I've just released the second article (85 pages) in Exploiting Reversing (ER) series:
link: https://t.co/yKH5ockWuw
I'd like to thank @ilfak and @HexRaysSA for your continued support on my articles.
Have an excellent day.
#reverseengineering#idapro#vulnerability
If anyone needs #DFIR case studies for their practice, training, whatever? Then please check the ones I've created over the years! Enjoy them! #Cybersecurity
https://t.co/MuuMWnazOg
@moviepilot Weil er sich in Skyfall die Eier zertrümmern lässt und antwortet, dass es nicht das erste Mal sei ist er bi? Berliner scheinen irgendwie in einer anderen Welt zu leben ... hier kann es doch nur um Aufmerksamkeit/Clickbaiting gehen ...
🚨🤯 The 18-year-old hacker responsible for leaking game clips from 'GTA 6' has been sentenced to life in a hospital prison.
This means he must remain in the hospital, for whatever amount of time, until doctors no longer deem him a threat.
Arion Kurtaj has autism, and a mental health assessment deemed that he "continued to express the intent to return to cybercrime as soon as possible.
He is highly motivated."
Kurtaj hacked into Rockstar Games using only a hotel TV, an Amazon Firestick, and his mobile phone.
This was due to his laptop having been previously confiscated by authorities due to him hacking into Nvidia and BT/EE.
We saw new #Qbot#Qakbot "tchk07" from PDF > URLs today. MSI > AdobeAC.dll w/ export EditOwnerInfo.
This is still very low volume and targeted.
Huge shout out to our fantastic @Myrtus0x0 for the RE and config extraction. IOCs in original thread.
Samples:
https://t.co/XiykxirG6T
ALPHV has ... unseized their domain?
They claim the FBI compromised one of their domain controllers. Additionally, they state they are removing all rules from their affiliate program (omit the rule on targetting the CIS) - allowing affiliates to target critical infrastructure
So, we have new #Qakbot activity with low-volume attacks targeting the hospitality industry 🔥.
EMAIL > PDF > URL > MSI (#Signed by "SOFTWARE AGILITY LIMITED"). Campaign: tchk06, Version: 0x500.
PDF template is the same one used by #PikaBot a few days ago, of course.
Some active C2s (already reported by @drb_ra):
https://78.46.200[.]68/teorema505
https://95.215.108[.]29/teorema505
https://85.209.11[.]185:8443/teorema505
https://65.108.218[.]24/teorema505
https://45.138.74[.]191/teorema505
References:
+ Microsoft Threat Intelligence: https://t.co/mtih39cAqz
+ Zscaler ThreatLabz: https://t.co/UV2ttLDrAs
Can confirm that we have seen the recent #Qbot#Quakbot#Qakbot activity. PDFs/URLs has been used since at least November 28, but can't confirm what payload it was earlier than December 11.
URL example: https://t.co/vqlLJ1NoVj
MSI/DLL: https://t.co/0Gd5s8R3io
Microsoft has identified new Qakbot phishing campaigns following the August 2023 law enforcement disruption operation. The campaign began on December 11, was low in volume, and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee.
Ya Qbot is back, it sucks. But look what happened with Emotet when it came back. Was a half assed attempt at running a botnet which eventually disappeared without any LE. Lets make it so that becomes the case with Qbot as well.