![breakingmalware's tweet photo. [1/2] Brazilian #cybercrime group uses #Metamorfo with new DLL side-loading target - Microsoft's ctfmon.exe.
Like past activities, a malicious MSI checks for a VM and drops a downloader. Payload hijacks ctfmon.exe and inject code to wmplayer.exe. https://t.co/dago5yt8Jw](https://pbs.twimg.com/media/EFVOjv5XYAEUn6z.png)
![breakingmalware's tweet photo. [1/2] Brazilian #cybercrime group uses #Metamorfo with new DLL side-loading target - Microsoft's ctfmon.exe.
Like past activities, a malicious MSI checks for a VM and drops a downloader. Payload hijacks ctfmon.exe and inject code to wmplayer.exe. https://t.co/dago5yt8Jw](https://pbs.twimg.com/media/EFVOjv3XUAE12ty.png)
![breakingmalware's tweet photo. [1/2] Found a fresh ransomware written in #Go. Dropped using a .doc file with an embedded excel sheet containing a Macro which may evade AV’s detection.
The Macro uses BITS to download the #Ransomware payload from a public #github repo.
Sets wallpaper to George Carlin’s quote. https://t.co/ZAryvGhMMR](https://pbs.twimg.com/media/D3m3Df8W4AAp9jq.jpg)
![breakingmalware's tweet photo. [1/2] Found a fresh ransomware written in #Go. Dropped using a .doc file with an embedded excel sheet containing a Macro which may evade AV’s detection.
The Macro uses BITS to download the #Ransomware payload from a public #github repo.
Sets wallpaper to George Carlin’s quote. https://t.co/ZAryvGhMMR](https://pbs.twimg.com/media/D3m3Df7WwAIh4ph.jpg)
![breakingmalware's tweet photo. [1/2] Found a fresh ransomware written in #Go. Dropped using a .doc file with an embedded excel sheet containing a Macro which may evade AV’s detection.
The Macro uses BITS to download the #Ransomware payload from a public #github repo.
Sets wallpaper to George Carlin’s quote. https://t.co/ZAryvGhMMR](https://pbs.twimg.com/media/D3m3Df5XkAEcCu0.png)
Olivia
Online
enSilo | Breaking Malware
@breakingmalware
Cybersecurity news and updates from the enSilo threat research team.
Joined March 2019
0 Following
260 Followers
25 Posts
ICYMI, we’ve officially moved to @FortiGuardLabs! This partnership allows us to study and analyze data collected from more than three million sensors around the globe.
We’re moving! Follow us at @FortiGuardLabs for more updates from the industry’s leading threat research team.
[2/2] MSI: https://t.co/YwL3ezI0Du
Dropped DLL: https://t.co/1yFfEfG34c
Side-loaded DLL: https://t.co/YVCzIZ1JDX
Injected payload: https://t.co/D2EfxacRyJ
Our previous analysis: https://t.co/1dJX89pQcx
[1/2] Brazilian #cybercrime group uses #Metamorfo with new DLL side-loading target - Microsoft's ctfmon.exe.
Like past activities, a malicious MSI checks for a VM and drops a downloader. Payload hijacks ctfmon.exe and inject code to wmplayer.exe.
![breakingmalware's tweet photo. [1/2] Brazilian #cybercrime group uses #Metamorfo with new DLL side-loading target - Microsoft's ctfmon.exe.
Like past activities, a malicious MSI checks for a VM and drops a downloader. Payload hijacks ctfmon.exe and inject code to wmplayer.exe. https://t.co/dago5yt8Jw](https://pbs.twimg.com/media/EFVOjv6XUAYnBj7.jpg)
AndroMut downloader uses the "Mocking Trusted Directories" UAC bypass technique published towards the end of 2018.
SHA256: bb5054f0ec4e6980f65fb9329a0b5acec1ed936053c3ef0938b5fa02a9daf7ee
Recent campaign was analyzed by @proofpoint https://t.co/lqFxD1HfwN
New #BreakingMalware blog post by @kerneronsec and @_adi_z! #Adware #DealPly reverse engineered @Microsoft SmartScreen and @McAfee WebAdvisor APIs to harvest reputation data and stay under the radar.
https://t.co/VvugjIN1ud
New #BreakingMalware blog post! #TxHollower, an evasive loader actively developed and extensively used by more than 20 malware families #GandCrab #SmokeLoader #ThreatIntel
https://t.co/QQhPs0xeYz
The Avast Abuser | New blog by @chen_erlich from enSilo Intelligence team dissects a Metamorfo Banking Malware variant which abuses Avast digitally signed executable.
#AvastAbuser #Metamorfo #ThreatIntel
https://t.co/1dJX89pQcx
@McAfee_Labs Endpoint products relying on stale names is indeed a serious issue. Our root cause analysis from a couple of years ago with relevant mitigations can be found in our blog.
https://t.co/rhTcHlkgF0
https://t.co/jeLxhks933
@McAfee_Labs Endpoint products relying on stale names is indeed a serious issue. We published the first warning two years ago in our blog.
https://t.co/rhTcHlkgF0
https://t.co/jeLxhks933
New #BreakingMalware blog post by @B_H101!
Found new activity of #APT10, abuses (another) legitimate Java executable signed by Oracle #PlugX #QuasarRAT #APT #ThreatIntel https://t.co/KCJSzLXIXp
Analysis of MuddyWater's toolset https://t.co/z7WKFgIiXA
Using YETI and Elasticsearch for #ThreatHunting by @chen_erlich from enSilo's threat intelligence team https://t.co/Syg8wcPDyl
The technical details on Operation ShadowHammer - supply chain attack using ASUS live updater https://t.co/U2yTkTCHWf
Me and @eyalr0 discovered several flaws in WPA3. Read more about it at https://t.co/cihpr5oGpQ Or you can read our paper! https://t.co/eiF3iyJq2Y #Dragonblood
TajMahal APT – a sophisticated platform active for at least the past five years https://t.co/nppcExkHPL https://t.co/tLXUTci9p8 @kaspersky
Operation SneakyPastes - Gaza Cybergang Group1 latest activities in the middle east https://t.co/W2mOPrIn91 @kaspersky
Dropper Sample: https://t.co/H6ZJhdOkUt
Links in VB:
https://t.co/lU3IO7wz7h
https://t.co/bJsDKZaTuz
[1/2] Found a fresh ransomware written in #Go. Dropped using a .doc file with an embedded excel sheet containing a Macro which may evade AV’s detection.
The Macro uses BITS to download the #Ransomware payload from a public #github repo.
Sets wallpaper to George Carlin’s quote.
![breakingmalware's tweet photo. [1/2] Found a fresh ransomware written in #Go. Dropped using a .doc file with an embedded excel sheet containing a Macro which may evade AV’s detection.
The Macro uses BITS to download the #Ransomware payload from a public #github repo.
Sets wallpaper to George Carlin’s quote. https://t.co/ZAryvGhMMR](https://pbs.twimg.com/media/D3m3JmZXoAAnh65.png)
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers