![IntezerLabs's tweet photo. In this #new blog, our research team unpacks the complexities of .NET executables, offering insights into its architecture and framework.
https://t.co/Fa0gpFje2o [1] https://t.co/RVSg4xrenq](https://pbs.twimg.com/media/GIjkqnrbYAAToD6.jpg)
![IntezerLabs's tweet photo. [1/3] A document with macros has surfaced, seemingly targeting residents in Nagorno-Karabakh. The ultimate payload is AsyncRAT. The lure employs the theme of the ongoing tensions between Armenia and Azerbaijan, posing as if sent by the National Security Service of Armenia. https://t.co/d6HwYzVZsw](https://pbs.twimg.com/media/F5v8Q39XwAAVyr3.jpg)
Olivia
Online
Roy Halevi
@royhalevi
CTO at @IntezerLabs
Israel
Joined August 2015
203 Following
230 Followers
574 Posts
[1/] In joint research with @crimevader from @Solis Security, we uncovered two zero-day exploits in the VeraCore application actively used by XE Group: an Upload Validation Bypass and an SQL Injection flaw.
This week, I investigated an active campaign targeting Chinese-speaking users. Seeing China, Taiwan, and Hong Kong as targets instantly piqued my curiosity. The attack has been attributed to the Silver Fox APT.
Several things in this campaign caught my attention. 🧵
1/2 The IMEEX framework is a newly discovered malware targeting Windows systems, specifically aimed at Djibouti. Delivered as a 64-bit DLL, it enables file manipulation, process control, registry changes, and remote command execution.
Thanks to the @virusbtn Conference for a great event! It was an honor to present with @juanandres_gs and @MhicRoibin
and share insights about reversing Rust and uncovering APTs with everyone.
Who to follow
🚀 Big News from Intezer! 🚀
We’ve raised $33M in new funding (led by @norwestvp) to continue transforming security operations with our AI-powered Autonomous SOC platform! Check out our blog post: https://t.co/lHiBhc2L3I
🔍 MSI files are often exploited by threat actors. Our new blog breaks down the MSI format and shows you how to detect and extract malicious payloads. For more details: https://t.co/TCrWGSRMmC
Unpacking SSLoad: A #Rust loader with diverse delivery methods, new elusive loaders, implementation of dead-drop sites, multiple string decryption, and anti-debugging techniques.
Dive into our detailed analysis of its loaders and payloads:
https://t.co/kEKywWAPsm
Dissecting a new #Rust loader - SSLoad. Initially reported by @Unit42_Intel. The infection chain begins with a phishing email, consists of multiple stages, and implements various techniques. A technical analysis 🧵 [1/]
In this #new blog, our research team unpacks the complexities of .NET executables, offering insights into its architecture and framework.
https://t.co/Fa0gpFje2o [1]
![IntezerLabs's tweet photo. In this #new blog, our research team unpacks the complexities of .NET executables, offering insights into its architecture and framework.
https://t.co/Fa0gpFje2o [1] https://t.co/RVSg4xrenq](https://pbs.twimg.com/media/GIjkrAZaUAAET7J.jpg)
New blog about Operation HamsaUpdate from our research team:
A sophisticated campaign involving a social engineering phishing scheme that delivers novel wipers, targeting Linux and Windows and a multi-stage loader.
Full blog for details here 👇 https://t.co/vQybSASX1x
Our researchers have uncovered an APT we dubbed "WildCard." Originating from the #SysJoker lineage, the novel RustDown malware showcases sophisticated methodologies and is linked to Operation ElectricPowder, signaling a targeted offensive against Israel's critical infrastructures
Unveiling APT WildCard. Emerging from SysJoker shadows, this APT now wields complex Rust malware - RustDown. Its link to Operation ElectricPowder signifies ~7 years of adaptive and persistent targeting of Israel's critical systems
🧵Technical deep-dive on WildCard [1/9]:
Quick series on malware reverse engineering for beginners by @IntezerLabs
Part 1: https://t.co/tBYUcvO57g
Part 2: https://t.co/dbs4yVr2L5
#malware #infosec
[1/3] A document with macros has surfaced, seemingly targeting residents in Nagorno-Karabakh. The ultimate payload is AsyncRAT. The lure employs the theme of the ongoing tensions between Armenia and Azerbaijan, posing as if sent by the National Security Service of Armenia.
![IntezerLabs's tweet photo. [1/3] A document with macros has surfaced, seemingly targeting residents in Nagorno-Karabakh. The ultimate payload is AsyncRAT. The lure employs the theme of the ongoing tensions between Armenia and Azerbaijan, posing as if sent by the National Security Service of Armenia. https://t.co/d6HwYzVZsw](https://pbs.twimg.com/media/F5v8SnVWYAAuTCL.jpg)
1/6 ⚡📨 A Much Less Annoying Way to Manage Reported Phishing Emails 🧵
So you need to monitor a phishing inbox or other user-reported phishing pipeline? You want a way to automatically investigate attachments, URLs, metadata, and the email content itself.
ICYMI: Intezer's researchers, Nicole Fishbein and Ryan Robinson, have released their latest blog post which delves into the world of encryption and malware. The post discusses how to detect and protect yourself and your organization. Read more about it: https://t.co/HCoGX1vk56
#phishing
@bookingcom's chat (connecting clients and property owners) is exploited by scammers. Disguised as the property, they weave convincing messages urging victims to click a link. The outcome? Exposing additional card info.
https://booking.guest-approve[.]info/reservation
![NicoleFishi19's tweet photo. #phishing
@bookingcom's chat (connecting clients and property owners) is exploited by scammers. Disguised as the property, they weave convincing messages urging victims to click a link. The outcome? Exposing additional card info.
https://booking.guest-approve[.]info/reservation https://t.co/bXPGCaKToN](https://pbs.twimg.com/media/F3BHHjGbUAABRz0.jpg)
Diving into the core concepts of encryption and its role in malware. Big shoutout to @MhicRoibin & @NicoleFishi19!
New blog on malware reverse engineering, spotlighting encryption usage in malicious software.
Learn the core concepts of encryption and how to identify common algorithms (RC4, AES, etc.).
Check out the blog by researchers @MhicRoibin & @NicoleFishi19
https://t.co/HCoGX1vk56
Exciting news: We're opening up a waitlist for our upcoming AI Insights!
This further expands Intezer's capabilities for alert triage, using generative AI to analyze text-based threats like scripts, macros, and phishing threats.
Join the waitlist here: https://t.co/Jlx4CyGi8R
We uncovered new samples and techniques used by CryptoClippy, a trojan targeting Brazilian financial services evolving fast. This threat has evolved with new stealing capabilities. Check out our blog by @NicoleFishi19 for its technical analysis. https://t.co/sCyeZ1BkS6
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers