ioc.exchange: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
Copperhead strikes again...shutting the lights off across town
What’s the first thing you’d do if a dam lost power? Share your knowledge with us at Black Hat booth #4157
READ MORE: https://rfj.tips/5hGlik
Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities
The article details malware and tactics used in attacks targeting Ivanti Connect Secure vulnerabilities from December 2024 to July 2025. It describes MDifyLoader, a loader based on libPeConv, which deploys Cobalt Strike Beacon through DLL side-loading. The attackers also utilized vshell, a multi-platform RAT, and Fscan, a network scanning tool. After gaining initial access, the threat actors performed lateral movement using brute-force attacks, exploited vulnerabilities, and used stolen credentials. They established persistence by creating domain accounts and registering malware as services or scheduled tasks. The attackers employed various evasion techniques, including the use of legitimate files and ETW bypasses.
Pulse ID: 6879f8b560d48aaf15291507
Pulse Link: https://otx.alienvault.com/pulse/6879f8b560d48aaf15291507
Pulse Author: AlienVault
Created: 2025-07-18 07:33:09
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Chinese Mobile Forensic Tooling Discovered
Lookout Threat Lab has uncovered a mobile forensics application called Massistant, used by Chinese law enforcement to extract extensive data from mobile devices. Believed to be the successor of MFSocket, Massistant requires physical access to install and is not distributed through official app stores. It collects sensitive information including GPS data, SMS messages, images, audio, contacts, and phone services. The tool is associated with Xiamen Meiya Pico Information Co., Ltd., a Chinese technology company controlling a significant portion of China's digital forensics market. Massistant introduces new features like Accessibility Services to bypass device security prompts and support for additional messaging apps. The discovery raises concerns about data privacy for travelers to China, as law enforcement can potentially access and analyze confiscated devices without a warrant.
Pulse ID: 6879f93b6deb93df0f1e6c0c
Pulse Link: https://otx.alienvault.com/pulse/6879f93b6deb93df0f1e6c0c
Pulse Author: AlienVault
Created: 2025-07-18 07:35:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles
KAWA4096, a new ransomware that emerged in June 2025, has claimed at least 11 victims, primarily targeting the United States and Japan. The malware features a leak site mimicking the Akira ransomware group's style and a ransom note format similar to Qilin's. KAWA4096 employs multithreading, semaphores for synchronization, and can encrypt files on shared network drives. It terminates specific services and processes, deletes shadow copies, and utilizes a configuration loaded from its binary. The ransomware's encryption process involves file scanning, skipping certain files and directories, and using a shared queue for efficient processing. It also changes file icons and can modify the desktop wallpaper. The group's tactics appear to be aimed at boosting visibility and credibility by imitating established ransomware operations.
Pulse ID: 6879f992f53c24606746d8de
Pulse Link: https://otx.alienvault.com/pulse/6879f992f53c24606746d8de
Pulse Author: AlienVault
Created: 2025-07-18 07:36:49
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
¡No olvides visitar el área OTtlan presentada por OMAR RUIZ !
Si te gusta el hacking, los entornos ICS/OT o simplemente tienes curiosidad… ¡pásate por ahí!
¡Te esperamos en OTtlan!
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLogin