IOC.exchange

Pyrzout :vm:Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? <a href="https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nulled/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nulled/</a> <a href="https://social.skynetcloud.site/tags/oliviamessla" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#oliviamessla</a>@outlookde <a href="https://social.skynetcloud.site/tags/ConstellaIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConstellaIntelligence</a> <a href="https://social.skynetcloud.site/tags/FinnAlexanderGrimpe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FinnAlexanderGrimpe</a> <a href="https://social.skynetcloud.site/tags/ShoppyEcommerceLtd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ShoppyEcommerceLtd</a> <a href="https://social.skynetcloud.site/tags/1337ServicesGmbh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1337ServicesGmbh</a> <a href="https://social.skynetcloud.site/tags/ALittleSunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ALittleSunshine</a> <a href="https://social.skynetcloud.site/tags/OperationTalent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperationTalent</a> <a href="https://social.skynetcloud.site/tags/DreamDriveGmbH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DreamDriveGmbH</a> <a href="https://social.skynetcloud.site/tags/finn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#finn</a>@shoppy.gg <a href="https://social.skynetcloud.site/tags/FlorianMarzahl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FlorianMarzahl</a> <a href="https://social.skynetcloud.site/tags/Northdatacom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Northdatacom</a> <a href="https://social.skynetcloud.site/tags/Breadcrumbs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Breadcrumbs</a> <a href="https://social.skynetcloud.site/tags/domaintools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#domaintools</a> <a href="https://social.skynetcloud.site/tags/HRB164175" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HRB164175</a> <a href="https://social.skynetcloud.site/tags/LucasSohn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LucasSohn</a> <a href="https://social.skynetcloud.site/tags/AS210558" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AS210558</a> <a href="https://social.skynetcloud.site/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://social.skynetcloud.site/tags/StarkRDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#StarkRDP</a> <a href="https://social.skynetcloud.site/tags/Cracked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cracked</a> <a href="https://social.skynetcloud.site/tags/finndev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#finndev</a> <a href="https://social.skynetcloud.site/tags/floriaN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#floriaN</a> <a href="https://social.skynetcloud.site/tags/Nulled" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nulled</a> <a href="https://social.skynetcloud.site/tags/Sellix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sellix</a>

KrebsOnSecurity RSSWho’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?<a href="https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nulled/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2025/02/whos-behind-the-seized-forums-cracked-nulled/</a> <a href="https://burn.capital/tags/olivia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#olivia</a>.messla@outlook.de <a href="https://burn.capital/tags/ConstellaIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConstellaIntelligence</a> <a href="https://burn.capital/tags/FinnAlexanderGrimpe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FinnAlexanderGrimpe</a> <a href="https://burn.capital/tags/ShoppyEcommerceLtd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ShoppyEcommerceLtd</a> <a href="https://burn.capital/tags/1337ServicesGmbh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1337ServicesGmbh</a> <a href="https://burn.capital/tags/ALittleSunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ALittleSunshine</a> <a href="https://burn.capital/tags/OperationTalent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperationTalent</a> <a href="https://burn.capital/tags/DreamDriveGmbH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DreamDriveGmbH</a> <a href="https://burn.capital/tags/finn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#finn</a>@shoppy.gg <a href="https://burn.capital/tags/FlorianMarzahl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FlorianMarzahl</a> <a href="https://burn.capital/tags/Northdata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Northdata</a>.com <a href="https://burn.capital/tags/Breadcrumbs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Breadcrumbs</a> <a href="https://burn.capital/tags/domaintools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#domaintools</a> <a href="https://burn.capital/tags/HRB164175" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HRB164175</a> <a href="https://burn.capital/tags/LucasSohn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LucasSohn</a> <a href="https://burn.capital/tags/AS210558" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AS210558</a> <a href="https://burn.capital/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://burn.capital/tags/StarkRDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#StarkRDP</a> <a href="https://burn.capital/tags/Cracked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cracked</a> <a href="https://burn.capital/tags/finndev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#finndev</a> <a href="https://burn.capital/tags/floriaN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#floriaN</a> <a href="https://burn.capital/tags/Nulled" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nulled</a> <a href="https://burn.capital/tags/Sellix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sellix</a>

Pyrzout :vm:Maximizing the impact of cybercrime intelligence on business resilience <a href="https://www.helpnetsecurity.com/2024/12/23/jason-passwaters-intel-471-cybercrime-intelligence-efforts/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2024/12/23/jason-passwaters-intel-471-cybercrime-intelligence-efforts/</a> <a href="https://social.skynetcloud.site/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://social.skynetcloud.site/tags/cybercriminals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercriminals</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Features" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Features</a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://social.skynetcloud.site/tags/opinion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opinion</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a>

