Discover and read the best of Twitter Threads about #iocs
Most recents (5)
(1/6) To all investigators out there who have heard of #Maltego before, but still looking for more information. Here's what you need to know about Maltego 👇 #OSINT #infosec
(2/6) #Maltego is a link analysis tool that helps you automatically pull and map data from over 70 public data sources (#OSINT) and third-party data providers, and your own imported or custom data integrations. All of this done with a few clicks on the mouse in one interface.
(3/6) You start by providing input information for your investigation (name, alias, domain, IP address, etc.), install the data integrations you want to use, and #Maltego will retrieve relevant Entities from the data integrations and visualize the data connections between them.
About a week ago, @TalosSecurity team shared some insights related to a recent cyber attack on @Cisco. According to Indicators of compromise, mentioned in this article (bit.ly/3K76lFJ), we have known this group of attackers since the beginning of 2022.
Group-IB's researchers has discovered their TTPs in a series of attacks using #CobaltStrike, #Sliver and #Covenant tools. Our internal name of this group is #TridentCrow.
One of the domains that was published by @Cisco (ciscovpn2[.]com) has a self-signed SSL certificate with unique values. According to Group-IB Threat Intelligence database, out of more than 2 billion certificates, only 39 have similar values and mimic well-known IT companies. 
#Sidewinder #APT
It seems that #Indian APTs have been raging war on #Pakistan with the same payloads over and over again. Meanwhile, Pakistani #Government and #Military is either helpless or over occupied. Following is another new sample that goes ages back.
It seems that #Indian APTs have been raging war on #Pakistan with the same payloads over and over again. Meanwhile, Pakistani #Government and #Military is either helpless or over occupied. Following is another new sample that goes ages back.
A variant of this sample has attributed to #Sidewinder #APT by Govt. of Pak. The #malware is deployed using the shared image in a #phishing email using a similar methodology to that of
Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.
Threat hunting means to proactively search for malware or attackers that are hiding in your network — and may have been there for some time.
Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.
#malspam campaign from 2.11 delivers both #LokiBot and #azorult interchangeably, archived in ISO files.
Files are packed with VB6 packer with file size of 524KB.
All C2 domains were active 31.10-2.11.
Sender: finances@ketmarine.nl
Subject: “Roxanne Heijt - Payment Swift Copy FYR”
Files are packed with VB6 packer with file size of 524KB.
All C2 domains were active 31.10-2.11.
Sender: finances@ketmarine.nl
Subject: “Roxanne Heijt - Payment Swift Copy FYR”
#LokiBot #IOCs:
virustotal.com/#/file/71156ab… -> jadak[.]cf/minel/fre.php
virustotal.com/#/file/e7e002f… -> barzenkiyader[.]cf/Panel/five/fre.php
virustotal.com/#/file/71156ab… -> jadak[.]cf/minel/fre.php
virustotal.com/#/file/e7e002f… -> barzenkiyader[.]cf/Panel/five/fre.php
#AZORult #IOCs:
virustotal.com/#/file/f559f89… -> welcome2nov[.]ga/mine/index.php
virustotal.com/#/file/75ecba2… -> welcome2novv[.]gq/tuneshi/index.php
virustotal.com/#/file/12da76d… -> goodnovember[.]ml/denyo/index.php
virustotal.com/#/file/f559f89… -> welcome2nov[.]ga/mine/index.php
virustotal.com/#/file/75ecba2… -> welcome2novv[.]gq/tuneshi/index.php
virustotal.com/#/file/12da76d… -> goodnovember[.]ml/denyo/index.php
