mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

596
comptes actifs

#SmokeLoader

0 message0 participant0 message aujourd’hui
🔘 G◍M◍◍T 🔘<p>💡 CoffeeLoader il malware che evade le difese sfruttando la GPU</p><p><a href="https://gomoot.com/coffeeloader-il-malware-che-evade-le-difese-sfruttando-la-gpu/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gomoot.com/coffeeloader-il-mal</span><span class="invisible">ware-che-evade-le-difese-sfruttando-la-gpu/</span></a></p><p><a href="https://mastodon.uno/tags/blog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blog</span></a> <a href="https://mastodon.uno/tags/coffeeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coffeeloader</span></a> <a href="https://mastodon.uno/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.uno/tags/gpu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gpu</span></a> <a href="https://mastodon.uno/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.uno/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.uno/tags/picks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>picks</span></a> <a href="https://mastodon.uno/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://mastodon.uno/tags/smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>smokeloader</span></a> <a href="https://mastodon.uno/tags/spuware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spuware</span></a> <a href="https://mastodon.uno/tags/stack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stack</span></a> <a href="https://mastodon.uno/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.uno/tags/tecnologia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tecnologia</span></a> <a href="https://mastodon.uno/tags/zscaler" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zscaler</span></a></p>
ESET Research<p><a href="https://infosec.exchange/tags/ESETResearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESETResearch</span></a>’s monitoring of <a href="https://infosec.exchange/tags/AceCryptor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AceCryptor</span></a> revealed a significant decrease in prevalence of the malware in H2 2024: we only observed around 3k unique samples as opposed to 13k in H1 2024. Overall hits went down by 68% compared to H1, and by 87% compared to H2 2023.</p><p>Similarly, the number of unique users targeted by AceCryptor campaigns decreased by 58% between H1 and H2 2024, and the decrease was even more pronounced when compared to H2 2023, amounting to 85%.</p><p>As for the malware families packed by the cryptor, we could yet again see the usual suspects such as <a href="https://infosec.exchange/tags/Rescoms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rescoms</span></a>, <a href="https://infosec.exchange/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a>, and <a href="https://infosec.exchange/tags/Stealc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stealc</span></a> among the most delivered threats.</p><p>While much smaller in scale than in previous periods, we still detected two notable campaigns of the malware. First, on July 11, 2024, 500 victims in Germany 🇩🇪 were sent emails with malicious attachments disguised as financial documents inside a password protected archive.</p><p>Instead of the documents, the archive contained an AceCryptor executable packing the Racoon Stealer successor <a href="https://infosec.exchange/tags/RecordBreaker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RecordBreaker</span></a>, which then exfiltrated the victim information to a C&amp;C server with the IP address of 45[.]153[.]231[.]163.</p><p>Then on September 23, 2024 more than 1,600 endpoints of small businesses in Czechia 🇨🇿 received emails whose attachments contained an AceCryptor binary packing the <a href="https://infosec.exchange/tags/XWorm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XWorm</span></a> RAT 🪱🐀. As a C&amp;C, XWorm RAT used easynation[.]duckdns[.]org.</p><p>The list of 🔍 Indicators of Compromise (IoCs) can be found in our GitHub repository: <a href="https://github.com/eset/malware-ioc/tree/master/ace_cryptor" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/eset/malware-ioc/tr</span><span class="invisible">ee/master/ace_cryptor</span></a></p>
Threat Insight<p>Today we celebrate a major cybersecurity victory. 👏 Operation Endgame, a global law enforcement effort supported by insights from experts at Proofpoint and other industry vendors, resulted in:<br> <br>• The disruption of major botnets<br>• Four arrests<br>• Over 100 servers taken down across 10 countries<br>• Over 2,000 domains brought under the control of law enforcement<br>• Illegal assets frozen<br> <br>Proofpoint’s mission is to provide the best human-centric protection for our customers against advanced threats. Whenever possible and appropriate to do so, Proofpoint uses its team’s knowledge and skills to help protect a wider audience against widespread malware threats.<br> <br>For <a href="https://infosec.exchange/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationEndgame</span></a>, Proofpoint threat researchers lent their expertise in reverse engineering malware, botnet infrastructure, and identifying patterns in how the threat actors set up their servers to help authorities understand the malware and safely remediate the bot clients.</p><p>Proofpoint’s unmatched threat telemetry and researcher knowledge played a crucial role in the operation, providing key insights in identifying the new botnets that are most likely to grow and become the dominant threats affecting the most number of people around the world.<br> <br>More information on the takedown and Proofpoint’s involvement can be found in our blog: <a href="https://www.proofpoint.com/us/blog/threat-insight/major-botnets-disrupted-global-law-enforcement-takedown" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">proofpoint.com/us/blog/threat-</span><span class="invisible">insight/major-botnets-disrupted-global-law-enforcement-takedown</span></a>.</p><p><a href="https://infosec.exchange/tags/IcedID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IcedID</span></a> <a href="https://infosec.exchange/tags/SystemBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemBC</span></a> <a href="https://infosec.exchange/tags/Pikabot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pikabot</span></a> <a href="https://infosec.exchange/tags/SmokeLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmokeLoader</span></a> <a href="https://infosec.exchange/tags/Bumblebee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bumblebee</span></a> <a href="https://infosec.exchange/tags/Trickbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trickbot</span></a> <a href="https://infosec.exchange/tags/Europol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Europol</span></a></p>