KrebsOnSecurity RSSU.S. Offered $10M for Hacker Just Arrested by Russia<a href="https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/</a> <a href="https://burn.capital/tags/Ne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ne</a>'er-Do-WellNews <a href="https://burn.capital/tags/AleksandrErmakov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AleksandrErmakov</a> <a href="https://burn.capital/tags/DarynaAntoniuk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DarynaAntoniuk</a> <a href="https://burn.capital/tags/MikhailMatveev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MikhailMatveev</a> <a href="https://burn.capital/tags/MikhailShefel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MikhailShefel</a> <a href="https://burn.capital/tags/MikhailLenin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MikhailLenin</a> <a href="https://burn.capital/tags/Sugarlocker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sugarlocker</a> <a href="https://burn.capital/tags/Boriselcin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boriselcin</a> <a href="https://burn.capital/tags/Shtazi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shtazi</a>-IT <a href="https://burn.capital/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://burn.capital/tags/rescator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rescator</a> <a href="https://burn.capital/tags/Wazawaka" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wazawaka</a>

Pyrzout :vm:U.S. Offered $10M for Hacker Just Arrested by Russia <a href="https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/</a> <a href="https://social.skynetcloud.site/tags/Ne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ne</a>'er-Do-WellNews <a href="https://social.skynetcloud.site/tags/AleksandrErmakov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AleksandrErmakov</a> <a href="https://social.skynetcloud.site/tags/DarynaAntoniuk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DarynaAntoniuk</a> <a href="https://social.skynetcloud.site/tags/MikhailMatveev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MikhailMatveev</a> <a href="https://social.skynetcloud.site/tags/MikhailShefel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MikhailShefel</a> <a href="https://social.skynetcloud.site/tags/MikhailLenin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MikhailLenin</a> <a href="https://social.skynetcloud.site/tags/Sugarlocker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sugarlocker</a> <a href="https://social.skynetcloud.site/tags/Boriselcin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boriselcin</a> <a href="https://social.skynetcloud.site/tags/Shtazi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shtazi</a>-IT <a href="https://social.skynetcloud.site/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://social.skynetcloud.site/tags/rescator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rescator</a> <a href="https://social.skynetcloud.site/tags/Wazawaka" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wazawaka</a>

ITSEC NewsU.S. Offered $10M for Hacker Just Arrested by Russia - In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as... <a href="https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/</a> <a href="https://schleuss.online/tags/neer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#neer</a>-do-wellnews <a href="https://schleuss.online/tags/aleksandrermakov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aleksandrermakov</a> <a href="https://schleuss.online/tags/darynaantoniuk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#darynaantoniuk</a> <a href="https://schleuss.online/tags/mikhailmatveev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mikhailmatveev</a> <a href="https://schleuss.online/tags/mikhailshefel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mikhailshefel</a> <a href="https://schleuss.online/tags/mikhaillenin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mikhaillenin</a> <a href="https://schleuss.online/tags/sugarlocker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sugarlocker</a> <a href="https://schleuss.online/tags/boriselcin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#boriselcin</a> <a href="https://schleuss.online/tags/shtazi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shtazi</a>-it <a href="https://schleuss.online/tags/intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intel471</a> <a href="https://schleuss.online/tags/rescator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rescator</a> <a href="https://schleuss.online/tags/wazawaka" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wazawaka</a>

Pyrzout :vm:Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Source: krebsonsecurity.com <a href="https://ciso2ciso.com/brazil-arrests-usdod-hacker-in-fbi-infragard-breach-source-krebsonsecurity-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/brazil-arrests-usdod-hacker-in-fbi-infragard-breach-source-krebsonsecurity-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/NationalPublicData" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NationalPublicData</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/ALittleSunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ALittleSunshine</a> <a href="https://social.skynetcloud.site/tags/KrebsonSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KrebsonSecurity</a> <a href="https://social.skynetcloud.site/tags/KrebsOnSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KrebsOnSecurity</a> <a href="https://social.skynetcloud.site/tags/NeerDoWellNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NeerDoWellNews</a> <a href="https://social.skynetcloud.site/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreaches</a> <a href="https://social.skynetcloud.site/tags/EquationCorp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EquationCorp</a> <a href="https://social.skynetcloud.site/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CrowdStrike</a> <a href="https://social.skynetcloud.site/tags/RaidForums" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RaidForums</a> <a href="https://social.skynetcloud.site/tags/InfraGard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfraGard</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://social.skynetcloud.site/tags/Tecmundo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tecmundo</a> <a href="https://social.skynetcloud.site/tags/TVGlobo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TVGlobo</a> <a href="https://social.skynetcloud.site/tags/NetSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetSec</a> <a href="https://social.skynetcloud.site/tags/USDoD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USDoD</a> <a href="https://social.skynetcloud.site/tags/fbi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fbi</a>

