certain Snake built-in commands that will terminate the Snake application and overwrite its vital components without affecting any legitimate computer operation, applications, or files. Targets: Media, Defense, #NATO#cybersecurity https://t.co/rXW4UXR6Zl
#FBI Ordered Russian Malware to Self-Destruct. The Malware Obliged.
Active since 2004, the Snake (Uroburos) malware is used by Turla (Uroburos, Venomous Bear) that is attributed to Center 16 of the Federal Security Service of the #Russian Federation (#FSB). ->
30 days following May 4, 2023. They developed the #PERSEUS remote search technique for probing and Snake C2 impersonation. PERSEUS sends a Snake-HTTP or a Snake-TCP transmissions and the type of response confirms if the target is #compromised by Snake. Then PERSEUS can send ->
.@BlackBerry: "Russian sentence that somewhat cryptically translates to: “I drive SS into Dark.”" --> It likely translates to "I feed CC [credit card data] into Dark." https://t.co/OY8tzBESQ4
1/2> Great research on DCRat, but I would suggest alternative translation from Russian. "likely they’re bragging about stealing data from Russia, the UK" -> not the UK, they wrote about targeting Russian speakers in Ukraine.
https://t.co/pkXoBuwFZZ -->
Prices are rising, but you can still find bargains in the world of Russian #crimeware. Read our latest blog on #DCRat, a homemade but effective tool for opening backdoors on a budget, from our @BlackBerry Threat Research & Intelligence Team https://t.co/jDQNMUs1bb #DarkCrystal
🚨#Emotet Update🚨 - Looks like Ivan laid an egg for easter and has been busy. As of about 14:00UTC today 2022/04/18 - Emotet on Epoch 4 has switched over to using 64-bit loaders and stealer modules. Previously everything was 32-bit except for occasional loader shenanigans. 1/x
Strange #smishing spam message: when opened in sandboxes this nyxk2[.]xyz...(no longer working) opened #Russian State TV domains 1tv[.]ru and 1tv[.]com
Interesting note. The "chrisro[.]fun" domain is registered to "SYKES LATIN AMERICA" and in this screenshot below we can see some tool in the taskbar named "SYKES Secur...".
But what proved key in the end was the Bitly short link @oxana_tinko uploaded along with the malicious accoounts-google URL.
It tied back to a hyperactive bitly user who was creating tons of shortlinks — all of them pointing to similar phishing sites.
New #smishing scam targeting #NewHampshire cell owners, judging by the code, a similar template was used against New York. Don't fall for it, not an official website, phishing for your social security and other information. #covidscam#IoCs: doh-dmv[.]com, registered to a gmail