Discover and read the best of Twitter Threads about #apt
Most recents (24)
🧵#MustangPanda 🐼 (& other #APT groups) use DLL side-loading/search-order hijacking (see ATT&CK).
It's a pain for #CTI analysts who manually vet IOCs -> as this TTP involves delivering a valid vulnerable application, Bring-Your-Own-Vulnerable-App (BYOVA), if you will... 1/3
It's a pain for #CTI analysts who manually vet IOCs -> as this TTP involves delivering a valid vulnerable application, Bring-Your-Own-Vulnerable-App (BYOVA), if you will... 1/3
For example, take this Symantec.exe binary, it's a valid, signed file 🔍 but it's used by #MustangPanda 🐼 for dll side-loading!
Should you pre-emptively block it? Maybe. But first, be sure to check 📝 for its presence in the org -> before causing lots of alerts or worse ⚠️ 2/3
Should you pre-emptively block it? Maybe. But first, be sure to check 📝 for its presence in the org -> before causing lots of alerts or worse ⚠️ 2/3
OR you should give warnings ⚠️ before sharing these BYOVA bins as IOCs!
🥲The CTI analyst struggle to vet IOCs is real... but this may help!
I created a Gist & VT Collection for triage:
1.🔗gist.github.com/BushidoUK/181d…
2. 🔗 virustotal.com/gui/collection…
Hopefully this is useful! 2/2
🥲The CTI analyst struggle to vet IOCs is real... but this may help!
I created a Gist & VT Collection for triage:
1.🔗gist.github.com/BushidoUK/181d…
2. 🔗 virustotal.com/gui/collection…
Hopefully this is useful! 2/2
Iran-linked hackers Agrius deploying new ransomware against Israeli orgs
An Iran-linked advanced persistent threat #APT group is using new #ransomware while targeting a familiar adversary in the Middle East, researchers have found.
#Iran #CyberAttack
therecord.media/iran-hackers-a…
An Iran-linked advanced persistent threat #APT group is using new #ransomware while targeting a familiar adversary in the Middle East, researchers have found.
#Iran #CyberAttack
therecord.media/iran-hackers-a…
"Check Point’s Incident Response Team investigated the deployment of the ransomware against #Israeli organizations and claimed by a group dubbing itself Moneybird."
"Researchers found that it bore the hallmarks of Agrius, a #hacker group that has been around since 2020 and has attempted to disguise itself with aliases like BlackShadow."
Top 30 Trending Coins on @coingecko 🔍
This week, we see Ethereum (#ETH) coming in at number 1, followed by Sui (#SUI) and Aptos (#APT)!
Got any of these in your bag?
coingecko.com/en/discover
This week, we see Ethereum (#ETH) coming in at number 1, followed by Sui (#SUI) and Aptos (#APT)!
Got any of these in your bag?
coingecko.com/en/discover
@ethereum - $ETH
@SuiNetwork - $SUI
@Aptos_Network - $APT
@Polkadot - $DOT
@PancakeSwap - $CAKE
@0xPolygon - $MATIC
@ton_blockchain - $TON
@pepecoineth - $PEPE
@tomipioneers - $TOMI
@arbitrum - $ARB
@miladymemecoin - $LADYS
@solana - $SOL
@Ripple - $XRP
@BNBCHAIN - $BNB
@SuiNetwork - $SUI
@Aptos_Network - $APT
@Polkadot - $DOT
@PancakeSwap - $CAKE
@0xPolygon - $MATIC
@ton_blockchain - $TON
@pepecoineth - $PEPE
@tomipioneers - $TOMI
@arbitrum - $ARB
@miladymemecoin - $LADYS
@solana - $SOL
@Ripple - $XRP
@BNBCHAIN - $BNB
@Uniswap - $UNI
@GoGalaGames - $GALA
@OVRtheReality - $OVR
@ArbDogeAI - #AIDOGE
@XEN_Crypto - $XEN
@bencoin_eth - $BEN
$ORDI
@BobEthToken - $BOB
@MagicCraftGame - $MCRT
@opencampus_xyz - $EDU
@wojakcoineth - $WOJAK
@GoGalaGames - $GALA
@OVRtheReality - $OVR
@ArbDogeAI - #AIDOGE
@XEN_Crypto - $XEN
@bencoin_eth - $BEN
$ORDI
@BobEthToken - $BOB
@MagicCraftGame - $MCRT
@opencampus_xyz - $EDU
@wojakcoineth - $WOJAK
1/ New #MuddyWater 🇮🇷Infra detected; moves to #Metasploit and #HPAnywhere/#Teradici tool added?
