Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.6K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#conti

2 posts2 participants0 posts today
Public
Valéry Rieß-Marchive :verified:

Tramp is the boss of the ransomware gang #BlackBasta. In real life, he's wanted by 🚔 in the US . He's even inches from extradition to the 🇺🇲 at the end of June 2024. Thanks to real badass high protections, according to him.
Or he's been lying to his partners in crime. Or he is real naive. Because when he got arrested, Tramp was on the street that goes to the 🇺🇲 embassy in Yerevan 🇦🇲, and not much anywhere else there.
He's been active in the #ransomware scene for quite a while now, before #Conti. Here's his story.
computerweekly.com/news/366619

ComputerWeekly.com · Ransomware: from REvil to Black Basta, what do we know about Tramp?By Valéry Rieß-Marchive
Public
Alexandre Dulaunoy

Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group

#ransom #culture #cybercrime #research #conti #ransomware #RansomwareGroup

🔗 arxiv.org/abs/2411.02548

arXiv.orgAnalysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware groupCybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics, and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural "footprint" of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.
Public *
Just Another Blue Teamer

Happy Sunday!

The Intel 471 team provides their findings of the loader as it makes its comeback after a two month break. Taking the place of the (the source code was leaked when the leak occurred). The BumbleBee loader has been associated with distributing ransomware and is currently being used by multiple threat actors. My favorite part of this article though (and not surprising) is all the MITRE ATT&CK mappings that provide all the a place to start looking, so thank you for that team! I hope you all enjoy and Happy Hunting!

Bumblebee Loader Resurfaces in New Campaign
intel471.com/blog/bumblebee-lo

From source
#CyberSecurity#ITSecurity#InfoSec
Public
Just Another Blue Teamer

In an excellent report from Arctic Wolf, researchers Steven Campbell, CISSP, Akshay Suthar, Connor Belfiore, and the rest of the Arctic Wolf Labs Team cover the ransomware, which has compromised at least 63 organizations. In an interesting twist made only available due to the leaks, these researchers were able to analyze Akira and notice some code overlap between the two variants. As a bonus, something that I haven't seen done many times but would like to see more, the research team mapped tools that were used to the MITRE ATT&CK. If you are a threat hunting team that prefers to focus on toolsets when planing your hunts, this is a great article to leverage. Enjoy and, as always, Happy Hunting!

Source:
Conti and Akira: Chained Together
arcticwolf.com/resources/blog/

Arctic WolfConti and Akira: Chained Together | Arctic WolfLeveraging blockchain analysis, Arctic Wolf has begun to discern what ransomware groups Conti-affiliated threat actors have worked with; one such group is Akira.
#CyberSecurity#ITSecurity#InfoSec
ExploreLive feeds
About