Sekoia.io<p>We are proud to announce that Sekoia <a href="https://infosec.exchange/tags/TDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TDR</span></a> team contributed to the joint international law enforcement operation <a href="https://infosec.exchange/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationEndgame</span></a>, targeting the notorious botnets <a href="https://infosec.exchange/tags/IcedID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IcedID</span></a>, <a href="https://infosec.exchange/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a>, <a href="https://infosec.exchange/tags/SystemBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemBC</span></a> and <a href="https://infosec.exchange/tags/Pikabot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pikabot</span></a></p><p><a href="https://operation-endgame.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">operation-endgame.com/</span><span class="invisible"></span></a></p>
Redhotcyber<p>Operazione Endgame: Europol Demolisce Le Reti Botnet e Dropper e Arresta i Cybercriminali</p><p>Tra il 27 e il 29 maggio 2024 l’operazione <a href="https://mastodon.bida.im/tags/Endgame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Endgame</span></a>, coordinata dal quartier generale di <a href="https://mastodon.bida.im/tags/Europol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Europol</span></a>, ha preso di mira i dropper tra cui <a href="https://mastodon.bida.im/tags/IcedID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IcedID</span></a>, <a href="https://mastodon.bida.im/tags/SystemBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemBC</span></a>, <a href="https://mastodon.bida.im/tags/Pikabot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pikabot</span></a>, <a href="https://mastodon.bida.im/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a>, <a href="https://mastodon.bida.im/tags/Bumblebee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bumblebee</span></a> e <a href="https://mastodon.bida.im/tags/Trickbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trickbot</span></a>.</p><p><a href="https://mastodon.bida.im/tags/redhotcyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redhotcyber</span></a> <a href="https://mastodon.bida.im/tags/online" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>online</span></a> <a href="https://mastodon.bida.im/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://mastodon.bida.im/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a> <a href="https://mastodon.bida.im/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.bida.im/tags/innovation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>innovation</span></a> <a href="https://mastodon.bida.im/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.bida.im/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.bida.im/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://mastodon.bida.im/tags/engineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engineering</span></a> <a href="https://mastodon.bida.im/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.bida.im/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intelligence</span></a> <a href="https://mastodon.bida.im/tags/intelligenzaartificiale" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intelligenzaartificiale</span></a> <a href="https://mastodon.bida.im/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://mastodon.bida.im/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a> <a href="https://mastodon.bida.im/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataprotection</span></a> <a href="https://mastodon.bida.im/tags/cybersecurityawareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurityawareness</span></a> <a href="https://mastodon.bida.im/tags/cybersecuritytraining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritytraining</span></a> <a href="https://mastodon.bida.im/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://mastodon.bida.im/tags/infosecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecurity</span></a></p><p><a href="https://www.redhotcyber.com/post/operazione-endgame-europol-demolisce-le-reti-botnet-e-dropper-e-arresta-i-cybercriminali/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redhotcyber.com/post/operazion</span><span class="invisible">e-endgame-europol-demolisce-le-reti-botnet-e-dropper-e-arresta-i-cybercriminali/</span></a></p>
abuse.ch :verified:<p>We are proud to announce that we assisted the joint international law enforcement operation <a href="https://ioc.exchange/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationEndgame</span></a>, targeting the notorious botnets <a href="https://ioc.exchange/tags/IcedID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IcedID</span></a>, <a href="https://ioc.exchange/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a>, <a href="https://ioc.exchange/tags/SystemBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemBC</span></a> and <a href="https://ioc.exchange/tags/Pikabot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pikabot</span></a> 🔥</p><p>abuse.ch has provided key infrastructure to LEA and internal partners to disrupt these botnet operations 🛑</p><p>More information on the operation is available here:<br>👉 <a href="https://operation-endgame.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">operation-endgame.com/</span><span class="invisible"></span></a></p>