KrebsOnSecurity RSSBrazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach<a href="https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/</a> <a href="https://burn.capital/tags/NationalPublicData" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NationalPublicData</a> <a href="https://burn.capital/tags/Ne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ne</a>'er-Do-WellNews <a href="https://burn.capital/tags/ALittleSunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ALittleSunshine</a> <a href="https://burn.capital/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreaches</a> <a href="https://burn.capital/tags/EquationCorp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EquationCorp</a> <a href="https://burn.capital/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CrowdStrike</a> <a href="https://burn.capital/tags/RaidForums" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RaidForums</a> <a href="https://burn.capital/tags/InfraGard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfraGard</a> <a href="https://burn.capital/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hackread</a> <a href="https://burn.capital/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://burn.capital/tags/Tecmundo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tecmundo</a> <a href="https://burn.capital/tags/TVGlobo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TVGlobo</a> <a href="https://burn.capital/tags/NetSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetSec</a> <a href="https://burn.capital/tags/USDoD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USDoD</a> <a href="https://burn.capital/tags/fbi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fbi</a>

ITSEC NewsBrazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach - Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of b... <a href="https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/</a> <a href="https://schleuss.online/tags/nationalpublicdata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nationalpublicdata</a> <a href="https://schleuss.online/tags/neer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#neer</a>-do-wellnews <a href="https://schleuss.online/tags/alittlesunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#alittlesunshine</a> <a href="https://schleuss.online/tags/databreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreaches</a> <a href="https://schleuss.online/tags/equationcorp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#equationcorp</a> <a href="https://schleuss.online/tags/crowdstrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#crowdstrike</a> <a href="https://schleuss.online/tags/raidforums" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#raidforums</a> <a href="https://schleuss.online/tags/infragard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infragard</a> <a href="https://schleuss.online/tags/hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackread</a> <a href="https://schleuss.online/tags/intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intel471</a> <a href="https://schleuss.online/tags/tecmundo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tecmundo</a> <a href="https://schleuss.online/tags/tvglobo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tvglobo</a> <a href="https://schleuss.online/tags/netsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#netsec</a> <a href="https://schleuss.online/tags/usdod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#usdod</a> <a href="https://schleuss.online/tags/fbi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fbi</a>

Pyrzout :vm:Attackers deploying red teaming tool for EDR evasion <a href="https://www.helpnetsecurity.com/2024/10/15/edr-evasion-edrsilencer/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2024/10/15/edr-evasion-edrsilencer/</a> <a href="https://social.skynetcloud.site/tags/endpointsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#endpointsecurity</a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatdetection</a> <a href="https://social.skynetcloud.site/tags/BinaryDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BinaryDefense</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/SentinelOne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SentinelOne</a> <a href="https://social.skynetcloud.site/tags/TrendMicro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TrendMicro</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/ExtraHop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ExtraHop</a> <a href="https://social.skynetcloud.site/tags/Intel471" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel471</a> <a href="https://social.skynetcloud.site/tags/Sophos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sophos</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a>

Just Another Blue TeamerHappy Tuesday everyone!Just your weekly reminder that Regular Registration is closing this Friday, July 19th! So you still have some time to get the regular pricing when you register for Cyborg Security's and Intel 471's Threat Hunter training at Black Hat USA in Las Vegas! You will you learn: What a threat hunt looks like from start to finish. What tools and resources we can leverage to research and communicate with shareholders. How to navigate through an investigation following process chains, finding correlating information, and how to find related events that help you better tell the story! If any of this sounds fun, come join me at Black Hat in Vegas this year for a fun time! I can't wait to meet everyone there, but until then, Happy Hunting!Registration Links: Aug 3rd - 4th: <a href="https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528</a>Aug 5th - 6th: <a href="https://www.blackhat.com/us-24/training/schedule/index.html#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-365281707151844" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.blackhat.com/us-24/training/schedule/index.html#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-365281707151844</a><a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a> <a href="https://ioc.exchange/tags/BlackHat" class="mention hashtag" rel="tag">#BlackHat</a>

