Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.6K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

Just Another Blue Teamer

Good day everyone!

Check Point Software researchers provide us a detailed report on a newly discovered malware the ! It is capable of "stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency" and contains defense evasion techniques. While the malware may be new, one technique that stood out isn't! The use of the Windows run registry key for persistence (Software\Microsoft\Windows\CurrentVersion\Run) is not.

This registry key is abused because of the function it carries with it: you can reference an executable or script or whatever you want in the registry details and it will execute once a user logs in. This removes the need for the adversary to have to social engineer or compromise a host over and over again.

Knowing that, enjoy the article and stay tuned for your Threat Hunting Tip of the Day!

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
research.checkpoint.com/2024/u

Cyborg Security Intel 471

Check Point Research · Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point ResearchKey takeaways Introduction In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations.  In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Our investigation revealed critical missteps by the developer of Styx Stealer, including a significant […]
Aug 22, 2024, 04:03 PM·Public·Web
5boosts·10favorites
Public
Just Another Blue Teamer

For your Threat Hunting Tip of the Day:

I have covered this one many times, but I will continue to beat this horse as long as it exists. Adversaries WILL abuse the Run Registry Key for persistence, old malware will and new malware will and even future malware will. Why? Because of the function: Execute on logon.

So, if you are hunting for this, first make sure you have visibility into that registry key, emulate the traffic if you need to. Then make sure your tools have the visibility, that means you can hunt for it. Then, you can take this Intel 471 Free Community Hunt Package and drop it in your tool to begin the hunt! Enjoy and Happy Hunting!

Autorun or ASEP Registry Key Modification
hunter.cyborgsecurity.io/resea

Cyborg Security

hunter.cyborgsecurity.ioIntel 471 | HUNTER
ExploreLive feeds
About