Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Vitali Kremez Profile picture
Vitali Kremez
@VK_Intel
Ethical Hacker |Reverse Engineer |"Threat Seeker" Award |https://t.co/LybDexrRAk |CEO @IntelAdvanced |Founder @VK_DFIR | MalCourse Author "Zero2Auto"|Gov Cybercrime
Dec 3, 2020 4 tweets 3 min read
2020-12-03:🔥 And ... [Major Discovery] 🤖"Persist, Brick, Profit -#TrickBot Offers New “#TrickBoot” UEFI-Focused Functionality"

🆕*First* Time Crimeware Group Pursued UEFI Firmware Exploitation | #YARA+IOCs in MISP JSON/CSV

@eclypsium | @IntelAdvanced
advanced-intel.com/post/persist-b… 📚:

1⃣TrickBoot is only one line of code away from being able to brick any device it finds to be vulnerable.
2⃣Historically, TrickBot actors have needed to evade and persist at the OS level - now a chance at UEFI level.
3⃣Actors are going lower in the stack to avoid detection.
Nov 20, 2019 5 tweets 4 min read
2019-11-20: [Emerging] #Ransomware Crippling Rouen University Hospital France🇫🇷 |
#Clop #CryptoMix Variant
Linked Previously to #TA505 Actor Group [1]
Ref (h/t @malwrhunterteam): ->

[1]
🕯️Tracking Since Early 2019 on my Git @malwrhunterteam 💡This is probably the most solid connection to the Clop ransomware operation (".clop") to this lockdown.

✅Previous earlier samples and decoding scripts from malware resources ->
github.com/k-vitali/crypt…