@GroupIB_TI released a great report detailing MuddyWater’s use of SimpleHelp Remote Support Software. They tracked the #APT's infrastructure using Etags.
Let's take a look! 🧐 👇👇
@GroupIB_TI released a great report detailing MuddyWater’s use of SimpleHelp Remote Support Software. They tracked the #APT's infrastructure using Etags.
Let's take a look! 🧐 👇👇
2/ First Etag(153): 🔟results.
First IP of interest: 👉164.132.237[.]67
If we now pivot on the SSH hash, we match on another IP:
👉3.6.222[.]144.
Looking at this IP, the SSL certificate presented mentions O=Teradici Corporation...
First IP of interest: 👉164.132.237[.]67
If we now pivot on the SSH hash, we match on another IP:
👉3.6.222[.]144.
Looking at this IP, the SSL certificate presented mentions O=Teradici Corporation...
3/ Teradici (now HP Anywhere) allows for remote access to machines from any PCoIP client. 💻⬅️🌐⬅️💻
Indicating that MuddyWater may also be using HP’s Anywhere/Teradici as well as SimpleHelp?🧐
Indicating that MuddyWater may also be using HP’s Anywhere/Teradici as well as SimpleHelp?🧐
【关于门头沟事件,是否会对接下来的市场造成抛压和冲击,导致大跌】
这应该是我第三次谈及这个话题,无奈每过一段时间,这件事都会被拿出来炒作一下
先说结论:不会
短期门头沟事件会被资本利用,制造短期的恐慌,从而洗出更便宜的筹码,长期门头沟事件难以对市场造成大的冲击,更不用说致命性打击
这应该是我第三次谈及这个话题,无奈每过一段时间,这件事都会被拿出来炒作一下
先说结论:不会
短期门头沟事件会被资本利用,制造短期的恐慌,从而洗出更便宜的筹码,长期门头沟事件难以对市场造成大的冲击,更不用说致命性打击
1/8
关于Mt.Gox事件:
2014 年,作为曾占比特币交易量 70% 的全球第一大交易所遭遇黑客攻击,共有 10 万枚比特币及用户 75 万枚比特币被盗(后找回 20 万枚比特币并陆续抛售6 万枚)
用户资产一夜之间“灰飞烟灭”, 3 天后 Mt.Gox 申请破产,该事件并引起了比特币急剧下跌,并在随后几个月内持续下滑
关于Mt.Gox事件:
2014 年,作为曾占比特币交易量 70% 的全球第一大交易所遭遇黑客攻击,共有 10 万枚比特币及用户 75 万枚比特币被盗(后找回 20 万枚比特币并陆续抛售6 万枚)
用户资产一夜之间“灰飞烟灭”, 3 天后 Mt.Gox 申请破产,该事件并引起了比特币急剧下跌,并在随后几个月内持续下滑
2/8
关于赔偿和解锁时间:
Mt.Gox 官网公告,债权人要想获得赔偿,需在 2023 年 3 月 10 日前登记并选择还款方式,首批赔付的最后期限为 2023 年 9 月 30 日。
如果未能在截止时间内完成登记和注册,这部分债权人将无法获得提前一次性还款,且失去部分加密货币恢复索赔、银行汇款支付的权利
关于赔偿和解锁时间:
Mt.Gox 官网公告,债权人要想获得赔偿,需在 2023 年 3 月 10 日前登记并选择还款方式,首批赔付的最后期限为 2023 年 9 月 30 日。
如果未能在截止时间内完成登记和注册,这部分债权人将无法获得提前一次性还款,且失去部分加密货币恢复索赔、银行汇款支付的权利
1) ⚠️ FA CLASSES PART 4 HOMEWORK REVIEW⚠️
You were given the assignment to review 2 projects based on ''tokenomics'' only.
