"EPITECHNE LIMITED" (SSL.com Corp given cert) signed, "Advertising agreement for collaboration MusicMaker2025 Premium Editor for YouTube.exe" sample: 22a6f8a653563ccb35ebd945109603b6097aa54b880b845e8185788226c1a957 Lumma.

Today Qilin has successfully solidified itself as a colossal piece of shit. Of course, all ransomware is bad, but Qilin ransomed Promise2Kids, a California non-profit which rescues children from abusive homes.

As promised, I am releasing the blog on the abuse of ITarian RMM by #DolphinLoader, a new MaaS Loader in the market. You will find some interesting stuff in there 👀🐬 Link: russianpanda.com/The-Abuse-of-I…

youtube.com/watch?v=mFyu2k…

Today’s the day! Very proud of the immense work Huntress analysts Jai Minton and Craig put into this lengthy walk through of an intrusion with strong overlap of OceanLotus TTPs. Thank you to Greg Linares (Laughing Mantis) for supporting this investigation as well!

The Return of OceanLotus? During routine threat hunting here at Huntress analysts Jai Minton & Craig identified a sophisticated campaign with hallmark TTPs of APT32 aka BISMUTH, Ocean Buffalo, & Canvas Cyclone targeting human rights activists huntress.com/blog/advanced-…

UNCOVERED: A 4-year breach on a human rights defender’s device—APT32/OceanLotus have their fingerprints all over it. Small orgs, you're vulnerable too. Stay vigilant out there, and check out our latest threat intel from Jai Minton and Craig. huntress.com/blog/advanced-…

The latest research from Jai Minton and I (alongside many others including Greg Linares (Laughing Mantis)) piecing together an intrusion that likely spanned the course of over 4 years with TTP's strongly coinciding with APT32/Oceanlotus. huntress.com/blog/advanced-…

Today we shine light on a long-standing intrusion which aligns with #OceanLotus / #APT32 🌺 intelligence gathering. 👇 Multiple backdoors, custom malware, steganography, and stealthy persistence. Thanks to Craig and Greg Linares (Laughing Mantis) CC: Huntress huntress.com/blog/advanced-…

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet. msft.it/6010l7S6w

Can confirm, and he has a voice that just seems to be calming, I think it's the English accent, but nonetheless Dray Agha is a real one that goes the full gambit from being technical to being a good person.

Automatic sandbox analysis systems should not be used like an "antivirus scanner". That is not their purpose and they are also pretty bad at that. Unfortunately providing an "overall score" or verdict gives the wrong impression.

* "You've been shortlisted to pay us 1,000 USD. If you do we will tell everyone you're a cybersecurity leader" 🤢 Annual reminder that some people actually do this kind of rubbish, all for *checks notes* ...a Digital Certificate of Honour. 🙄🤨 This shit devalues our industry

🌊Dive deep into OceanLotus 🌊 Join us on September 10, at 1 PM EST for the next episode of #TradecraftTuesday with John Hammond and Greg Linares (Laughing Mantis), where we’ll be unmasking the tradecraft behind notorious threat group, #OceanLotus. webinars.huntress.com/series/tradecr…

To whoever needs it, I just created a webapplication that returns API info for Telegram bot tokens. teletoken.info Just paste in your Telegram bot token ( api.telegram.org/bot<TOKENISHERE>/) and it will return to you a list information. Simple but useful 🙂

Hot take: if you’re in a senior+ role, a part of your job is mentoring inexperienced people unless stated otherwise

🚨👷‍♀️ The Huntress SOC is seeing wide-spread attacks against Construction companies. Early evidence links the intrusions to Foundation Software, a provider of construction accounting software built for contractors. We're still working to confirm if this link is accurate. 🕑

Big shoutout to Tanner and the team for their work on this one. Tanner continues to go above and beyond with his analysis and it's truly inspiring to work with bright minds like him 👏🙏