bolha.us

13 posts9 participants2 posts today

VulDB :verified:We have improved indicators: MetaStealer (+1), DarkVision RAT (+1), Kimsuky (+1), Mozi (+1), Ghost RAT (+1), Mirai (+1) and Amadey (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

Hacker NewsAttune – Build and publish APT repositories in seconds<a href="https://github.com/attunehq/attune" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/attunehq/attune</a><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackerNews</a> <a href="https://mastodon.social/tags/Attune" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Attune</a> <a href="https://mastodon.social/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://mastodon.social/tags/repositories" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#repositories</a> <a href="https://mastodon.social/tags/Build" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Build</a> <a href="https://mastodon.social/tags/Publish" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Publish</a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://mastodon.social/tags/DevTools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevTools</a>

securityaffairs<a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a>-linked <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/Mustang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mustang</a> <a href="https://infosec.exchange/tags/Panda" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Panda</a> upgrades tools in its arsenal <a href="https://securityaffairs.com/176662/apt/china-linked-apt-mustang-panda-upgrades-tools-in-its-arsenal.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/176662/apt/china-linked-apt-mustang-panda-upgrades-tools-in-its-arsenal.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>

VulDB :verified:We have added indicators: Latrodectus (+1), Orcus RAT (+1), Rhadamanthys (+1), Meterpreter (+1), Xtreme RAT (+1), DarkComet (+1) and MooBot (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:Our CTI team identifies elevated offensive activities for products of the category WordPress Plugin <a href="https://vuldb.com/?type.wordpress_plugin" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?type.wordpress_plugin</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a>

VulDB :verified:We have updated indicators: BlackShades (+1), NjRAT (+2), SquidLoader (+1), Quasar RAT (+1), QakBot (+3), Stealc (+1) and DOPLUGS (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:We have updated these actors: Ares (+1), VipersoftX (+2), Slow Pisces (+3), Trox (+1), 8585.bio (+1), MisCloud (+1) and Rbx2.net (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:Improved indicators: Rhadamanthys (+2), QakBot (+1), MooBot (+2), ERMAC (+1), NjRAT (+1), Stealc (+13) and NetSupportManager RAT (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:A lot of offensive activity is originating from USA <a href="https://vuldb.com/?country.us" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?country.us</a> <a href="https://infosec.exchange/tags/usa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#usa</a> <a href="https://infosec.exchange/tags/country" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#country</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a>

VulDB :verified:Indicators added for: Rhadamanthys (+1), DOPLUGS (+1), SectopRAT (+1), Kaiji (+1), XWorm (+1), BlackShades (+1) and Ghost RAT (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:We have identified elevated activities targeting products by IBM <a href="https://vuldb.com/?vendor.ibm" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?vendor.ibm</a> <a href="https://infosec.exchange/tags/ibm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ibm</a> <a href="https://infosec.exchange/tags/vendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vendor</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a>

VulDB :verified:Added some more indicators for: Bashlite (+1), ShadowPad (+1), Matanbuchus (+1), Sliver (+2), Eye Pyramid (+1), Brute Ratel C4 (+1) and Venom RAT (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:There is an unusual high amount of activity targeting products by Linux <a href="https://vuldb.com/?vendor.linux" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?vendor.linux</a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://infosec.exchange/tags/vendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vendor</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a>

VulDB :verified:Added more indicators for: Chaos (+1), Mozi (+4), Kaiji (+2), Wang Duo Yu (+3), SpyNote (+1), DOPLUGS (+1) and Quasar RAT (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

securityaffairsAn <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> group exploited <a href="https://infosec.exchange/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ESET</a> flaw to execute <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://securityaffairs.com/176364/security/an-apt-group-exploited-eset-flaw-to-execute-malware.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/176364/security/an-apt-group-exploited-eset-flaw-to-execute-malware.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a>

VulDB :verified:Added some indicators for: Stealc (+1), Quasar RAT (+1), Bashlite (+1), Chaos (+1), Mirai (+16), PoshC2 (+1) and Venom RAT (+2). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:Added indicators for: Orcus RAT (+1), SectopRAT (+1), Bashlite (+1), NjRAT (+1), ShadowPad (+1), Tofsee (+2) and Rhadamanthys (+1). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

VulDB :verified:New indicators for: RedLine Stealer (+1), Houdini (+1), XWorm (+2), Ghost RAT (+1), QakBot (+1), Chaos (+1) and NetSupportManager RAT (+5). <a href="https://vuldb.com/?actor" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vuldb.com/?actor</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ioc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ioc</a>

Christoffer S.(google.com / Mandiant) Windows Remote Desktop Protocol: Remote to Rogue - Analysis of Novel Russian APT Campaign <a href="https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/</a>As always a very good write-up and detailed analysis of some novel use of RDP by Russian APTs. Involves signed RDP, and interesting proxy-behaviour.Worth reading (as always!)<a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://swecyb.com/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://swecyb.com/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> #

Recent searches

Search options

Administered by:

Server stats:

#APT