C2-Tracker Update ❗️Censys support for C2-Tracker is currently disabled as searches are migrated to the new Platform syntax. Many of the queries will need to be removed in the process. Feel free to contribute new searches by opening an issue at https://t.co/HTAtMoKNFV
Dropped a new tool for malware researchers. It is used to continuously ingest, analyze, and alert on samples given a set of yara rules. Out of the box it works with @abuse_ch MalwareBazaar recent uploads but it's modular so you can add more sources
https://t.co/AUmSl9khhi
Happy to have contributed to the great C2 tracker by @_montysecurity https://t.co/GXxFsZUYte with a query to hunt Atlandida Stealer on Shodan and Census :)
Big changes to C2 Tracker ‼️
- Added support for Censys searches 🎉
- Updates weekly on Mondays (modeled after Censys/Shodan scanning frequency)
- Added multiple new C2s/malware/botnets
https://t.co/HTAtMoKNFV
Dropped a new blog on hunting APT41 🐼 one of my favorite ones to put together, full of hunts for common TTPs and just things you should probably be hunting for anyway 🎯
https://t.co/scxhTfTzmi
New #WaveStealer spotted in the wild, possibly a variant of bby stealer.
Sold by a French-speaking threat actor "sudry" (aka svvdry) on Telegram/Discord for a few dollars.
C2:
wavebysudryez.]fr
wave-assistant.]com
Files created:
\Temp\wavestealer\
https://t.co/NqCZle5h5U
⬇️
Just released a #Python script for interacting with the @abuse_ch Malware Bazaar collection and finding samples that meet multiple criteria
https://t.co/Y77bqtObWZ
I showcase it here hunting #CobaltStrike samples
https://t.co/GgpCfxjH9j
@Cyb3rMonk I spent a lot of time on this question in the past. While limited to process/EDR data, the definition I came up with was "any combination of programs, files, and arguments that achieve some [MITRE] technique". Not perfect but it works for me :)
https://t.co/RD0pOh36lB
Put out a post dissecting this file. Used it as an example to learn the very basics of analyzing APK files and share my process along the way.
https://t.co/mI6OZsFn5p
Hey :)
@shodanhq makes the hunting process for Sliver C2 a bit easier than before. You can now search for online servers using the search query product, like so:
https://t.co/QLRGFwmHAo
Happy Hunting 😊
Posted a write-up on this and, with some luck, we got the source code of the infostealer that it drops
https://t.co/ML2Qotqhw8
#CTI#ThreatIntel#Malware