From OneNote to RansomNote: An Ice Cold Intrusion
🌟Analysis & reporting completed by @iiamaleks, @IrishD34TH, and @Miixxedup
🎵Audio (New Voice!): Available on Spotify, Apple, YouTube and more!
🏹Services: https://t.co/k8UVEOdKTQ
📚Report: https://t.co/Ll3pwfh9fp
SEO Poisoning to Domain Control: The Gootloader Saga Continues
🌟Analysis and reporting completed by @_pete_0, @malforsec & @r3nzsec
🎵Audio: Available on Spotify, Apple, YouTube and more!
🏹Services: https://t.co/k8UVEOdKTQ
📚Report: https://t.co/Jk1LFE046i
Additional infrastructure we suspect to be related to C2 address 92.118.112[.]208, used by the proxy client dropped following #SocGholish infection:
173.44.141[.]226
23.227.193[.]172
194.36.209[.]227
92.118.112[.]143
ReliaQuest #ThreatResearch has uncovered a new twist in SocGholish malware attacks. Now using Python for persistence, this threat signifies a tactical shift for attackers. Read the blog to protect your systems with the latest intelligence.
https://t.co/6teRrZiE9N
2023-10-17 (Tuesday): #TA577#Pikabot infection with HTTPS #CobaltStrike traffic on 45.155.249[.]171:443 using ponturded[.]com. Thanks to the @Cryptolaemus1 group for their initial post on today's Pikabot activity! IOCs from our infection run available at https://t.co/G56aXbifCR
Check out my first blog contribution here where we discuss a recent intrusion my team investigated, from an initial access Gootloader infection, 2nd stage payloads, and lateral movement to credential access. Super proud of this! https://t.co/aIcctOQpW3