Just Another Blue TeamerHappy Monday everyone! We are going to start this week off with a nice resource in our <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#readoftheday</a>! If you have yet to hear about Wazuh, now is your chance! It is a free, open-source security platform that protects data assets from threats [2]. In this article, the researchers cover what abusing Living-off-the-Land binaries (LOLBINs) looks like from the perspective of an Ubuntu and Kali Linux endpoint and focus on the <a href="https://ioc.exchange/tags/DirtyPipe" class="mention hashtag" rel="tag">#DirtyPipe</a> exploit and the DDexec utility. After walking readers through the emulation they then discuss how Wazuh helps detect these techniques. It is a good read and a resource I want to get into my own lab to start playing with! As always, check out the full article and others by Wazuh researchers on their blog and stay tuned for the threat hunting tip of the day! Enjoy and Happy Hunting!Detecting Living Off the Land attacks with Wazuh <a href="https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/</a>Other reference: <a href="https://github.com/wazuh/wazuh" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://github.com/wazuh/wazuh</a> [2]Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a>

Just Another Blue TeamerHappy Friday Everyone!The Check Point Software researchers help us into the weekend with the <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#readoftheday</a>, and ironically it covers some things that we have been researching as of late!In this article, the researchers detail how a threat actor used an Internet Shortcut (.url) file to open up the attacker website in Internet Explorer (a more vulnerable brower) instead of Chrome or Edge. This is accomplished through the use of a specially crafted .url file that contains the values "mhtml" and also "!x-usc". These tactics were last when threat actors were exploiting CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability)[2] and are seen again.As you wait for the Threat Hunting Tip of the day, go read the entire article yourself and see what I missed! Enjoy and Happy Hunting!RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112) <a href="https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/</a>Additional resource: [2] <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#gethunting</a>

Just Another Blue TeamerHappy Wednesday, everyone! I’m honored and proud to invite all my connections to join me at Cyborg Security & Intel 471’s Black Hat USA training for the second year in a row!We cover everything from resources to use for research and models to use for communicating to your stakeholders to operationalizing intel to create a hypothesis to start a threat hunt. If you are a data junkie (like me) who loves diving into data, sifting through it, then this is the training for you! If any of this sounds fun, join my Black Hat USA training, titled “A Beginner’s Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs”! You may have missed the early registration discount, but the regular registration discount is still available until July 19th!I will be teaching two 2-day sessions. You can pick which one works with your schedule best and register here:Aug 3rd - 4th: <a href="https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528</a>Aug 5th - 6th: <a href="https://www.blackhat.com/us-24/training/schedule/index.html#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-365281707151844" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.blackhat.com/us-24/training/schedule/index.html#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-365281707151844</a>I can't wait to meet everyone there. Until then, happy hunting!<a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a> <a href="https://ioc.exchange/tags/BlackHat" class="mention hashtag" rel="tag">#BlackHat</a>

Just Another Blue TeamerHappy Wednesday everyone!This is the second <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#readoftheday</a> this week that involves eBooks being used as the lure for victims and in this case Trellix reveals that this eBook delivers a malware known as <a href="https://ioc.exchange/tags/ViperSoftX" class="mention hashtag" rel="tag">#ViperSoftX</a>. Once the victim downloads the archive file, they are presented with an eBook cover page, a hidden folder, shortcut file and three JPGs. These files are not what they seem, as you all may have guessed. One is an AutoIT script, one the AutoIT executable, and the last a PowerShell script. The shortcut file leads to the execution of the PowerShell code that unhides the hidden folder, checks the disk size of all drives, moves the AutoIT files to the AppData\Microsoft\Windows directory and deletes the LNK files in the current directory. A notable MITRE ATT&CK TTP here is the use of PowerShell encoded commands or T1027.013 - Obfuscated Files or Information: Encrypted/Encoded File. This is a common technique that adversaries use to hide the true nature of the commands or communication with their C2 server. As always, I am leaving you hanging and will be back for the Threat Hunting Tip of the day! While you are waiting patiently, go read the rest of the article, it has tons of details I left out! Enjoy and Happy Hunting!The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution <a href="https://www.trellix.com/blogs/research/the-mechanics-of-vipersofts-exploiting-autoit-and-clr-for-stealthy-powershell-execution/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.trellix.com/blogs/research/the-mechanics-of-vipersofts-exploiting-autoit-and-clr-for-stealthy-powershell-execution/</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a>

