NN2025 🖤💛

In a few days, I'll be speaking at the 13th edition of the Navaja Negra Conference (#NN2025) talking about #CTI (and more) 🧠🔍 Excited to share the stage alongside truly talented cyber colleagues, looking forward to another great year at the conference! See you there, folks! 🎙️

Your support means everything to me! Although research costs time and money without any profit, seeing how people appreciate my work makes it worthwhile 💜 Planning some merch giveaways at upcoming milestones for those who've been supporting and helping grow this community! 🎁🦖

Thanks for being here! 🙇‍♂️ Never expected people would connect with my geeky #malware, #CTI or #TH research, it's just something I love doing in my free time, excited to keep learning and sharing more with this amazing community I'm preparing something special for you👇

🚨 New Report: #TA BQTlock #Ransomware Analysis Our #Threat Research team breaks down this emerging hacktivist-criminal #RaaS (+90 pages) 👇👇👇 🔗Report: https://t.co/GeYPBHb0Tx #malware #CTI #reverseengineering #RE #MalwareAnalysis

#IOC 10569403ab4e8057d560e2474bed4c4c 03aaeea52ff6bc37f87aeebf1b89db28 3a97695937d9501423f100d76af24cc1 76f6b482aa1a269e32b635aec95859ec fb49a808ed082d5d12effda0972ae441 6ad920494159cc05939306eaf4e0e24a ... 🔗VT: https://t.co/TtuKA6Nxgu

#TTP 🗂️[T1204.002] LNK exec 👥[T1036] Fake doc 📥[T1105] Download files 📜[T1059.007] JS exec 🧩[T1140] Decode/Deobfuscate info (B64+XOR) 🔎[T1082] Discover device info 💾[T1620] Load code in mem 📡[T1071] C&C communication

#APT #SideWinder #RattleSnake #BabyElephant #threat 📍🇮🇳 💥🇵🇰🇦🇫🇳🇵🇧🇹🇲🇲🌏 ⛓️ #Phishing > ZIP(#LNK) > mshta > #JS exec > Disguised doc + Obtain info > Decrypt code > Check AV > Check docx > Decode > Load #malware > #C2 🔗360 Advanced Threat Research: https://t.co/dK14t8B5oA

Hey my fellows, I'm going through some changes and I'm announcing that I'm joining @socradar as a Threat Researcher 🫡🫡 Thank you very much for being here ❤️ I'm still trying to learn as much as I can to share with this community 🙇‍♂️🙇‍♂️🙇‍♂️

#IOC 909e67e107ddfcb624d7e4d34efcaa13 d7476e95c65de32abb9d8128a7d61a61 a4aa4d783f8d8731fcc30f32f3b4be9c 58808f935757eba1f437a7b2fbba1866 ... 🔗VT: https://t.co/yrrcN9jHPe

#TTP 📩[T1566.001] Spear-Phishing 👥[T1036] Fake DOC as EXE 📥[T1105] Download next stage 🌀[T1574.001] DLL side load 🕷️[T1082] Get device & user info ⚓️[T1547.001] Persistence over Registry 💉[T1055.012] Inject code into MSBuild / InstallUtil.. 📡[T1071] C&C communication

#TA #BlindEagle APT-C-36 #DcRAT #Threat #Malware 📍🇨🇴 💥🇪🇨🇨🇱🇵🇦🌎 ⛓️ #Phishing > SVG > Download > Fake doc (EXE) +DLLs > EXE load DLL > Persistence Registry > Inject > MSBuild | AddInProcess32 | InstallUtil > #DcRAT > #C2 🔗360 Threat Intelligence: https://t.co/X1rhKcT1tU

#IOC dd802736eeb826079fa8a0cd08d74c0e 8bf60787e2ac07d3b89663044812b520 166261543ac5dca43254ff216b8acb92 cef1b831b08f5cb8c33a597569d96d06 3c80b259eb50a20e0c00ea756d7247d7 0dcef9d1e1cd96ed5b19c0befa1e6e7f ... 🔗VT: https://t.co/P7gZjSScfk

#TTP 📩[T1566.001] Spear-Phishing 📜[T1059.007] JS 👥[T1036] Bait XLS 🗂️[T1204.002] LNK 📥[T1105] Download next stage ⚓️[T1053] Persistence over Tasks 🧩[T1140] Decrypt code or DLL 💉[T1055] Inject SC in mem 🕷️[T1082] Get device & user info 📡[T1071.001] C&C

#APT #Patchwork #DroppingElephant #WhiteElephant #threat #malware #BADNEWS 📍🇮🇳 💥🇵🇰🌏 ⛓️ #Phishing > LNK | XLSX (MSC) + JS > Download > Bait doc + exe > Task > exe extract dll + Load > #RAT > Info Collection > #C2 (Mythic) 🔗360 Threat Intelligence: https://t.co/bDTaIZjIFE

#IOC 8930abf86e2e94b1a4b373e25d01f2ff e5cfa25f8f3fab90dc1777ac1b96c890 29e584797a4c1bb71e8c1c018bd431ad 4cc371651f43e31df87b9f08013a14f6 13c5617da56d8b821e6acd1d5c8f8780 2f1b002352c3a5469f5708de756f3f76 85ba2585c44c95c9ab40fffa2cdd6e36 .... 🔗VT: https://t.co/C9k0usdFSj

#TTP 📩[T1566.001] Spear-Phishing 👥[T1036] Bait PDF 🗂️[T1204.002] LNK 📥[T1105] Download next stage ⚓️[T1053] Persistence over Tasks 🧩[T1140] Decrypt code 💉[T1055] Inject SC in mem 🕷️[T1082] Get device & user info 📡[T1071] C&C communication

#APT #Patchwork #DroppingElephant #WhiteElephant #threat #malware 📍🇮🇳 💥🇵🇰🇨🇳🌏 ⛓️ #Phishing > LNK > PS > Download > Bait doc + exe > Task persistence > exe decrypt SC + Load > #RAT > Info Collection > #C2 🔗QiAnXin: https://t.co/f5gjDjLMAQ

#IOC f4cd4449e556b0580c2282fec1ca661f d1ec20144c83bba921243e72c517da5e 16d30316a6b700c78d021df5758db775 a6598bbdc947286c84f951289d14425c 07fbf46d3a595a6f82e477ed4571294b ... 🔗VT: https://t.co/xlvBrSeFOr

#TTP 📩[T1566.001] Spear-Phishing 🧩[T1140] Decrypt code 📇[T1218.005] HTA exec 📜[T1059.005] VBS script 🔃[T1218.010] Abuse of regsvr to load dll 📥[T1105] Download Next stage 🕷️[T1082] Get device info ⚓️[T1053] Persistence tasks 👥[T1105] Copy Itself (dll) 📡[T1071] C&C