Intrinsec
@intrinsec.bsky.social
Notre métier ? Protéger le vôtre !
Management des risques, Évaluation, Cyber Threat Intelligence, Détection, Réponse (CERT), Innovation.
Pour en savoir plus, visitez intrinsec.com
Management des risques, Évaluation, Cyber Threat Intelligence, Détection, Réponse (CERT), Innovation.
Pour en savoir plus, visitez intrinsec.com
SHA1:
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
December 21, 2023 at 10:08 AM
SHA1:
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
[CTI insights]
The latest Qakbot payload distributed happened to be packed by the Dave crypter. The DLL decrypts a resource containing Dave's encrypted shellcode and executes it! (cf. securityintelligence.com/x-force/tric...)
The latest Qakbot payload distributed happened to be packed by the Dave crypter. The DLL decrypts a resource containing Dave's encrypted shellcode and executes it! (cf. securityintelligence.com/x-force/tric...)
December 21, 2023 at 10:07 AM
[CTI insights]
The latest Qakbot payload distributed happened to be packed by the Dave crypter. The DLL decrypts a resource containing Dave's encrypted shellcode and executes it! (cf. securityintelligence.com/x-force/tric...)
The latest Qakbot payload distributed happened to be packed by the Dave crypter. The DLL decrypts a resource containing Dave's encrypted shellcode and executes it! (cf. securityintelligence.com/x-force/tric...)
3/ Code analysis of different sample revealed the use of a “morpher”, an advanced tool to evade detection:
October 18, 2023 at 7:43 AM
3/ Code analysis of different sample revealed the use of a “morpher”, an advanced tool to evade detection:
1/ Intrinsec’s CTI team recently published a report on Lumma Stealer, the most active stealer of the last months
October 18, 2023 at 7:37 AM
1/ Intrinsec’s CTI team recently published a report on Lumma Stealer, the most active stealer of the last months
The RAR archive contains a legitimate PDF taken from the New Zealand Foreign Affairs & Trade weekly global report of October 2023 which launches an EXE with the same name by leveraging CVE-2023-38831.
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
October 4, 2023 at 4:44 PM
The RAR archive contains a legitimate PDF taken from the New Zealand Foreign Affairs & Trade weekly global report of October 2023 which launches an EXE with the same name by leveraging CVE-2023-38831.
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
New #Bumblebee campaign leveraging CVE-2023-38831
Botnet ID : is0210
RC4 key : NEW_BLACK
C2 : g7qf7ew5c[.]life
TTPs : .RAR -> .EXE
Botnet ID : is0210
RC4 key : NEW_BLACK
C2 : g7qf7ew5c[.]life
TTPs : .RAR -> .EXE
October 4, 2023 at 4:43 PM
New #Bumblebee campaign leveraging CVE-2023-38831
Botnet ID : is0210
RC4 key : NEW_BLACK
C2 : g7qf7ew5c[.]life
TTPs : .RAR -> .EXE
Botnet ID : is0210
RC4 key : NEW_BLACK
C2 : g7qf7ew5c[.]life
TTPs : .RAR -> .EXE
