Proofpoint has tracked this technique since August 2024, and call it “brooxml”. Our researchers do not consider this a zero-day or vulnerability in general.
We’ve released Emerging Threats and YARA signatures at the end of this thread.
@ImposeCost I don't necessarily think you're implying this, but it kind of sounds like "well, it's more valuable to provide access and watch what's done with it", which I can't necessarily fault, provided the ability to do real damage is mitigated.
When the ecrime gang finds something… else
If you like weird infection chains, WebDAV, Python, custom backdoors with novel C2 methods, and use of Dumpulator, PCAPs, and more, the gang @selenalarson@Myrtus0x0@ffforward got you covered!
https://t.co/IFvoNEVUmH
In this special holiday edition of DISCARDED, Mindy Semling joins as guest host for a 2nd annual "Ask Me Anything" episode.
In this lively discussion, Selena & Crista answer questions from the audience and bid farewell to the 2023 cybersecurity landscape. https://t.co/g1AWUdDp7H
Great blog just published on an interesting cluster of #DarkGate malware distribution activity that used high-volume email campaigns, compromised websites with fake browser updates, steganography in CSS, and TDS filtering deliver DarkGate: https://t.co/LAt9c4wrm5
https://t.co/zWIOf3SUPD
confused by the fake browser landscape? me too - thats why I'm glad my teammates track this
come for the clarity, stay for the inject examples to show the differences between the kits!
Want to see something new and exciting?
Are you a blue teamer and want to see a novel new way threat actors have been observed exploiting LNK files in the wild?
Are you a red teamer and want to see how this exploit works on a technical level and how I recreated it?
Are you a CTI professional who evangelizes about the benefits of attribution?
Are you an infosec professional or enthusiast who loves video game humor?
This talk is for you!
Join us in person or online here:
https://t.co/PaqxR4KqPO
I’ll be sharing the stage with @aRtAGGI from Google Cloud (Mandiant).
This promises to be a very fun and informative talk. I hope to see you.
@MITREattack
@sherrod_im@ImposeCost I fundamentally agree but also have empathy for "don't rock the boat" because in an industry that is fraught with burnout, finding a sustainable operational tempo is imperative. It's easy for transformation to feel like "no matter how hard you work you can never be comfortable".
So Twitter -> Reddit is a really common occurrence ... I feel like there is a disparity in the amount of amazing comments highlighted in reverse. Especially ones that roast @elonmusk
Like forensic scientists, threat analysts are always on the hunt for digital fingerprints. 🔎
In this DISCARDED #podcast episode, we discuss the China #cybercrime threat landscape and the importance of staying aware of past trends.
Stream now at https://t.co/7XUiJXmX0P.
🚨 Job Openings!
Our team is looking to hire for 2 positions on our APT tracking team.
Primary responsibilities & day-to-day will be disrupting state-aligned or state-sponsored actors trying to deliver malware, phish, or otherwise engage with our customers, in email data.