Top Tweets for #SharpPanda
Related:
Susp #APT #SharpPanda
878-CV-DU.docx
https://t.co/yonyky4xxz
Template URL: hxxp://38.54.31[.]43/WindowsTime/Fishing.png
![t3ft3lb's tweet photo. Related:
Susp #APT #SharpPanda
878-CV-DU.docx
https://t.co/yonyky4xxz
Template URL: hxxp://38.54.31[.]43/WindowsTime/Fishing.png https://t.co/LlRn9e3W4w](https://pbs.twimg.com/media/GQ1DYZAWgAEVgFn.png)
Susp #APT #SharpPanda
out.png (#RoyalRoad RTF)
https://t.co/b0tZCQXndc
WSWtmf.a (5t Downloader)
6dfba2e6ae44c0efc5835e0c5838c5ea
C2: hxxp://38.54.31[.]43/WindowsTime/update.php?Data=<encrypted_data>
Task: WindowsUpdateTaskMachine - rundll32.exe %TEMP%\WSWtmf.a StartW
@nao_sec
![t3ft3lb's tweet photo. Susp #APT #SharpPanda
out.png (#RoyalRoad RTF)
https://t.co/b0tZCQXndc
WSWtmf.a (5t Downloader)
6dfba2e6ae44c0efc5835e0c5838c5ea
C2: hxxp://38.54.31[.]43/WindowsTime/update.php?Data=<encrypted_data>
Task: WindowsUpdateTaskMachine - rundll32.exe %TEMP%\WSWtmf.a StartW
@nao_sec https://t.co/onjwDQWuuD](https://pbs.twimg.com/media/GQ1C-qQWMAAuCkm.png)
From late 2023 to early 2024, #SharpPanda has continued to target government entities in the Southeast Asia. Group-IB researchers have spotted several initial infection vectors (documents/executables) similar to previous Sharp Panda operations. These malicious files deliver the notable 5.t #downloader.
I updated rr_decoder! This update supports the new #RoyalRoad encoding [614a860c] used by #FirePeony (aka #SharpPanda) 🎉 CC: @t3ft3lb
https://t.co/cWO3FYEZ7y
![nao_sec's tweet photo. I updated rr_decoder! This update supports the new #RoyalRoad encoding [614a860c] used by #FirePeony (aka #SharpPanda) 🎉 CC: @t3ft3lb
https://t.co/cWO3FYEZ7y https://t.co/RVrobWJ6Iy](https://pbs.twimg.com/media/GC7mpbva0AANCMg.png)
Long time no see! #FirePeony (aka #SharpPanda) #RoyalRoad RTF -> 5.t Downloader
https://t.co/GZXiV488Q3

弊社SOCアナリストの林と小池が、2023/10/4~6に開催されるVB2023 LONDONにて、「FirePeony: a ghost wandering around the Royal Road」というタイトルで講演を行います。
講演内容について、後日ブログで紹介する予定ですので、ご期待ください。
#VB2023 #FirePeony #SharpPanda
https://t.co/gvBJsMKdwT

The threat actor #SharpPanda is the focus of this #readoftheday by @MonThreat . This time they were targeting G20 members with a sophisticated phishing email that deploy a downloader. #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting

