Discover and read the best of Twitter Threads about #vaporrage

Most recents (1)

Profile picture
Ramin
@MalwareRE
Today we are releasing a new blog and technical information regarding TTPs & new malware families observed during previously disclosed #NOBELIUM phishing campaigns we have observed/tracked since as early as Jan 2021.

microsoft.com/security/blog/…

Thread on the new families & TTPs ⬇️
Notable new malware families:

#EnvyScout: HTML/JS dropper, drops a next-stage ISO file

#BoomBox: Downloader, downloads #VaporRage and #NativeZone from Dropbox

#VaporRage: Shellcode downloader

#NativeZone: Loader observed to load VaprorRage and Cobalt Strike stage shellcode
#EnvyScout de-obfuscates an embedded ISO file & uses code from FileServer JS to save the ISO to disk. It contains potential tracking & credential-harvesting URLs. Some variants of EnvyScout contain execution guardrails that utilize recon data previously collected by Firebase JS.
Read 15 tweets

Related hashtags

#NOBELIUM #NativeZone #VaporRage #EnvyScout #BoomBox

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!