Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.4K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#powershell

45 posts40 participants10 posts today
Public
Mike Lawton

Had occasion to use:

<code>-ErrorVariable +ev -ErrorAction SilentlyContinue</code>

in order to handle/log non-fatal errors within a #powershell pipeline. I want to know the parameter in question on caught errors. The thrown cmdlet exception didn't provide it.

Can't see any advantage (the docs are... anemic) to InvocationInfo.PipelinePosition or PipelineIterationInfo (directly on the ErrorRecord) to pull by index (-1) from the root collection.

learn.microsoft.com/en-us/dotn

learn.microsoft.com/en-us/dotn

Microsoft Learn
learn.microsoft.comErrorRecord Class (System.Management.Automation)Represents an error.
Public
OTX Bot

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT

A new PowerShell-based shellcode loader has been discovered, designed to execute a variant of Remcos RAT. The attack chain begins with malicious LNK files in ZIP archives, using mshta.exe for initial execution. The loader employs fileless techniques, executing code directly in memory to evade traditional defenses. It leverages Windows APIs to allocate memory and execute binary code. The Remcos RAT provides full system control, featuring keylogging, screen capture, and credential theft capabilities. It uses advanced evasion techniques like process hollowing and UAC bypass. The malware establishes persistence through registry modifications and connects to a command and control server over TLS. This sophisticated attack emphasizes the need for behavioral analytics and proactive security measures to detect and mitigate such stealthy threats.

Pulse ID: 68264a9c6f5993a7d13fcfbc
Pulse Link: otx.alienvault.com/pulse/68264
Pulse Author: AlienVault
Created: 2025-05-15 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#ICS#InfoSec
Public
OTX Bot

Excel(ent) Obfuscation: Regex Gone Rogue

A new Excel-based attack technique leverages recently introduced regex functions for advanced code obfuscation. The proof-of-concept demonstrates how malicious actors can use REGEXEXTRACT to hide PowerShell commands within large text blocks, significantly reducing antivirus detection rates. This method outperforms traditional obfuscation techniques, dropping VirusTotal detections from 22 to just 2. The approach also evades heuristic analysis tools like OLEVBA. While currently limited by Microsoft's default macro security and the functions' limited availability, this technique could potentially be combined with more sophisticated attack methods as it becomes more widely accessible.

Pulse ID: 6825f54fef573f818bd2d43c
Pulse Link: otx.alienvault.com/pulse/6825f
Pulse Author: AlienVault
Created: 2025-05-15 14:08:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Excel#InfoSec
Public
Tony Redmond

Microsoft Graph PowerShell SDK V2.28 Attempts to Restore Stability

On May 10, 2025, Microsoft released V2.28 of the Microsoft Graph PowerShell SDK in the hope that the new version would fix a bunch of annoying problems that have dogged the SDK for several months. The first few days haven’t revealed any new problems and bug reports are being closed, so the signs are positive. But do test before deploying V2.28 into production.

office365itpros.com/2025/05/15
#PowerShell #MicrosoftGraph #Microsoft365

Office 365 for IT Pros · Microsoft Graph PowerShell SDK V2.28 Fixes Many Known BugsOn May 10, 2025, Microsoft released V2.28 of the Microsoft Graph PowerShell SDK in the hope that the new version would fix a bunch of annoying problems.
Public
OTX Bot

New 'Chihuahua Stealer' Targets Browser Data and Crypto Wallets

A novel infostealer named Chihuahua Stealer has been detected, blending standard malware techniques with advanced features. This .NET-based malware employs a multi-stage PowerShell script infection process, utilizing Base64 encoding, hex-string obfuscation, and scheduled tasks for persistence. It targets browser data and cryptocurrency wallet extensions, extracting credentials, cookies, autofill data, browsing history, and payment information. The stolen data is compressed, encrypted using AES-GCM, and exfiltrated to an external server. The malware's sophisticated execution chain includes stealthy loading and a multi-staged payload, making it challenging to detect and analyze.

Pulse ID: 6824a0fe7bd740a9edd5ae96
Pulse Link: otx.alienvault.com/pulse/6824a
Pulse Author: AlienVault
Created: 2025-05-14 13:56:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Browser#Cookies#CyberSecurity
Public
OTX Bot

TA406 Pivots to the Front

In February 2025, TA406, a North Korean state-sponsored actor, began targeting Ukrainian government entities with phishing campaigns aimed at gathering intelligence on the Russian invasion. The group utilized freemail senders impersonating think tank members to deliver both credential harvesting attempts and malware. Their tactics included using HTML and CHM files with embedded PowerShell for malware deployment, as well as fake Microsoft security alerts for credential theft. The malware conducted extensive reconnaissance on target hosts, gathering system information and checking for anti-virus tools. TA406's focus appears to be on collecting strategic, political intelligence to assess the ongoing conflict and potential risks to North Korean forces in the region.

Pulse ID: 6823b32f1fad0a568539c4c1
Pulse Link: otx.alienvault.com/pulse/6823b
Pulse Author: AlienVault
Created: 2025-05-13 21:01:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CredentialHarvesting#CyberSecurity#Email
ExploreLive feeds
About