from @StopMalvertisin, Request and Retrieval sigs for #SharpPanda #APT within 2046146-2046148... https://t.co/zOTp9saGOS
#SharpPanda #APT -> G7 decoy document
Email: f39442edc4a96ce729e50f66901263e1
[FINAL] Hiroshima Action Statement for Resilient Global Food Security_trackchanged.docx
ea889308acb4249af92807cc7d70f084
![StopMalvertisin's tweet photo. #SharpPanda #APT -> G7 decoy document
Email: f39442edc4a96ce729e50f66901263e1
[FINAL] Hiroshima Action Statement for Resilient Global Food Security_trackchanged.docx
ea889308acb4249af92807cc7d70f084 https://t.co/fu3A55YfLO](https://pbs.twimg.com/media/FxXNJO1agAAB1bi.jpg)
#SharpPanda APT Campaign Expands its Arsenal Targeting #G20 Nations!
https://t.co/FIAe8Ga7mm
#RCE #ZeroTrust #ZeroDay #cybercrime #hacker #privacy #APT #bot #CISO #DDoS #hacking #phishing #CyberAttack #cybersecurity #Security #infosec #AppSec #CyberSec #databreach #Hacked #RT
🚨 ThreatMon's new report is published! 📣
🔒🌐 Threat Analysis: SharpPanda APT's Attack Chain Targeting G20 Nations 🔒🌐
🔍 Our latest #report delves into the sophisticated #attack chain employed by #SharpPanda, a notorious #APT group, to target #G20 member countries. 🎯
📧 Starting with convincing #phishing emails, followed by malicious phishing documents embedded with remote templates, SharpPanda gains control over their victims' systems. 💻
💥 The deployment of downloader DLLs adds another layer of stealth, allowing the attackers to download additional malicious payloads undetected. 🕵
💡 Understanding the intricacies of this attack chain is crucial to enhancing cybersecurity and defending against state-sponsored threats.
🔐 Join us in #uncovering the #tactics, #techniques, and #procedures employed by SharpPanda, safeguarding critical information and national interests. 💪
Read the full report 👉 https://t.co/Q5jDUZvHEk
#reports #threatanalysis #hacker #cyber #cybersecurity #cyberattack #threatmon

#Sigma rules to detect #SharpPanda, China-backed #APT group targeting #G20 nations with advanced malicious tooling in its latest campaign.
https://t.co/vwysca9ebD
#malware #cyberattack #BlueTeam #SOC #cybersec #threathunting #threatdetection

#ThreatProtection #SharpPanda #APT group inflates its spear-phishing campaign. Read more: https://t.co/cSdXqmuuxW #Cybercrime #Cybersecurity
#SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations https://t.co/ZZsakou8KM?
#SharpPanda #APT -> G7 decoy document
Email: f39442edc4a96ce729e50f66901263e1
[FINAL] Hiroshima Action Statement for Resilient Global Food Security_trackchanged.docx
ea889308acb4249af92807cc7d70f084
![StopMalvertisin's tweet photo. #SharpPanda #APT -> G7 decoy document
Email: f39442edc4a96ce729e50f66901263e1
[FINAL] Hiroshima Action Statement for Resilient Global Food Security_trackchanged.docx
ea889308acb4249af92807cc7d70f084 https://t.co/fu3A55YfLO](https://pbs.twimg.com/media/FxXNJO1agAAB1bi.jpg)
#APT #SharpPanda 5.t Downloader
https://t.co/xv6qsiNaew
DLL name: Downloader.dll
Export funcs: StartA and 3 of md5*
URL: hxxps://13.236.189[.]80:8001/G0AnyWhere_up.jsp?Data=<encrypted_data> (Base64 + RC4 - key "xkYgv127")
Task "Windows Update" - rundll32.exe %Temp%\c6gt.b StartA
![t3ft3lb's tweet photo. #APT #SharpPanda 5.t Downloader
https://t.co/xv6qsiNaew
DLL name: Downloader.dll
Export funcs: StartA and 3 of md5*
URL: hxxps://13.236.189[.]80:8001/G0AnyWhere_up.jsp?Data=<encrypted_data> (Base64 + RC4 - key "xkYgv127")
Task "Windows Update" - rundll32.exe %Temp%\c6gt.b StartA https://t.co/RFfXT9Qw9j](https://pbs.twimg.com/media/FxS-BsRakAEeDNC.jpg)
#SharpPanda changed its target? It's the first time for me I've seen them target Western countries. CC: @aRtAGGI @_CPResearch_
#SharpPanda is using G7 decoy document (#RoyalRoad) to attack a wide range of G20 governments🐼
https://t.co/cFiB57nNEA