• $MNW
• $APT
Here's my review on how I work to make a project pass our ''FA analysis' ' 🧵 👇
You were given the assignment to review 2 projects based on ''tokenomics'' only.
• $MNW
• $APT
Here's my review on how I work to make a project pass our ''FA analysis' ' 🧵 👇
2) $MNW
The token is the main fuel that allows their middleware solution (their product) to work.
Tokens can be used as a value based utility or to pay for transaction fees.
⏩ Almost 80% of the supply is unlocked (circ vs total supply).
The token is the main fuel that allows their middleware solution (their product) to work.
Tokens can be used as a value based utility or to pay for transaction fees.
⏩ Almost 80% of the supply is unlocked (circ vs total supply).
3) $APT
The token is used for:
• Governance: holders can vote.
• Network fees: pay for transactions.
• Validators staking: secure the blockchain.
⏩ Almost 20% of the supply is unlocked (circ supply vs total supply).
The token is used for:
• Governance: holders can vote.
• Network fees: pay for transactions.
• Validators staking: secure the blockchain.
⏩ Almost 20% of the supply is unlocked (circ supply vs total supply).
Proud to contribute to the remarkable scientific journey of #APT, whose 10-year analysis is now published on @TheLancetOncol. Adjuvant TH confirmed outstanding long-term outcomes for patients with small HER2+ breast cancer. Aim for the next decade: biomarker-informed treatments!
Here a thread on the clinical and biomarker findings from this 10-year update: 👇 🧵
Icing on the cake: a great accompanying commentary by Elena Geuna, @curijoey & @FilippoMontemu1
sciencedirect.com/science/articl…
sciencedirect.com/science/articl…
#APT #Airdrop $APT
#2 chance for $APT Airdrop?
In the tokenomics of the project, 51% of the tokens are allocated to the community. I think that at least a second airdrop will be offered by them from $APT
Let's dive in what you have to do 👇
#2 chance for $APT Airdrop?
In the tokenomics of the project, 51% of the tokens are allocated to the community. I think that at least a second airdrop will be offered by them from $APT
Let's dive in what you have to do 👇
1. First you have to creat an account on forum.aptoslabs.com.
2. You have to be active in the comunnity and earn badges.
2. You have to be active in the comunnity and earn badges.
3.The most important badges are : Certified, Licensed and Member.
4. Below i will post 2 links with full detailed tutorial on how you can get those 3 badges.
forum.aptoslabs.com/t/how-to-get-y…
forum.aptoslabs.com/t/all-badges-i…
4. Below i will post 2 links with full detailed tutorial on how you can get those 3 badges.
forum.aptoslabs.com/t/how-to-get-y…
forum.aptoslabs.com/t/all-badges-i…
كشف حساب
ماذا قدمت للمحتوي العربي و في ماذا أخطأت منذ 2021 الي 2023 منذ بدايه مشاركة تحليلي ونظرتي
1-حذرت من القمة 61 الف
2- حذرت من الهبوط50% عند 47الف
3- حذرت من العبوط عند 31 الف
4- حذرت عند 20 الف قبل كسر قاع ftx
5-دخلت السوق من 16100
6- حذرت من جشع فريق عملة icp عند سعر 70$
ماذا قدمت للمحتوي العربي و في ماذا أخطأت منذ 2021 الي 2023 منذ بدايه مشاركة تحليلي ونظرتي
1-حذرت من القمة 61 الف
2- حذرت من الهبوط50% عند 47الف
3- حذرت من العبوط عند 31 الف
4- حذرت عند 20 الف قبل كسر قاع ftx
5-دخلت السوق من 16100
6- حذرت من جشع فريق عملة icp عند سعر 70$
Vì sap #APT tăng x6 trong tháng vừa qua, mình note lại cái này để mọi người có thể suy luận sang các dòng khác.
