New report: a Chinese-based operation targeting a Southeast Asian government.
🇨🇳 Initial infection using #SharpPanda toolset.
🧩 New version of modular multi-stage #SoulFramework, previously unattributed.
🤦 Still using #RoyalRoad.
👉Read more: https://t.co/UZNqrXVyWZ
#FakeBat campaign
MSI file has a sandbox evasion based on memory size.
GPU-Z
http[:]//gpu-z.top/index-install.html
https[:]//www.4sync.com/web/directDownload/tSdzLf9B/kYKT-tU6.d8cd9c1d356d7d336a60155ceab5576a
https://t.co/Ox8LqLVREG
1/ #TA505 has joined the @GoogleAds party! 🎉🎉
They distribute malware via download-cdn[.]com, previously used to push #Get2.
MSI (VT: 0/60) installs Ldrp.dll and then HVNC.dll, this last one connects to 64.190.113.123:443
[+] 328 related domains: https://t.co/VYLOXaHBNG
2023-01-16 (Monday) - Google ad led to fake software site sending malware. Post-infection activity for #Gozi (#ISFB/#Ursnif) and #RedlineStealer. Seeing this for different software searches. Indicators for an infection from a fake 7-Zip page available at https://t.co/B8pGG8t3hB