SKII
@SethKingHi
Followers
1K
Following
308
Media
93
Statuses
301
Senior Security Researcher @kaspersky GReAT, tweets and opinions are my own.
CN
Joined March 2012
2
16
60
#OceanLotus #APT32 #PyPi. Import the above malicious library - colorinal. termncolor-3.1.0-py3-none-any.whl.5152410aeef667ffaf42d40746af4d84
0
1
9
#OceanLotus #APT32 #PyPi. New version, supports Linux. /terminate.dll.1995682d600e329b7833003a01609252.c697848015bb8c2cbb7cc1502905ba23. colorinal-0.1.7-py3-none-xxxx.whl.ba2f1868f2af9e191ebf47a5fab5cbab.c5f0425dabd01d7ba80dfc3d5ca19841. /terminate.so
1
2
13
Beware of tampered WPS installers.C:\Program Files (x86)\wps\wps\splayer supek12[.]exe.c5359dab0a9d2b1c5bc1fa9db3dd134e
0
1
4
#OceanLotus #APT32 #PyPi. uuid32_utils-1.x.x-py3-none-win32.whl.cf3f59e2c4c8767697ea46475171697c.91a476fea45abc8b208e0a9e3293f774.a7a0add66b205967562c1fa9643b8421.22538214a3c917ff3b13a9e2035ca521.02f4701559fc40067e69bb426776a54f.5598baa59c716590d8841c6312d8349e. Backward.dll
2
6
21
#GhostContainer .Some clues can link puzzles together. Keywords: App_Web_8c9b251fb5b3 App_Web_Container_1.
🚨 New Cyber Threat Alert: GhostContainer Backdoor Targets Exchange Servers. High-value organisations in Asia are under attack! A sophisticated backdoor, GhostContainer, is compromising Exchange servers via N-day vulnerabilities. This malware evades detection, acts as a proxy,
0
1
4
RT @kaspersky: 🚨 New Cyber Threat Alert: GhostContainer Backdoor Targets Exchange Servers. High-value organisations in Asia are under attac….
0
1
0
#MysteriousElephant .#RTF - 61677da805217dd8816735897feaa83f.#HTA - 6d1516b55d7025cb715093a6ee1ef9a4.http://mail-gdrive[.]com/ascos.exe.#GEOShell - f2b3fd3a1034aaee49457e4611c8bb8b. http://158.255.215[.]45:8899/nina/anotherLife?credPart=F86ymcBb9a&dumbPart=3.3.3.3.
1
1
12
Nice try OL! Anti-disassemble trick. Tampering with IPtoStateMap (Windows Exception Handling Metadata)
0
1
6
RT @verovaleros: Now learning from Ye Jin (@SethKingHi), from Kaspersky GREAT team, on “The Dropping Elephant never dropped”. #VB2023 https….
0
2
0
0
1
4
#DoNot APT.de29cdd5aa18d9d2907013a90f0968a3.4ae3b492b94350e52c6dd98e5423c87c.a7ddaa7123c3c3284b61ccdbb30c4c24.b055e07aa060a55063051586fc497e7b.
0
4
8
RT @oct0xor: Today Apple released updates for CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit) in-the-wild zero-days which were discover….
0
122
0
#OrigamiElephant #DoNot #APT .bf7836d634aaa756c7bc9d3bfd445243. http://liberty.tourexplore[.]shop/pueruuueuugeru4kka0odf/ewkkzkk457zkrfkefrkdx0o.
1
1
4
RT @kucher1n: Recently, I've been researching #OperationTriangulation, a very sophisticated campaign targeting iPhones of my colleagues. Th….
securelist.com
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices...
0
13
0