Đây cũng là cái để giải thích lý do vì sao xảy ra xu hướng tăng của thị trường crypto hay $BTC những ngày qua👇
Đây cũng là cái để giải thích lý do vì sao xảy ra xu hướng tăng của thị trường crypto hay $BTC những ngày qua👇
1. Các token #DOGE, #SHIB được đề cử giải "máy bơm" trong năm 2021, và mở đầu năm 2023 vinh dự ô nhục này được dành cho #Aptos, tăng gần 500% với "chẳng lý do gì cả, như một con chó meme".
2. Nói lại Aptos có khả năng xử lý 10k tps hướng tới 100k tps, dùng Move đc đánh giá cao về bảo mật và dễ sài. Huy động đc $200M, định giá $2B phần chính là FTX Ventures (đã hẹo), Binance vào sau mức định giá tới $4B, ngày ra mắt định giá $12B
Un pullback del mercato di martedì si è trasformato in un ritorno di mercoledì quando il bitcoin è salito oltre i $ 23.700 prima di ritirarsi leggermente. Eth sale sopra i $1.618. Altre criptovalute come #APT,registrano guadagni del 48% nelle ultime 24 ore,
Thread
Thread
Bitcoin ed Ether sono rimbalzati nel trading di giovedì mattina in Asia dopo la correzione di ieri tra indicatori economici misti e earnings deboli di Microsoft che avevano fatto scendere i prezzi.
Solana, Polygon e Cardano hanno guidato i guadagni tra i primi 10 per capitalizzazione di mercato. Le azioni statunitensi sono state contrastanti durante la notte.
1/🪂 AIRDROP HUNT 🪂
𝗙𝗢𝗥𝗕𝗜𝗧𝗦𝗪𝗔𝗣
@forbitswap is an #APTOS AMMs)
and liquidity pools to enables peer-to-peer (P2P) cryptocurrency trades that execute without order books or a centralized intermediary on MOVE language.
#airdrop confirmed 💰
#airdrops $APT
𝗙𝗢𝗥𝗕𝗜𝗧𝗦𝗪𝗔𝗣
@forbitswap is an #APTOS AMMs)
and liquidity pools to enables peer-to-peer (P2P) cryptocurrency trades that execute without order books or a centralized intermediary on MOVE language.
#airdrop confirmed 💰
#airdrops $APT
2/ Airdrop is annonced for OG role (raffle) and WL (guaranteed) check details below.
To receive roles 🎭, you must do
@crew3xyz task and join #Giveaway with Forbitswap partners.
Team will randomly draw 1000 WL slot among OGs roles.
To receive roles 🎭, you must do
@crew3xyz task and join #Giveaway with Forbitswap partners.
Team will randomly draw 1000 WL slot among OGs roles.
3/👇AIRDROP STRATEGY 👇
You need an Aptos wallet and some testnet $APT
To claim testnet tokens : aptoslabs.com/testnet-faucet
1️⃣ Go to move.forbitswap.com/#/swap
Connect your wallet on the right corner and set your wallet on '' Aptos Testnet '' network ✅
You need an Aptos wallet and some testnet $APT
To claim testnet tokens : aptoslabs.com/testnet-faucet
1️⃣ Go to move.forbitswap.com/#/swap
Connect your wallet on the right corner and set your wallet on '' Aptos Testnet '' network ✅
3/ Oi increased by around 18% in 4h and vol increased as well.
📢I recently investigated a campaign targeting the cryptocurrency industry. I wrote a detailed report that includes TTP, IOC and more. Here is a thread about this attack! 🧵👇
@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt
microsoft.com/en-us/security…
@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt
microsoft.com/en-us/security…
The attack started on Telegram to identify the targets, then they deployed a weaponized Excel document which finally delivered the final backdoor through multiple mechanisms. ☠☠️ #infosec #malware #backdoor
🧐To identify the targets, the threat actor sought out members of cryptocurrency investment groups on Telegram.
