Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Mark Profile picture
Mark
@_marklech_
RE @ FLARE, Google
Jul 10, 2023 5 tweets 1 min read
[1/n] Sometime back in 2019 @ArielJT and myself wrote an extensive paper about North Korean AV products that was incorporated into the AVAR 2019 conference proceedings. From some reason, the PDF with all the papers was taken offline about a year ago. [2/n] Maybe someone didn't want that information to be public? I did some digging and recovered the original paper. In hindsight, I'm proud of this work. Therefore, I'm attaching a URL with the paper that will hopefully last longer online: drive.google.com/file/d/19XCRwO…
Jul 25, 2022 16 tweets 4 min read
[1/n] Before I left Kaspersky, I had one more UEFI related research along with @vaber_b in the pipeline that wasn't released thus far. This research on a little known UEFI firmware implant has now become public with the amazing help of @JusticeRage. A 🧵 [2/n] First a disclaimer: I do not work at Kaspersky anymore, so none of the things I write here are presented in their name. These are just my own thoughts that came up during the analysis.
Jan 20, 2022 10 tweets 4 min read
[1/n] Today I'm sharing the details of a research done by @vaber_b, @legezo, Ilya Borisov and myself on a UEFI firmware implant found in the wild, dubbed #MoonBounce. We assess that this formerly unknown threat is the work of the infamous #APT41. A 🧵
securelist.com/moonbounce-the… [2/n] During investigation of anomalous UEFI level behaviour in our telemetry, we found a tampered CORE_DXE module, originally used, among other tasks, to bootstrap system startup through initialization of externally callable routines (Boot Services, Runtime Services etc.)
Jan 11, 2021 8 tweets 3 min read
[1/n] Earlier today Lab Dookhtegan leaked an interesting document linking the ViceLeaker threat group to a private company in Iran, allegedly operating as a contractor for the government. A thread on the document (Disclaimer: I don't read nor speak Farsi, I do use OCR) [2/n] I can't corroborate the link between the two, but the attached document is interesting. It describes a malware provided as a product, with features like low performance impact, functional design (?), and support for user and kernel mode, not clear in which OS though.