Incredibly excited to be speaking at #HagueTix2023 @HagueTIX in June about @threatinsight's observed changes in the APT phishing landscape following the disablement of #microsoftoffice #Macros. Check it out for #CTI about #TA423 #APT40 #SharpPanda #BackDoorDiplomacy #TA416 🇨🇳✉️☣️
Thrilled to announce our speaker line-up for #HagueTIX2023 & that ticket sales are open (limited amount of tickets only)! ➡ https://t.co/wnFziGkQLV
@monica_kaminska @xbouwman @fggaleiden @ISGA_Hague @TheHagueProgram
The Sharp Panda threat group recently included the new version of the Soul framework to execute their cyber attacks. Read more in our Intel Hub update. https://t.co/i648Wsjos7 #cyberthreat #cybersecurity #mdr #cybercontent #sharppanda #cyberintelligence
Last Seen Hashtags on Sotwe
UnionBuster
Seen from Korea
herrinnen
Seen from Korea
nolimit()**
Seen from Italy
pogingbagets
Seen from Philippines
bopper
Seen from United States
NoLimit() +filter:native_video
cosplay
Seen from United States
Farfour
Seen from Turkey
CaliforniaGirls
Seen from Indonesia
lxli or #nolimit() +filter:native_video
Trends for you
Most Popular Users

Elon Musk 
@elonmusk
240.6M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
110.6M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.7M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
90.9M followers

KATY PERRY 
@katyperry
87.7M followers

Taylor Swift 
@taylorswift13
81.5M followers

Lady Gaga 
@ladygaga
73.1M followers

Virat Kohli 
@imvkohli
69.9M followers

Kim Kardashian 
@kimkardashian
69.8M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
63.9M followers

Neymar Jr 
@neymarjr
62.7M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

X 
@x
60.8M followers

Selena Gomez 
@selenagomez
60.8M followers

![t3ft3lb's tweet photo. Related:
Susp #APT #SharpPanda
878-CV-DU.docx
https://t.co/yonyky4xxz
Template URL: hxxp://38.54.31[.]43/WindowsTime/Fishing.png https://t.co/LlRn9e3W4w](https://pbs.twimg.com/media/GQ1DXt0X0AABxmp.png)
![t3ft3lb's tweet photo. Susp #APT #SharpPanda
out.png (#RoyalRoad RTF)
https://t.co/b0tZCQXndc
WSWtmf.a (5t Downloader)
6dfba2e6ae44c0efc5835e0c5838c5ea
C2: hxxp://38.54.31[.]43/WindowsTime/update.php?Data=<encrypted_data>
Task: WindowsUpdateTaskMachine - rundll32.exe %TEMP%\WSWtmf.a StartW
@nao_sec https://t.co/onjwDQWuuD](https://pbs.twimg.com/media/GQ1C-KTX0AAaSRu.png)


![nao_sec's tweet photo. I updated rr_decoder! This update supports the new #RoyalRoad encoding [614a860c] used by #FirePeony (aka #SharpPanda) 🎉 CC: @t3ft3lb
https://t.co/cWO3FYEZ7y https://t.co/RVrobWJ6Iy](https://pbs.twimg.com/media/GC7moxqbEAAin8r.png)











![t3ft3lb's tweet photo. #APT #SharpPanda 5.t Downloader
https://t.co/xv6qsiNaew
DLL name: Downloader.dll
Export funcs: StartA and 3 of md5*
URL: hxxps://13.236.189[.]80:8001/G0AnyWhere_up.jsp?Data=<encrypted_data> (Base64 + RC4 - key "xkYgv127")
Task "Windows Update" - rundll32.exe %Temp%\c6gt.b StartA https://t.co/RFfXT9Qw9j](https://pbs.twimg.com/media/FxS-BdZaEAANLqQ.png)
![t3ft3lb's tweet photo. #APT #SharpPanda 5.t Downloader
https://t.co/xv6qsiNaew
DLL name: Downloader.dll
Export funcs: StartA and 3 of md5*
URL: hxxps://13.236.189[.]80:8001/G0AnyWhere_up.jsp?Data=<encrypted_data> (Base64 + RC4 - key "xkYgv127")
Task "Windows Update" - rundll32.exe %Temp%\c6gt.b StartA https://t.co/RFfXT9Qw9j](https://pbs.twimg.com/media/FxS9_C3aYAEBDpB.jpg)