👀They created fake profiles using details from employees of the company OKX. #infosec #Cryptocurency
👀They created fake profiles using details from employees of the company OKX. #infosec #Cryptocurency
Increase your chances of getting WL by 85% 🧵👇
The thread will consist of 4 Strategies that should increase ur chances of getting WL.
They will be in order from High barrier entry-> Low barrier entry.
Let's begin. 🫡
They will be in order from High barrier entry-> Low barrier entry.
Let's begin. 🫡
1) Blue chips:
When u are a holder of a blue chip the likelihood of getting hyped WL’s increases, as blue chips holds status.
When projects are approached by blue chips to them It’s like Mercedes wants to collab with their project.
When u are a holder of a blue chip the likelihood of getting hyped WL’s increases, as blue chips holds status.
When projects are approached by blue chips to them It’s like Mercedes wants to collab with their project.
[1/5] #APT group Earth Aughisky (aka #Taidoor) has been active in cyberespionage for over 10 years. The first malware attributed to them was Taidoor, followed by a series of malware that vary according to their targets. Follow this thread: research.trendmicro.com/3EgHWN4
[2/5] Earth Aughisky consistently targets high-value targets in #Taiwan. In recent years, however, this #APT group has expanded to other countries in the region: Japan and Southeast Asia.
[3/5] Our monitoring of #APT group Earth Aughisky noted significant changes in its level and frequency of activities, suggesting a potential internal change in objectives and organization.
Here's my top 10 big "unattributed" #APT mysteries:
1. Project TajMahal: securelist.com/project-tajmah…
2. DarkUniverse - securelist.com/darkuniverse-t…
Since your malicious cyberattack timelines matched cybersecurity’s research to strengthen security for years and now, you hack alone but with a cooperative goal to damage national security. Which Advanced Persistent Threats group/s #APTs are you in, #Animez_UK?
Converting traditional crime to cyber-enabled crime and becomes a malicious attacker against the UK, for
1- financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the UKGOV.
#Animez_UK
1- financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the UKGOV.
#Animez_UK
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learn to communicate with #women.
-favours #authoritarianism.
-enjoys #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
#Animez_UK
-Experienced #exclusion/#discrimination.
-Didn’t learn to communicate with #women.
-favours #authoritarianism.
-enjoys #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
#Animez_UK
Having fun with cyberstalking #UKGOV, attacking organisations, universities & individuals connected to the justice system, UK #military against #NCSC, treating #intelligence & #GCHQ as jokes to your 15- 20 yrs malicious #hacking for #China & #Russia inside #Britain, @Animez_UK?01
Converting #traditional crime to cyber-enabled crime and becomes a malicious #cyberattacker against the UK, for
1- #financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the #UKGOV.
@Animez_UK @NCSC
02
1- #financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the #UKGOV.
@Animez_UK @NCSC
02
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learned to communicate with #women.
-favours #authoritarianism.
-enjoys to #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
@Animez_UK @NCSC
-Experienced #exclusion/#discrimination.
-Didn’t learned to communicate with #women.
-favours #authoritarianism.
-enjoys to #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.
@Animez_UK @NCSC
Thread on #APT grps, #hacktivists, #Ransomware gangs with their ‘likely’ associations (as per TTPs and reports) that are playing a significant role in impending #Ukraine #Russian conflict. Correct me if i am wrong or missing any one. 1/
Firstly on Russian 🇷🇺side there are #GhostWriter (#Belarus Govt Backed) #CozyBear (Russian Foreign Intel aka #SVR) #UNC1151 (Minsk based) #FancyBears & #SandWorm (Russian Military Intel aka #GRU) #Turla and #Gamaredon (Russian Internal Intel #FSB Former KGB) 2/
Other hacking groups incl #Lazarus (Russia & North Korea backed) #RedBanditsRU #Coomingproject #Freecivilian #DigitalCobraGang #Stormous #XakNet #Killnet #Zatoichi #Conti 3/
This is really interesting!
