ThreatDown (@Threat

ThreatDown

2,186 posts

ThreatDown

@Threat_Down

Cybersecurity confidence without complexity

Santa Clara

Joined August 2019

Pinned
ThreatDown
@Threat_Down
Jun 22
Scorched-earth tactics, heavy German-obsessed themes, & zero ransom notes left behind 🔥 Meet Prinz Eugen, a new Go-based encryptor we caught in the wild. 🎣 The most compelling part: we traced the attack straight back to a known data seller. ➡️ bit.ly/4aeqGXV
581
ThreatDown
@Threat_Down
Apr 25, 2021
Today at 1:00 PM, our #Emotet-infected machine that had received the special law enforcement file triggered its uninstallation routine. More details here: blog.malwarebytes.com/threat-analysi…
ThreatDown
@Threat_Down
Oct 25, 2021
ℹ️ Malwarebytes' CrackMe returns! Designed by @hasherezade, a Capture-The-Flag type of a task featuring techniques from real-life malware. 2 tracks, 3 winners for each: ➡️ Fastest to solve ➡️ Best write-up Stay tuned for the details and link this Friday (Oct. 29).
ThreatDown
@Threat_Down
Mar 4, 2022
ℹ️ #HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine 🇺🇦. ✍️ Technical analysis by @hasherezade, @kernelm0de and @elmaisbuscado.
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
From threatdown.com
ThreatDown
@Threat_Down
Mar 10, 2020
URLs can be deceiving, but the one used to mimic CloudFlare's Rocket Loader in the latest #Magecart attack takes it to a whole new level. blog.malwarebytes.com/threat-analysi…
ThreatDown
@Threat_Down
Jul 6, 2021
A #malspam campaign is taking advantage of Kaseya VSA #ransomware attack to drop #CobaltStrike. It contains an attachment named "SecurityUpdates.exe" as well as a link pretending to be security update from Microsoft to patch Kaseya vulnerability!
ThreatDown
@Threat_Down
Jul 20, 2022
🚨 We detected a major malvertising campaign abusing Google Ads. ➡️ Stay tuned for our full report on this campaign.
GIF
ThreatDown
@Threat_Down
Jan 29, 2021
More details about the "law enforcement file" pushed via the #Emotet botnet that removes the malware on April 25 2021. Read our analysis here: blog.malwarebytes.com/threat-analysi…
ThreatDown
@Threat_Down
Mar 1, 2022
ℹ️ The #Conti ransomware leaks are a true gold mine of information. 🚨 Remember to be careful when downloading files, as the AnonFiles website is pushing bogus extensions, VPNs, etc. Some #malvertising domains: freychang[.]fun mpanyinady[.]com sfultraight[.]xyz atexceede[.]com
ThreatDown
@Threat_Down
May 11, 2022
#Saitama backdoor: abusing DNS for C2 communications blog.malwarebytes.com/threat-intelli…
ThreatDown
@Threat_Down
Jan 28, 2021
We are checking on the #Emotet 'cleanup binary'. It seems the actual date to trigger the uninstall routine is April 25. More details to come. /cc @campuscodi @LawrenceAbrams virustotal.com/gui/file/a9c68… docs.microsoft.com/en-us/cpp/c-ru…
ThreatDown
@Threat_Down
Sep 20, 2021
#FakeCertificate campaign via compromised IIS sites. Payload (TVRAT) 223d8c94877ac7e689733ab7131b749393c7570c2653cd1955f5cb2b4d68deae
ThreatDown
@Threat_Down
Dec 20, 2021
obj_31337 skimmer via bootstrap2[.]xyz. Malicious JavaScript is hidden within victim's own logo. #Magecart
ThreatDown
@Threat_Down
Jan 5, 2022
Microsoft Edge traffic from South Korea 🇰🇷 redirecting to #MagnitudeEK with social engineering scheme to deliver #Magniber ransomware.