Aaron Jornet
@rexorvc0.bsky.social
Threat Researcher at @socradar | Malware Researcher | Threat Hunter | CTI ¦ Former @ElevenPaths @Panda_Security
rexorvc0.com
twitter.com/RexorVc0
rexorvc0.com
twitter.com/RexorVc0
#APT #APT37 #RicochetChollima #ScarCruft #RokRat #threat #malware
📍🇰🇵
💥🇰🇷🌏
⛓️#Phishing > RAR|ZIP > #LNK extract .bat/PS/DOCs > #PS > #BAT execution > #PS decrypt #RokRat SC > Load + RUN #RAT> #C2
🔗360 Advanced Threat Research: mp.weixin.qq.com/s?__biz=MzUy...
📍🇰🇵
💥🇰🇷🌏
⛓️#Phishing > RAR|ZIP > #LNK extract .bat/PS/DOCs > #PS > #BAT execution > #PS decrypt #RokRat SC > Load + RUN #RAT> #C2
🔗360 Advanced Threat Research: mp.weixin.qq.com/s?__biz=MzUy...
February 20, 2025 at 7:16 AM
#APT #APT37 #RicochetChollima #ScarCruft #RokRat #threat #malware
📍🇰🇵
💥🇰🇷🌏
⛓️#Phishing > RAR|ZIP > #LNK extract .bat/PS/DOCs > #PS > #BAT execution > #PS decrypt #RokRat SC > Load + RUN #RAT> #C2
🔗360 Advanced Threat Research: mp.weixin.qq.com/s?__biz=MzUy...
📍🇰🇵
💥🇰🇷🌏
⛓️#Phishing > RAR|ZIP > #LNK extract .bat/PS/DOCs > #PS > #BAT execution > #PS decrypt #RokRat SC > Load + RUN #RAT> #C2
🔗360 Advanced Threat Research: mp.weixin.qq.com/s?__biz=MzUy...
#Lazarus #LabyrinthChollima #HiddenCobra APT-C-26 #Threat #APT #malware
📍🇰🇵
💥🌏
⛓️ Social media mal delivery > Exe (Electron #bot) > .js compress > steal wallet info > Download plugins+Run > Monitor host & steal info > #C2
🔗360 Advanced TRI: mp.weixin.qq.com/s?__biz=MzUy...
📍🇰🇵
💥🌏
⛓️ Social media mal delivery > Exe (Electron #bot) > .js compress > steal wallet info > Download plugins+Run > Monitor host & steal info > #C2
🔗360 Advanced TRI: mp.weixin.qq.com/s?__biz=MzUy...
January 22, 2025 at 8:56 AM
#Lazarus #LabyrinthChollima #HiddenCobra APT-C-26 #Threat #APT #malware
📍🇰🇵
💥🌏
⛓️ Social media mal delivery > Exe (Electron #bot) > .js compress > steal wallet info > Download plugins+Run > Monitor host & steal info > #C2
🔗360 Advanced TRI: mp.weixin.qq.com/s?__biz=MzUy...
📍🇰🇵
💥🌏
⛓️ Social media mal delivery > Exe (Electron #bot) > .js compress > steal wallet info > Download plugins+Run > Monitor host & steal info > #C2
🔗360 Advanced TRI: mp.weixin.qq.com/s?__biz=MzUy...
Tracking #Lumma & #Emmenhtal #loader through weeks targeting LATAM - #threat #malware
📍🏴
💥🇨🇴🇲🇽🇦🇷🌎
⛓️ #Link | Mal domain > Fake CAPTCHA | ZIP/RAR > Encoded PS | mshta (HTA) > download next > Obfuscated script exec > File | ZIP dropped > Injection over file > #LummaStealer
📍🏴
💥🇨🇴🇲🇽🇦🇷🌎
⛓️ #Link | Mal domain > Fake CAPTCHA | ZIP/RAR > Encoded PS | mshta (HTA) > download next > Obfuscated script exec > File | ZIP dropped > Injection over file > #LummaStealer
December 20, 2024 at 6:07 AM
Tracking #Lumma & #Emmenhtal #loader through weeks targeting LATAM - #threat #malware
📍🏴
💥🇨🇴🇲🇽🇦🇷🌎
⛓️ #Link | Mal domain > Fake CAPTCHA | ZIP/RAR > Encoded PS | mshta (HTA) > download next > Obfuscated script exec > File | ZIP dropped > Injection over file > #LummaStealer
📍🏴
💥🇨🇴🇲🇽🇦🇷🌎
⛓️ #Link | Mal domain > Fake CAPTCHA | ZIP/RAR > Encoded PS | mshta (HTA) > download next > Obfuscated script exec > File | ZIP dropped > Injection over file > #LummaStealer
#APT #DarkPink #Saaiwc CVE-2023-38831 #TelePowerBot #KamiKakaBot #threat #malware
#Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection
Nsfocus Report: blog.nsfocus.net/aptdarkpinkw...
#Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection
Nsfocus Report: blog.nsfocus.net/aptdarkpinkw...
October 16, 2023 at 6:10 AM
#APT #DarkPink #Saaiwc CVE-2023-38831 #TelePowerBot #KamiKakaBot #threat #malware
#Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection
Nsfocus Report: blog.nsfocus.net/aptdarkpinkw...
#Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection
Nsfocus Report: blog.nsfocus.net/aptdarkpinkw...