What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-18 03:02:00 | Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) (lien direct) |  2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology. Download the full collectionEmail me if you need the password (see in my profile) (209 MB. 218 samples listed in the hash tables below).The malware arsenal collected here includes:Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)Graphiron BackdoorOutSteel (LorecDocStealer)BabaDedaCobalt Strike (Beacon)SaintBot DownloaderWhisperGate WiperAPT Group DescriptionAPT Group aliases:UAC-0056 (UA CERT)Ember Bear (Crowdstrike)Saint Bear (F-Secure)UNC2589 (Fireeye, IBM)Lorec53 (NSFOCUS)TA471 (Proofpoint)Nodaria (Symantec)Nascent Ursa (Palo Alto)LorecBearBleeding Bear (Elastic)DEV-0586 (MIcrosoft)The group is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021.The group primarily targets Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations.The group is known for using various malicious implants such as GrimPlant, GraphSteel, and CobaltStrike Beacon, as well as spear phishing attacks with macro-embedded Excel documents.In January 2022, the group performed a destructive wiper attack on multiple Ukrainian government computers and websites, known as WhisperGate.The Lorec53 group is a new type of APT group fi |
Ransomware Malware Hack Tool Vulnerability Threat Medical | ★★ | |
|
2023-01-21 01:58:26 | DDE Command Execution malware samples (lien direct) |  Here are a few samples related to the recent DDE Command executionReading:10/18/2017 InQuest/yara-rules 10/18/2017 https://twitter.com/i/moments/918126999738175489 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inquest: Microsoft Office DDE Vortex Ransomware Targeting Poland10/16/2017 https://twitter.com/noottrak/status/91997508182826188810/14/2017 Inquest: Microsoft Office DDE Freddie Mac Targeted Lure 10/14/2017 Inquest: Microsoft Office DDE SEC OMB Approval Lure10/12/2017 NViso labs: YARA DDE rules: DDE Command Execution observed in-the-wild 10/11/2017 Talos:Spoofed SEC Emails Distribute Evolved DNSMessenger 10/10/2017 NViso labs: MS Office DDE YARA rules |
Ransomware Malware | ★★ | |
|
2022-07-04 22:50:21 | Equation samples - from the Kaspersky Report and additional (lien direct) |  Here are a few samples from the report by Kaspersky Lab "Equation: The Death Star of Malware Galaxy" and additional samples of the same family. The full list is belowDownload all the samples listed below. Email me if you need the password (New link)List of filesFiles from the report:File NameMD5Size_SD_IP_CF.dll_03718676311DE33DD0B8F4F18CFFD48803718676311de33dd0b8f4f18cffd488368 KBDisk from Houston_6FE6C03B938580EBF9B82F3B9CD4C4AA6fe6c03b938580ebf9b82f3b9cd4c4aa61 KBDoubleFantasy_2A12630FF976BA0994143CA93FECD17F2a12630ff976ba0994143ca93fecd17f216 KBEquationDrug_4556CE5EB007AF1DE5BD3B457F0B216D4556ce5eb007af1de5bd3b457f0b216d372 KBEquationLaser_752AF597E6D9FD70396ACCC0B9013DBE752af597e6d9fd70396accc0b9013dbe130 KBFanny_0A209AC0DE4AC033F31D6BA9191A8F7A0a209ac0de4ac033f31d6ba9191a8f7a180 KBGrayFish_9B1CA66AAB784DC5F1DFE635D8F8A9049b1ca66aab784dc5f1dfe635d8f8a904560 KB |
Malware | ||
|
2020-04-19 12:10:37 | KPOT info stealer samples (lien direct) | KPOT Stealer is a “stealer” malware that focuses on stealing account information and other data from various software applications and servicesReferences 1. 2020-04-19 Didier Stevens posted analysis of KPOT infostealer on the Infosec Handlers Diary blog "KPOT Analysis: Obtaining the Decrypted KPOT EXE"These are samples to follow his analysis routine.2. 2019-05-09 Proofpoint. New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentialsDownload Other malwareDownload. Email me if you need the password (see in my profile) |
Malware | ||
|
2019-10-06 17:17:18 | Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples (lien direct) | Reference Amnesia / Radiation botnet samples targeting Remote Code Execution in CCTV DVR  2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet2016-08-11 CyberX Radiation IoT Cybersecurity campaignDownload Other malwareDownload. Email me if you need the password (see in my profile) |
Malware | ||
|
2019-06-04 00:31:09 | HiddenWasp Linux malware backdoor samples (lien direct) | Here are Hidden Wasp Linux backdoor samples. Enjoy Reference Intezer HiddenWasp Malware Stings Targeted Linux Systems Download Download. Email me if you need the password (see in my profile) File informatio8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b8f1c51c4963c0bad6cf04444feb411d7 shellf321685342fa373c33eb9479176a086a1c56c90a1826a0aef3450809ffc01e5d52137157fdf019145d7f524d1da884d7elff38ab11c28e944536e00ca14954df5f4d08c1222811fef49baded5009bbbc9a2ba02a964d08c2afe41963bf897 |
Malware |
1
We have: 6 articles.
We have: 6 articles.
To see everything:
Our RSS (filtrered)
