gregclermont
@gregclermont.bsky.social
Cybercrime threat intel and detection shenanigans at Sekoia.io
Reposted by gregclermont
CTI tip: monitor transactions from the Ethereum address 0x53fd54f55C93f9BCCA471cD0CcbaBC3Acbd3E4AA to identify new PowerShell commands distributed by ClearFake - and block/detect any traffic to malicious domains!
As usual, feedback is greatly appreciated!
As usual, feedback is greatly appreciated!
March 20, 2025 at 6:50 PM
CTI tip: monitor transactions from the Ethereum address 0x53fd54f55C93f9BCCA471cD0CcbaBC3Acbd3E4AA to identify new PowerShell commands distributed by ClearFake - and block/detect any traffic to malicious domains!
As usual, feedback is greatly appreciated!
As usual, feedback is greatly appreciated!
Thank you, I love these blog posts!
Out of curiosity: do you track EpiBrowser and OneStart as belonging to this BrowserAssistant cluster that you just dropped?
Out of curiosity: do you track EpiBrowser and OneStart as belonging to this BrowserAssistant cluster that you just dropped?
February 24, 2025 at 5:17 PM
Thank you, I love these blog posts!
Out of curiosity: do you track EpiBrowser and OneStart as belonging to this BrowserAssistant cluster that you just dropped?
Out of curiosity: do you track EpiBrowser and OneStart as belonging to this BrowserAssistant cluster that you just dropped?