Just Another Blue TeamerGood day everyone!Kaspersky brings us today's <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#readoftheday</a>!A new APT targeting Russian government who has been dubbed CloudSorcer. "It's a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration" (we can start to create hypotheses that include the use of notable TTPs such as Discovery, Command and Control, and Collection). The malware's backdoor module collects information about the victim's machine which includes the hostname, username, windows subversion information, and system uptime. Then a pipe is created ( in this case \\.\PIPE\[1428] [not sure if that is a constant]) that connects to the C2 module process. The researchers state "It is important to note that all data exchange is organized using well-defined structures with different purposes, such as backdoor command structures and information gathering structures." Aaaaaaand this is where I am going to leave you hanging, on a nice cliff! Go and read the article and find out the rest of the details and for your threat hunting tip! Enjoy and Happy Hunting!CloudSorcerer – A new APT targeting Russian government entities <a href="https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#gethunting</a>

Just Another Blue TeamerHappy Monday everyone!AhnLab, Inc. Security Intelligence Center (ASEC) brings us another technical report, this time on the hashtag#AsyncRAT and how adversaries are disguising them as an E-Book in the hashtag#readoftheday!When a victim downloads what they think is an e-book, a malicious LNK file contains a PowerShell script, another compressed file masquerading as a video extension, and then a normal e-book file (gotta give the victim what they are expecting or run the risk of being caught). The script that runs modifies the attributes of the PowerShell script to hidden and then scans the machine for security products. These results will determine what the malware does next, but in each of the three methods it leads to some sort of scheduled task being used! There is plenty more details here, but don't take my word for it, read it! Enjoy and Happy Hunting!AsyncRAT Disguised as an E-Book <a href="https://asec.ahnlab.com/ko/67571/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://asec.ahnlab.com/ko/67571/</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#gethunting</a>

Just Another Blue TeamerFor your Friday Threat Hunting!As to not leave you empty handed: Take this Community Hunt Package with you if you are hunting for GootLoader (If you are a customer of Cyborg Security, we have an entire Hunt Package Collection looking for different TTPs and behaviors)! This hunt package is designed to capture activity associated with a scheduled task which includes abnormal locations in its details for execution. Enjoy and Happy Hunting!Scheduled Task Executing from Abnormal Location <a href="https://hunter.cyborgsecurity.io/research/hunt-package/09a380b3-45e5-408c-b14c-3787fa48d783" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://hunter.cyborgsecurity.io/research/hunt-package/09a380b3-45e5-408c-b14c-3787fa48d783</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#huntoftheday</a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#gethunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a>

Just Another Blue TeamerHappy Wednesday, everyone! I’m honored and proud to invite all my connections to join me at Cyborg Security & Intel 471’s Black Hat USA training for the second year in a row!Ever wanted to see what a threat hunt looks like from start to finish? Curious about the tools and resources we use to research and communicate with stakeholders? Or maybe you’re just a data junkie (like me) who loves diving into data, sifting through it, and finding valuable insights? If any of this sounds fun, join my Black Hat USA training, titled “A Beginner’s Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs”!You may have missed the early registration discount, but the regular registration discount is still available until July 19th!I will be teaching two 2-day sessions. You can pick which one works with your schedule best and register here: - Aug 3rd - 4th: <a href="https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528</a> - Aug 5th - 6th: <a href="https://www.blackhat.com/us-24/training/schedule/index.html#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-365281707151844" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.blackhat.com/us-24/training/schedule/index.html#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-365281707151844</a>I can't wait to meet everyone there. Until then, happy hunting!<a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a> <a href="https://ioc.exchange/tags/BlackHat" class="mention hashtag" rel="tag">#BlackHat</a>

Just Another Blue TeamerHappy Wednesday everyone!Today's <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#readoftheday</a> comes from Fortinet Labs researchers who documented an attacked that was using the spyware <a href="https://ioc.exchange/tags/MerkSpy" class="mention hashtag" rel="tag">#MerkSpy</a>. CVE-2021-40444, a remote code execution vulnerability in MSHTML that affects Microsoft Windows [2]. Like most spyware, it has the capabilities to capture screenshots, log keystrokes, and access the MetaMast extension (an extension designed to allow users to buy/sell crypto). Check out the full article for all the amazing technical details, this is just a small summary! Threat Hunting Tips: This spyware gains persistence (TA0003) by using the age-old technique of abusing the functions of the Windows Registry Run key (T1547.001 - Boot or Logon Autostart Execution - Registry Run Keys/Startup Folder). This registry key (*\Software\Microsoft\Windows\CurrentVersion\Run) has the capability to start anything that is stored in the key to execute/start on startup. This could be helpful if there is an application that someone uses every day OR it could be helpful for the adversary to get repeatable access to a victims machine! Either way, this is a location that I would keep my eye on! Enjoy and Happy Hunting!MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems <a href="https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems</a>Additional resources: [2] <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#HappyHunting</a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#gethunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="tag">#Intel471</a>

Recent searches

Search options

Administered by:

Server stats:

#Intel471