Top Tweets for #lightneuron
@CNMF_CyberAlert In order to blend into the normal network traffic, Turla often reuses network protocols used by their targets. #LightNeuron is a passive backdoor running on Exchange servers that gets commands via JPG/PDF attachments
https://t.co/1RyXFWRyyz 7/14
OPSWAT vs. #LightNeuron
LightNeuron operates a rare command-and-control method that uses email JPEG & PDF attachments to transport the commands.
See LightNeuron on #OPSWAT MetaDefender Cloud↓
It sure sounds like this post is trying to be about how a probable Russian threat actor (Turla?) compromised a U.S. public sector organization quite thoroughly using webshells and a #LightNeuron-ish Exchange backdoor, but that the authors couldn't quite get approval for that.
New blog post: Read about our investigation of web shell attacks, which allow adversaries to run commands and steal data from vulnerable or misconfigured Internet-facing servers, or to use the compromised servers as launch pads for further attacks. https://t.co/YJfs00pdQs
OPSWAT vs. #LightNeuron
LightNeuron operates a rare command-and-control method that uses email JPEG & PDF attachments to transport the commands.
See how OPSWAT helps to prevent LightNeuron ↓
After the #TURLA #LightNeuron #XTrans images uploaded from Brazil, here are some NetTrans images from Hungary. These popped up again on VT and were originally uploaded in December 2018 (1/2)
https://t.co/jZ3p0wln7s
https://t.co/qwkiQ2gq34
Looks like Turla's NETTRANS is starting to hit on some AV radars. This #LightNeuron #XTRANS variant will be part of my talk with Anders at #FireEyeSummit in 2 weeks on Exchange transport agents. Here is a link to the sample:
https://t.co/4GME8G5Oc8
New #Turla #LightNeuron #APT sample, possible link with the BPA.Transport.dll previous agent
MD5: 52beacccecd9342421aa682ad538e677
VT Detection: 30/69
Sample VT: https://t.co/D5MBsk0vWg
Below are 3 jpeg images uploaded on VT used by #Turla #LightNeuron #Xtrans malware. These contain commands to be executed by the infected Exchange server, or its responses (1/3) #Steganography
https://t.co/lu5Dbm1VIx
https://t.co/SbEU8CRDea
https://t.co/NWnMYH3Bo1
2019-06-23: Possible #Turla #LightNeuron #Malware🇷🇺
"BPA.Transport.DLL" 👾 | "Companion DLL" for Transfer Agent📩
Export Table:
⤴️"forLoading"
⤴️"simpleValidate"
⤴️"BinaryLogEx"
✍️Logging:
🛣️Path: c:\windows\serviceprofiles\networkservice\
MD5: 5924eac8af1f3e3f1f825998bc59c062
2019-06-23: Possible #Turla #LightNeuron #Malware🇷🇺
Transport Agent "eseutil.dll" 📩 | .NET
ContentFilterAgent and SecurityInteropAgent | Process Function
Same functionality as by @ESET here -> https://t.co/yTUVz0FpAC👍
MD5: 9456197d0f8b6cabfea5f02ffb0176dd
cc/ @DrunkBinary
A new companion DLL for #Turla #LightNeuron Exchange Transport agent was just uploaded on VT. Compilation timestamp suggests it's a slightly newer sample than those from @ESET report.
https://t.co/5lTN7YPLCy
C'est au tour de Mr @mathieutartare chercheur ESET qui nous présente les dernières menaces sur la chaîne logistique : Winnti/Barium, et autres recherches d'ESET tels que #LightNeuron #ESETDay #ESET #Cybersecurite #Recherche #Malware.
Our new series #NowThatsWhatICallMalware is out. This week featuring: #Scranos #Rootkit, #Shlayer #MacOS Malware, #Exodus #Android Malware, #LightNeuron DLL and #Cr1pT0r ARM #Ransomware. Log in to check it out https://t.co/8ywGPuJWiy
Our new series #NowThatsWhatICallMalware is out. This week featuring: #Scranos #Rootkit, #Shlayer #MacOS Malware, #Exodus #Android Malware, #LightNeuron DLL and #Cr1pT0r ARM #Ransomware. Log in to check it out https://t.co/r9c9E4t1Sf
Our new series #NowThatsWhatICallMalware is out. This week featuring: #Scranos #Rootkit, #Shlayer #MacOS Malware, #Exodus #Android Malware, #LightNeuron DLL and #Cr1pT0r ARM #Ransomware. Log in to check it out https://t.co/Ts4U8cn1Gf
#Backdoor nei server di posta #Microsoft Exchange: #LightNeuron è un #malware da eliminare... https://t.co/DVENVUdlAR
ICYMI: ESET research recently uncovered #LightNeuron, a Microsoft Exchange backdoor that can read, modify or block any email going through the server. Learn more on this discovery: https://t.co/sh4umzTjoN
Güvenlik araştırmacıları #Microsoft Exchange Server'da oldukça kritik bir arka kapı buldu. #LightNeuron istismarı ile sunucudaki mailler okunabiliyor, değiştirilebiliyor ve eposta gönderilebiliyor
https://t.co/5ysyXfYxpj
Possible #Turla #LightNeuron Backdoor Installation - #sigma rule, free at https://t.co/tikoHgkda1
Thank you @ESET for sharing great research with public.
fields:
- CommandLine
- Image
- Hashes
falsepositives:
- medium
Last Seen Hashtags on Sotwe
trabzonpasif
Seen from Turkey
thefreakcircus
Seen from Brazil
เย็ดหีหมา
Seen from Brazil
uk #chav
Seen from Ireland
shemalegangbang
Seen from Nigeria
krissylynn #porn
Seen from Turkey
xlii or #exny or #momson or #nolimit() +filter:native_video
Seen from Australia
cisternafuori
Seen from United States
faketoks
Seen from Argentina
ScatSex
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers