Intrinsec
@intrinsec.bsky.social
Notre métier ? Protéger le vôtre !
Management des risques, Évaluation, Cyber Threat Intelligence, Détection, Réponse (CERT), Innovation.
Pour en savoir plus, visitez intrinsec.com
Management des risques, Évaluation, Cyber Threat Intelligence, Détection, Réponse (CERT), Innovation.
Pour en savoir plus, visitez intrinsec.com
cc @lgde.bsky.social @r3dhash.bsky.social @stdal.bsky.social @gi7w0rm.bsky.social @olevilladsen.bsky.social @cryptolaemus.bsky.social @pr0xylife.bsky.social
December 21, 2023 at 10:15 AM
SHA1:
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
December 21, 2023 at 10:08 AM
SHA1:
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
f004c09428f2f18a145212a9e55eef3615858f9c 7d4a6976c1ece81e01d1f16ac5506266d5210734
Stay tuned for our report on Qakbot's comeback!
October 18, 2023 at 12:23 PM
October 18, 2023 at 8:17 AM
4/ Find the report here : www.intrinsec.com/wp-content/u...
October 18, 2023 at 7:43 AM
4/ Find the report here : www.intrinsec.com/wp-content/u...
3/ Code analysis of different sample revealed the use of a “morpher”, an advanced tool to evade detection:
October 18, 2023 at 7:43 AM
3/ Code analysis of different sample revealed the use of a “morpher”, an advanced tool to evade detection:
2/ Lumma is present on Russian-speaking forums and Telegram. In this report, we analyse the old and new C2 panels threat actors rely on.
October 18, 2023 at 7:37 AM
2/ Lumma is present on Russian-speaking forums and Telegram. In this report, we analyse the old and new C2 panels threat actors rely on.
October 4, 2023 at 4:47 PM
The RAR archive contains a legitimate PDF taken from the New Zealand Foreign Affairs & Trade weekly global report of October 2023 which launches an EXE with the same name by leveraging CVE-2023-38831.
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
October 4, 2023 at 4:44 PM
The RAR archive contains a legitimate PDF taken from the New Zealand Foreign Affairs & Trade weekly global report of October 2023 which launches an EXE with the same name by leveraging CVE-2023-38831.
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
RAR archive :
www.virustotal.com/gui/file/35f...
Bumblebee EXE :
www.virustotal.com/gui/file/60f...
6/6 RAR archive :
www.virustotal.com/gui/file/19b...
www.virustotal.com/gui/file/19b...
September 8, 2023 at 9:57 AM
6/6 RAR archive :
www.virustotal.com/gui/file/19b...
www.virustotal.com/gui/file/19b...
3/6 Domains contacted :
itszko2ot5u[.]life
3v1n35i5kwx[.]life
newdnq1xnl9[.]life
cmid1s1zeiu[.]life
itszko2ot5u[.]life
3v1n35i5kwx[.]life
newdnq1xnl9[.]life
cmid1s1zeiu[.]life
September 8, 2023 at 9:56 AM
3/6 Domains contacted :
itszko2ot5u[.]life
3v1n35i5kwx[.]life
newdnq1xnl9[.]life
cmid1s1zeiu[.]life
itszko2ot5u[.]life
3v1n35i5kwx[.]life
newdnq1xnl9[.]life
cmid1s1zeiu[.]life
2/6 Name of the unpacked payload : “LdrAddx64.exe”. RC4 key used to decrypt the configuration : “NEW\_BLACK”. Botnet : "rar0409".
September 8, 2023 at 9:55 AM
2/6 Name of the unpacked payload : “LdrAddx64.exe”. RC4 key used to decrypt the configuration : “NEW\_BLACK”. Botnet : "rar0409".