Matthew Mesa
@mesa_matt
Tweets are my own. http://virustotal.com/en/user/matthe…
You might like
The adventures of Josephine Pena. From LinkedIn invitations to More_eggs Jscript Downloader: proofpoint.com/us/threat-insi…
Zscaler's Nikolaos Pantazopoulos analyses the functionality of Raspberry Robin (also known as Roshtyak), including its execution layers, obfuscation methods and network communication process, along with its latest exploits. zscaler.com/blogs/security…
I’ll be speaking @SLEUTHCON this year! The lineup is amazing. I can’t wait to learn from everyone. Full list of speakers here: sleuthcon.com/speakers
Join me, @switchingtoguns, @a_de_pasquale, and our team as a Sr. Threat Researcher focusing on phishing detection. Use your skills in pattern-based detection, regex, HTML/HTTP, and current phishing landscape, to combat phishing threats for SAA customers splunk.com/en_us/careers/…
Ya Qbot is back, it sucks. But look what happened with Emotet when it came back. Was a half assed attempt at running a botnet which eventually disappeared without any LE. Lets make it so that becomes the case with Qbot as well.
Can confirm that we have seen the recent #Qbot #Quakbot #Qakbot activity. PDFs/URLs has been used since at least November 28, but can't confirm what payload it was earlier than December 11. URL example: urlhaus.abuse.ch/url/2741437/ MSI/DLL: bazaar.abuse.ch/browse/tag/teo…
An embedded configuration EPOCH timestamp indicates the payload was generated on December 11. The campaign code was tchk06. Most notably, the delivered Qakbot payload was configured with the previously unseen version 0x500. Observed Qakbot C2: 45[.]138.74.191 65[.]108.218.24
Unfortunately, I had to look at their email campaigns again this week.
RIP Qbot. After having to look at Qbot email campaigns on a regular basis since ~2017, I don't think I'll miss it.
Microsoft has identified new Qakbot phishing campaigns following the August 2023 law enforcement disruption operation. The campaign began on December 11, was low in volume, and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee.
So proud to be a part of this collective effort at Microsoft. Badasses at Microsoft Threat Intelligence supporting significant Digital Crimes Unit legal disruptions. This is just the beginning, so many more targets, so much more we are doing and will do #staytuned
Technical disruption [servers] ✅ Seizure splash page on all sites ✅ (first for a private company?) Civil litigation ✅ Criminal referral ✅ I’m incredibly proud of our partner team’s work here, partnering with us on crime intelligence. Digital Crimes Unit = Microsoft legal…
Would you realise if java.exe spawning something dodgy was a 0-day? @0g_omkar and team did, patch your on-prem SysAid instances
Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched.
Coworker of mine on his first solo blog post! #smartapesg medium.com/walmartglobalt…
Malware delivered via teams, you should have a look at this. No log, no protection, except if you configure team to only allow trusted orgs to discuss with yours. But you can’t see if it’s already in use because you don’t have logs… truesec.com/hub/blog/darkg…
RIP Qbot. After having to look at Qbot email campaigns on a regular basis since ~2017, I don't think I'll miss it.
do you HATE miscreants? do you LOVE writing detections, hunting thru INSANE amounts of data, and protecting a LOT of orgs? @Microsoft is hiring Detection Engineering/Threat Hunting roles for email security. work with some of the smartest folks in the game: jobs.careers.microsoft.com/global/en/job/…
Microsoft has identified a phishing campaign conducted by Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884 to deliver a payload with similarities to the RomCom backdoor. msft.it/6015g0O8x
United States Trends
- 1. Cheney 131K posts
- 2. Election Day 130K posts
- 3. Jakobi Meyers 3,733 posts
- 4. #csm219 3,343 posts
- 5. Mamdani 579K posts
- 6. Logan Wilson 8,216 posts
- 7. Shota 17.5K posts
- 8. New Jersey 210K posts
- 9. Iraq 57.8K posts
- 10. Cuomo 278K posts
- 11. GO VOTE 99.5K posts
- 12. #TheView N/A
- 13. Rickey 1,986 posts
- 14. #tuesdayvibe 2,617 posts
- 15. New Yorkers 84.5K posts
- 16. New York City 173K posts
- 17. #Election2025 3,094 posts
- 18. Waddle 6,159 posts
- 19. GOOD MORNING MINTO N/A
- 20. Halliburton 5,583 posts
You might like
-
Tom Hegel
@TomHegel -
Bart
@bartblaze -
James
@James_inthe_box -
Antelox
@Antelox -
avman
@avman1995 -
JAMESWT
@JAMESWT_WT -
Joe Roosen
@JRoosen -
JaromirHorejsi
@JaromirHorejsi -
Herbie Zimmerman
@HerbieZimmerman -
EKTracker
@baberpervez2 -
Philippe Lagadec @ hack.lu
@decalage2 -
Artsiom Holub
@Mesiagh -
Malekal's site
@malekal_morte -
Jiri Kropac
@jiriatvirlab -
Corsin Camichel 🌻
@cocaman
Something went wrong.
Something went wrong.