M4lcode

about 1 month ago

🚨 #Lazarus APT has weaponized new malware to hunt C-level credentials This campaign poses a direct financial and business risk, bypassing detection to steal executive data via fake meeting invites ❗️ Check @MauroEldritch's breakdown for defense steps 👇 https://t.co/HA8BcX0i5M

3

53

21

14

11K

M4lcode retweeted

3 months ago

❗ macOS VM is now live ❗ 25K+ U.S. businesses already run on macOS. Yet #macOS threats remain a blind spot for many SOC teams. 👇 Close this gap now with a broader cross-platform threat visibility for faster and confident response! https://t.co/dyM8gqVYQ0

2

58

18

5

10K

M4lcode retweeted

Siddharth

@DearthOfSid

3 months ago

Never forget or forgive.

141

135K

28K

6K

3M

4 months ago

Great report by @anyrun_app good work 👏

4 months ago

⚠️ New ransomware #BQTLock & #GREENBLOOD are actively targeting businesses. Stealth, rapid encryption, and leak-site pressure leave SOC teams little time to react. Check out detailed analysis and an actionable plan to detect them before downtime ⬇️ https://t.co/FSrvaHo170

0

15

8

4

6K

0

3

0

3K

M4lcode retweeted

5 months ago

🚨 #Phishing on Trusted Cloud Infrastructure: Google, Microsoft, Cloudflare. We��re tracking a growing trend where phishing kit infrastructure is hosted on legitimate cloud and CDN platforms, not newly registered domains. In some cases, these campaigns specifically target enterprise users. This creates serious visibility challenges for security teams. We’ve observed this pattern across multiple #phishkits: 🔹 #Tycoon hosted on alencure[.]blob[.]core[.]windows[.]net (Microsoft Azure Blob Storage): https://t.co/7jZBu2c14l ⚠️ #Sneaky2FA hosted on legitimate cloud platforms, filtering out free email domains via a fake Microsoft 365 login to target corporate accounts: firebasestorage[.]googleapis[.]com (Cloud Storage for Firebase): https://t.co/TP06kgZ6Im cloudfront[.]net (AWS CloudFront): https://t.co/4YtSW0eMr8 🔹 #EvilProxy hosted on sites[.]google[.]com (Google Sites): https://t.co/SWveDgJXXS Victims see a “trusted” provider domain, while the network only sees normal HTML being loaded from cloud infrastructure. What looks clean at first glance is exposed by #ANYRUN Sandbox in under 60 seconds, directly reducing MTTD and MTTR. 🔍 Hunt for related activity and pivot from #IOCs using these search queries in TI Lookup: 🔹 Microsoft Azure Blob Storage abuse: https://t.co/l0dlau3eos 🔹 Firebase Cloud Storage abuse: https://t.co/7ju1Ap0bpN 🔹 Google Sites abuse: https://t.co/O3hZPUB3gk Many security vendors will flag these domains as legitimate. Technically, they are. That’s why security teams need behavioral analysis and network-level signals to reliably uncover phishing before impact. 🚀 Speed up detection and gain full visibility into complex threats with #ANYRUN. Sign up: https://t.co/b0Bq82LxYI #ExploreWithANYRUN #IOCs: mphdvh[.]icu kamitore[.]com aircosspascual[.]com Lustefea[.]my[.]id

2

158

42

96

16K

5 months ago

@MalB3nder Thanks Youssef❤️❤️

0

1

0

32

5 months ago

I’m happy to share that I have passed the GIAC Reverse Engineering Malware (GREM) certification. https://t.co/ZwGzYIpMiK

3

14

1

2

2K

5 months ago

@bugfireIO Thanks Drew ❤️❤️

0

1

0

49

5 months ago

@0xdragon1x Thanks❤️

0

22

M4lcode retweeted

6 months ago

🔴 LIVE from inside #Lazarus APT's IT workers scheme. For weeks, @BirminghamCyber & @north_scan kept #hackers believing they controlled a US dev's laptop. In reality, it was our sandbox recording everything. See full story and videos ⬇️ https://t.co/gRb7GKIERQ

anyrun_app's tweet photo. 🔴 LIVE from inside #Lazarus APT's IT workers scheme.

For weeks, @BirminghamCyber & @north_scan kept #hackers believing they controlled a US dev's laptop. In reality, it was our sandbox recording everything.

See full story and videos ⬇️
https://t.co/gRb7GKIERQ https://t.co/4ngokciMOX

14

481

126

205

214K

6 months ago

@MalB3nder Thanks Youssef ❤️❤️

0

1

0

82

M4lcode retweeted

Thomas Roccia 🤘

@fr0gger_

7 months ago

👀 OpenSource Malware an open database for tracking malicious open-source packages from npm, PyPI, GitHub repos! Great source of intel feed for supply-chain attacks! 👇 https://t.co/y6ELpxxX1S

fr0gger_'s tweet photo. 👀 OpenSource Malware an open database for tracking malicious open-source packages from npm, PyPI, GitHub repos!

Great source of intel feed for supply-chain attacks! 👇

https://t.co/y6ELpxxX1S https://t.co/5k3nKPUbWV

10

696

126

519

45K

M4lcode retweeted

RussianPanda 🐼 🇺🇦

@RussianPanda9xx

7 months ago

Good morning! ☀️ #GootLoader woke up and chose violence (again) Grab your coffee, this one's JUICY 💣 https://t.co/b9RTnqPJIB

6

185

51

60

28K

8 months ago

@anyrun_app Excellent work 🙌

0

2

0

211

9 months ago

The report covers: Motivations & Objectives Targeted Regions & Sectors Malware & Toolset Attack Techniques Recent Activity Critical Vulnerabilities Exploited Law Enforcement Actions and Indictments Suspected Ransomware Activity False-Flag Identity on Twitter/X MITRE ATT&CK® IOCs

0

4

0

3K

9 months ago

Just published a deep dive into APT27 (Emissary Panda/Iron Tiger/Lucky Mouse), a Chinese state-sponsored cyber-espionage group active since 2010, known for spear-phishing, watering-hole attacks and exploitation of internet-facing applications. https://t.co/xNurajdGrq

M4lcode's tweet photo. Just published a deep dive into APT27 (Emissary Panda/Iron Tiger/Lucky Mouse), a Chinese state-sponsored cyber-espionage group active since 2010, known for spear-phishing, watering-hole attacks and exploitation of internet-facing applications.

https://t.co/xNurajdGrq https://t.co/3ZnS3DukRV

4

88

40

41

17K

Muhammad Hasan Ali @muha2xmad

9 months ago

@binaryz0ne Congratulations🎊, wishing you all the best

1

0

70

M4lcode retweeted

11 months ago

As-salamu Alaykum I wrote 3 #yara rules about #RedLine stealer , #ArrowRAT, and #MilleniumRat. RedLine:https://t.co/4WhbAL84zn ArrowRAT:https://t.co/MvhsQ3JXJ3 MilleniumRat:https://t.co/ThLEmKlTto

1

10

3

1

5K