Olivia
Online
MalwareLab.pl
@malwarelabpl
Malware Research. Threat Inteligence. Trainings - [email protected]
Joined February 2020
3 Following
590 Followers
19 Posts
Last month, for @AmnestyTech, we analyzed OSX sample of #FinFisher and provide other insights we gather along the way including some scripts aiding further analysis. If you need any help with any #malware related problems, don't hesitate to drop us an email, we are happy to help!
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
https://t.co/6D6ypYvvQs
Jeżeli chcecie zobaczyc jakas konkretna kampanie - czekamy na propozycje do 14.07, jak nie to cos sobie znajdziemy ;]
Chcecie zobaczyć na żywo analizę kampanii malware?
Zapraszamy na remote sekurak hacking party. Prezentował będzie @maciekkotowicz:
https://t.co/zSK2z0M3Gy
@maciekkotowicz is our next speaker at #CCCC2020. He worked before as Senior Security Researcher in Kaspersky GReAT or Principal Botnet owner at https://t.co/y8EZS2YXFW. He'll talk about #Fishing Elephant, or How to Build a Cloud-Based #APT.
https://t.co/LauaGWGhDn #Conference
Who to follow
This time we write about #Skidware - https://t.co/mM4vK7eSmW | We found new #hackforums grade rat based on #Quasar - its hilarious, check it out #Malware //cc @JAMESWT_MHT @James_inthe_box @Casperinous
document (https://t.co/Te2i34Wkk5 - Bubar Parlimen.docx) dropping #DADSTACHE, download urls: hxxps://armybar.hopto[.]org/{RemoteLoad.dotm,LogiMailApp.exe,LogiMail.dll,Encrypted} c2: tomema.myddns[.]me #Leviathan/#APT40 cc: @Mao_Ware
bunch of #TA505 docs with name: Human Resources Annual Report.docx (list: https://t.co/lMnFAxr9hE) mimics real vba code, will drop a dll with typical packer and #get2 with c2: shr-links[.]com probable lure email: https://t.co/BlyWMhe7Z8 #ThreatIntel #Malware #APT #ThreatHunting
Interesting clue about operation timeline of #Higaisa based on samples from @Malwarebytes's article - before jumping to shellcode loader checks if current year is in [2018,2021] time frame (it also makes quite a good #yara ) #APT #Malware #ThreatHunting #threatintel
![malwarelabpl's tweet photo. Interesting clue about operation timeline of #Higaisa based on samples from @Malwarebytes's article - before jumping to shellcode loader checks if current year is in [2018,2021] time frame (it also makes quite a good #yara ) #APT #Malware #ThreatHunting #threatintel https://t.co/ANUVcfWBNb](https://pbs.twimg.com/media/EZxFRcyXkAAF3Gk.png)
We write up our analysis of a validator dropped by documents used by #Lazarus, this validator was used in a campaing described by telsy as well as the ones recenty conducted against LockheedMartin, BAESystemsplc, Boeing. https://t.co/Jd35Pc2ek2 cc: @Manu_De_Lucia @Arkbird_SOLG
@dms1899 @LockheedMartin @BAESystemsplc @Boeing @JAMESWT_MHT i don't have any victims telemetry, but based on decoys and additional info from https://t.co/PNynudn5d7 - it quite safe to assume that military contractors working for South Korea especially the one present in decoys
Couple of #Lazarus #APT samples, with decoy documents referencing @LockheedMartin, @BAESystemsplc, @Boeing. Downloads remote templates and drops double-base64 encoded patched sqlite3 dlls, iocs: https://t.co/NSJb8BBEjq patched/added exports: sqlite3_stmt_all,sqlite3_stepsW
Second part (and last;) of our #Nazar's #APT tool is live. https://t.co/cWIajppuPj . With some experimental #snort/#suricata rule for you amusement #Malware #ThreatIntel #sig37 /cc @juanandres_gs
We put some hours into covering blanks about tool used by #Nazar #APT /cc: @juanandres_gs https://t.co/17CaGZ0A1h
New #aggah campaign, #GuLoader added to chain
Doc: 7418b898c989e3fb0d13b5db2c9773478e23150c590acad5832ccc3c14b80a26
remote payloads: hxxp://office-updates-index[.]com/{Report.rtf,Attack.jpg,File.vbs, track.jpg,max.bin}
#AgentTesla c2: fxp://ftp.centredebeautenellycettier[.]fr/
We put some effort into analyzing #RoyalRoad (aka 8t) rtf weaponizer. Take a look
https://t.co/LSAETSRW2U /cc @nao_sec #APT #malware #ThreatIntel
@maciekkotowicz at #x33fcon 2020!
Fishing Elephant, or How To Build Cloud Based APT
https://t.co/xf1bVBzXfd
Register: https://t.co/uquFhC1Ow0
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers
✨
⭐
💫