Maybe it is an #APT attack targeting #Ukriane:
Zip -> dovidka.chm -> WScript.exe ignit.vbs -> wscript.exe desktop.ini -> regasm.exe core.dll
Also it drops "Windows Prefetch.lNk" in Start-Up directory to make "desktop.ini" persistence.
(1/3)
Maybe it is an #APT attack targeting #Ukriane:
Zip -> dovidka.chm -> WScript.exe ignit.vbs -> wscript.exe desktop.ini -> regasm.exe core.dll
Also it drops "Windows Prefetch.lNk" in Start-Up directory to make "desktop.ini" persistence.
(1/3)
The dropped payload is a small .Net payload that is obfuscated using ConfuserEx. It has been compiled on Jan 31 2022.
IOCs:
e34d6387d3ab063b0d926ac1fca8c4c4
довідка.zip
2556a9e1d5e9874171f51620e5c5e09a
dovidka.chm (According to VT it is exploiting CVE-2019-0541)
(2/3)
IOCs:
e34d6387d3ab063b0d926ac1fca8c4c4
довідка.zip
2556a9e1d5e9874171f51620e5c5e09a
dovidka.chm (According to VT it is exploiting CVE-2019-0541)
(2/3)
ignit.vbs
bd65d0d59f6127b28f0af8a7f2619588
Desktop.ini
a9dcaf1c709f96bc125c8d1262bac4b6
Windows Prefetch.lNk
fb418bb5bd3e592651d0a4f9ae668962
core.dll
d2a795af12e937eb8a89d470a96f15a5
C2:
xbeta[.]online
185.175.158.27
(3/3)
bd65d0d59f6127b28f0af8a7f2619588
Desktop.ini
a9dcaf1c709f96bc125c8d1262bac4b6
Windows Prefetch.lNk
fb418bb5bd3e592651d0a4f9ae668962
core.dll
d2a795af12e937eb8a89d470a96f15a5
C2:
xbeta[.]online
185.175.158.27
(3/3)
It's been one of the more eventful weeks in cybersecurity history. In my little corner of the world, it went a little something like this... 1/n
The first #log4j / #log4shell blog from #SURGe @splunk splunk.com/en_us/blog/sec… was published a week ago with @meansec leading from the front and jump-started by @DrShannon2000 and @jsy9981 2/n
Meanwhile, hundreds of Splunkers worked through last weekend to publish our official advisory. If you take one thing from this thread, it should be this! It's updated frequently and includes details about CVE-2021-45046 and more. splunk.com/en_us/blog/bul… 3/n
Some updates on this suspected #Lazarus #APT:(thread, 1/4)
1) The remote template is VBA stomped or at least it was able to hide itself from olevba and oledump
2) The remote template drops an obfuscated vbs file and registers it as a scheduled service
1) The remote template is VBA stomped or at least it was able to hide itself from olevba and oledump
2) The remote template drops an obfuscated vbs file and registers it as a scheduled service
3) All the strings in "OneDriveUpdateNew.vbs" are obfuscated and are decoded using "string_decoder" function with a hardcoded key table.
You can see the decoder and list of the decoded strings used by this vbs file here:
github.com/HHJazi/APT
2/4
You can see the decoder and list of the decoded strings used by this vbs file here:
github.com/HHJazi/APT
2/4
4) The vbs file collects the victim info and builds an HTTP request:
"Username-ComputerName_UUID;OSName"
5) Then it encodes the request using hard coded key and sends the generated request to C2
6) Receives a payload from the C2 and writes it into "%APPDATA%/OD_update.exe"
3/4
"Username-ComputerName_UUID;OSName"
5) Then it encodes the request using hard coded key and sends the generated request to C2
6) Receives a payload from the C2 and writes it into "%APPDATA%/OD_update.exe"
3/4
