Twitter Beğeni Hilesi

Proofpoint observed the HTML attachment campaign described in this report on October 31, 2022. Together with 10+ other HTML Smuggling campaigns leading to IcedID from September to November, we attribute to TA551. Great work on detailing follow-on activity by The DFIR Report!

Happening now at Proofpoint Protect 2023 in New York, Selena Larson and Randy Pargman of Threat Insight and @SpyCloudCo's James Shank are discussing #ransomware's complicated past and uncertain future. 🔥🔮 #BreakTheAttackChain

Proofpoint Threat Insight researchers shared findings on a new malware strain that is distributed via bogus installation packages of the Bitwarden password manager. The Hacker News covered the analysis of this malware named ZenRAT. ow.ly/smOj50PQq1h

We saw new #Qbot #Qakbot "tchk07" from PDF > URLs today. MSI > AdobeAC.dll w/ export EditOwnerInfo. This is still very low volume and targeted. Huge shout out to our fantastic Myrtus for the RE and config extraction. IOCs in original thread. Samples: bazaar.abuse.ch/browse/tag/tch…

The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed "SpectralBlur." Greg Lesnewich of @Proofpoint shared with Dark Reading his expert insights on the backdoor. ow.ly/BFCU50QpyQ3

After a nine-month hiatus, #ecrime threat actor #TA866 is back with a bang. It returned in January with a new campaign and a new attack chain. But some things remain the same, with the group still favoring their custom WasabiSeed and Screenshotter toolkit. #ThreatInsight 💡

As Americans gear up for #taxseason, cybercriminals are preparing malicious tax-themed lures. ow.ly/WLAT50QvVPI Proofpoint researchers recently identified the return of TA576, a cybercriminal actor that uses tax-themed lures to target accounting and finance organizations.

Some #TA576 stuff I worked with last week. Benign Message > Reply > Actor Reply wi. web,app URL > Redir> ZIP > LNK > SyncAppvPublishingServer.vbs LOLBAS > PowerShell > MSHTA from URL > Encrypted PowerShell > Obfusc. PowerShell > Download and Run EXE > Heaven's Gate > Parallax RAT

Just dropped 🚨 A new @Proofpoint DISCARDED #podcast episode featuring special guest Kevin Collier, NBC's first and only dedicated cyber reporter. Listen as Kevin shares the ins and outs of covering #cybersecurity stories for a mainstream audience. 🎧: proofpoint.com/us/podcasts/di…

#100DaysofYARA Identify LNK files that contain findstr, nslookup, and .cmd github.com/100DaysofYARA/… Thanks Greg Lesnewich and jacob ☕🦆⌨️

After a 4 month absence from Proofpoint threat data, #Bumblebee is back. 🐝💥 The sophisticated #malware downloader was used in a February campaign targeting U.S. organizations with malicious emails containing OneDrive URLs. ow.ly/O49J50QAHSJ

Pim Trouerbach, sr. reverse engineer at Proofpoint, takes DISCARDED podcast hosts Selena & Crista on a trip down malware lane. Listen as he shares fond stories about his favorite malware, evolving banking trojans, the current threat landscape, and more! ow.ly/C1AQ50QWSWo

New blog out on #TA547 and #Rhadamanthys out. This isn't really a deep dive, but it's important to get blogs out in shorter time to the community too, in addition to the deep dives. The actor has continued with almost daily similar campaigns since March 26th.

New piece on TA427 (overlaps with Emerald Sleet, APT43, the K-word) 🇰🇵🇰🇵 Lots of benign email conversations to gather strategic information from NGOs, think tanks, and academics in the DPRK research space 📧📮 DMARC, typosquats, and solicitation oh my! proofpoint.com/us/blog/threat…

Proofpoint’s Threat Insight team has been tracking state-aligned actors for years. In a new report, they detail TA427, a group observed using new tactics, including persona spoofing and the incorporation of web beacons. ow.ly/Y2K250Ri4qh Get to know advanced persistent

Proofpoint Staff Threat Intelligence Analyst Selena Larson is joining the lineup of incredible speakers set to take the stage at the #cybercrime conference, SLEUTHCON. Explore the full speaker list at ow.ly/tySN50RiaFi and stay tuned for details on her talk! #SLEUTHCON

From IcedID to Dagon Locker Ransomware in 29 Days 🌟Analysis & reporting completed by Renzon, Angelo Violetti & UC1 🎵Audio: Available on Spotify, Apple, YouTube and more! 🏹Services: thedfirreport.com/services/ 📚Report: thedfirreport.com/2024/04/29/fro…

Today we celebrate a major cybersecurity victory. ow.ly/g88T50S2BJV #OperationEndgame, a global law enforcement effort supported by insights from Threat Insight experts at @Proofpoint and other industry vendors, resulted in... 🧵⤵️

🕵️ Calling all armchair detectives, Brazzos fans, and malware enthusiasts 📣 Grab your pickle dips because Proofpoint Threat Insight expert Selena Larson has teamed up w/ CyberWire Daily, by N2K for a new #podcast: Only Malware in the Building. Stream episode 1: ow.ly/8PCy50S83Gs.

Researchers from @Proofpoint uncovered an unusual campaign that attempts to deliver custom #malware dubbed #Voldemort. The name was chosen by the threat actor, who may be an advanced persistent threat (APT) with intelligence gathering objectives. Blog: ow.ly/hnBa50Taek2.