The Spamhaus Project<p>🚨<a href="https://infosec.exchange/tags/IcedID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IcedID</span></a>, <a href="https://infosec.exchange/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a>, <a href="https://infosec.exchange/tags/SystemBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemBC</span></a>, <a href="https://infosec.exchange/tags/Pikabot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pikabot</span></a> and <a href="https://infosec.exchange/tags/Bumblebee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bumblebee</span></a> botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏</p><p>As with the <a href="https://infosec.exchange/tags/Qakbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Qakbot</span></a> and <a href="https://infosec.exchange/tags/Emotet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Emotet</span></a> takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.</p><p>👉 For more information, read our write-up here: <a href="https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">spamhaus.org/resource-hub/malw</span><span class="invisible">are/operation-endgame-botnets-disrupted-after-international-action/</span></a></p><p><a href="https://infosec.exchange/tags/OperationENDGAME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationENDGAME</span></a></p>
Not Simon<p><strong>ESET Research</strong> reports that AceCryptor use surged in the second half of 2023. This included Remcos RAT campaigns for the first time, using compromised accounts for credibility in phishing emails. AceCryptor + Remcos campaigns targeted Poland, Bulgaria, Spain, and Serbia. Campaigns were described, MITRE ATT&amp;CK TTPs and IOC provided. 🔗 <a href="https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/rescoms-rides-waves-acecryptor-spam/</span></a></p><p><a href="https://infosec.exchange/tags/AceCryptor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AceCryptor</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOC</span></a> <a href="https://infosec.exchange/tags/Remcos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remcos</span></a> <a href="https://infosec.exchange/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemcosRAT</span></a> <a href="https://infosec.exchange/tags/VidarStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VidarStealer</span></a> <a href="https://infosec.exchange/tags/Stopransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stopransomware</span></a> <a href="https://infosec.exchange/tags/SmokeLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmokeLoader</span></a></p>
Not Simon<p>The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (<strong>SCPC SSSCIP</strong>), in collaboration with Unit 42, has a whopping 94 page malware analysis report (complete with IOC) on Smoke Loader malware (aka Dofoil or Sharik), used in a surge of recent attacks on Ukrainian financial institutions and government organizations. Ukraine’s CERT-UA first identified Smoke Loader used by the financially motivated threat group UAC-0006 on 05 May 2023. Since then, Smoke Loader has been used worldwide and also in ransomware attacks. 🔗 <a href="https://scpc.gov.ua/en/articles/356" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">scpc.gov.ua/en/articles/356</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/SmokeLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmokeLoader</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/UAC0006" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UAC0006</span></a> <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> <a href="https://infosec.exchange/tags/SCPC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SCPC</span></a> <a href="https://infosec.exchange/tags/SSSCIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSSCIP</span></a> <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> <a href="https://infosec.exchange/tags/CERTUA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CERTUA</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOC</span></a></p>
The Spamhaus Project<p>❗Spamhaus researchers have observed a new panel at hxxp://185[.]221[.]198[.]118/ seen from a malware downloaded by <a href="https://infosec.exchange/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a>.</p><p>Based on the panel logo and name, the malware is determined to be "Hornet Stealer" 🐝</p><p>According to our researchers this is an infostealer written in Golang, targeting applications such as browsers, wallets, steam and telegram. </p><p>It uses Fernet with a hardcoded key to decrypt its various strings and its C2 address. </p><p>The stolen information is encrypted by calculating the MD5 hash of key"5hKEw9TAVDZPA6CblkDK86Dhd9HF1E5B" (previously decrypted with Fernet) and using it in AES GCM mode. </p><p>The encrypted data is then transmitted to the server via a TCP connection. </p><p>If anyone else seeing this activity, let us know in the comments 👇 </p><p><a href="https://infosec.exchange/tags/HornetStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HornetStealer</span></a> <a href="https://infosec.exchange/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoStealer</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a></p>
ricardo :mastodon:<p>8Base Group Deploying New <a href="https://fosstodon.org/tags/Phobos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phobos</span></a> Ransomware Variant via <a href="https://fosstodon.org/tags/SmokeLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmokeLoader</span></a> ⚠️ </p><p><a href="https://thehackernews.com/2023/11/8base-group-deploying-new-phobos.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2023/11/8bas</span><span class="invisible">e-group-deploying-new-phobos.html</span></a></p>
Ankit Anubhav :verified:<p>Today, a <a href="https://infosec.exchange/tags/Smokeloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smokeloader</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> campaign is observed, which is sending emails with links to hacked sites. </p><p>The malware is hidden in the "contract" folder created by the hacker. </p><p>The next stage download link is not a normal one as the IP is in decimal notation, which makes it look tricky.</p><p>@3236135985 = 192.227.132.49</p><p>Evidence - <a href="https://tria.ge/221114-lpyrzabe9s" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">tria.ge/221114-lpyrzabe9s</span><span class="invisible"></span></a></p><p>cc <span class="h-card"><a href="https://infosec.exchange/@da_667" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>da_667</span></a></span> <span class="h-card"><a href="https://infosec.exchange/@Myrtus" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Myrtus</span></a></span> <span class="h-card"><a href="https://infosec.exchange/@th3_protoCOL" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>th3_protoCOL</span></a></span> </p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>