Matthew Mesa
@mesa_matt
Tweets are my own. http://virustotal.com/en/user/matthe…
قد يعجبك
The adventures of Josephine Pena. From LinkedIn invitations to More_eggs Jscript Downloader: proofpoint.com/us/threat-insi…
Zscaler's Nikolaos Pantazopoulos analyses the functionality of Raspberry Robin (also known as Roshtyak), including its execution layers, obfuscation methods and network communication process, along with its latest exploits. zscaler.com/blogs/security…
I’ll be speaking @SLEUTHCON this year! The lineup is amazing. I can’t wait to learn from everyone. Full list of speakers here: sleuthcon.com/speakers
Join me, @switchingtoguns, @a_de_pasquale, and our team as a Sr. Threat Researcher focusing on phishing detection. Use your skills in pattern-based detection, regex, HTML/HTTP, and current phishing landscape, to combat phishing threats for SAA customers splunk.com/en_us/careers/…
Ya Qbot is back, it sucks. But look what happened with Emotet when it came back. Was a half assed attempt at running a botnet which eventually disappeared without any LE. Lets make it so that becomes the case with Qbot as well.
Can confirm that we have seen the recent #Qbot #Quakbot #Qakbot activity. PDFs/URLs has been used since at least November 28, but can't confirm what payload it was earlier than December 11. URL example: urlhaus.abuse.ch/url/2741437/ MSI/DLL: bazaar.abuse.ch/browse/tag/teo…
An embedded configuration EPOCH timestamp indicates the payload was generated on December 11. The campaign code was tchk06. Most notably, the delivered Qakbot payload was configured with the previously unseen version 0x500. Observed Qakbot C2: 45[.]138.74.191 65[.]108.218.24
Unfortunately, I had to look at their email campaigns again this week.
RIP Qbot. After having to look at Qbot email campaigns on a regular basis since ~2017, I don't think I'll miss it.
Microsoft has identified new Qakbot phishing campaigns following the August 2023 law enforcement disruption operation. The campaign began on December 11, was low in volume, and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee.
So proud to be a part of this collective effort at Microsoft. Badasses at Microsoft Threat Intelligence supporting significant Digital Crimes Unit legal disruptions. This is just the beginning, so many more targets, so much more we are doing and will do #staytuned
Technical disruption [servers] ✅ Seizure splash page on all sites ✅ (first for a private company?) Civil litigation ✅ Criminal referral ✅ I’m incredibly proud of our partner team’s work here, partnering with us on crime intelligence. Digital Crimes Unit = Microsoft legal…
Would you realise if java.exe spawning something dodgy was a 0-day? @0g_omkar and team did, patch your on-prem SysAid instances
Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched.
Coworker of mine on his first solo blog post! #smartapesg medium.com/walmartglobalt…
Malware delivered via teams, you should have a look at this. No log, no protection, except if you configure team to only allow trusted orgs to discuss with yours. But you can’t see if it’s already in use because you don’t have logs… truesec.com/hub/blog/darkg…
RIP Qbot. After having to look at Qbot email campaigns on a regular basis since ~2017, I don't think I'll miss it.
do you HATE miscreants? do you LOVE writing detections, hunting thru INSANE amounts of data, and protecting a LOT of orgs? @Microsoft is hiring Detection Engineering/Threat Hunting roles for email security. work with some of the smartest folks in the game: jobs.careers.microsoft.com/global/en/job/…
Microsoft has identified a phishing campaign conducted by Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884 to deliver a payload with similarities to the RomCom backdoor. msft.it/6015g0O8x
United States الاتجاهات
- 1. Falcons 12.8K posts
- 2. Drake London 1,902 posts
- 3. Max B 11.7K posts
- 4. Raheem Morris N/A
- 5. Alec Pierce 2,001 posts
- 6. Kyle Pitts 1,159 posts
- 7. #Colts 2,496 posts
- 8. Penix 2,422 posts
- 9. Bijan 2,366 posts
- 10. Badgley N/A
- 11. $SENS $0.70 Senseonics CGM N/A
- 12. #ForTheShoe 1,418 posts
- 13. $LMT $450.50 Lockheed F-35 N/A
- 14. Zac Robinson N/A
- 15. $APDN $0.20 Applied DNA N/A
- 16. #Talus_Labs N/A
- 17. Good Sunday 75.4K posts
- 18. #DirtyBirds N/A
- 19. #AskFFT N/A
- 20. Jessie Bates N/A
قد يعجبك
-
Tom Hegel
@TomHegel -
Bart
@bartblaze -
James
@James_inthe_box -
Antelox
@Antelox -
avman
@avman1995 -
JAMESWT
@JAMESWT_WT -
Joe Roosen
@JRoosen -
JaromirHorejsi
@JaromirHorejsi -
Herbie Zimmerman
@HerbieZimmerman -
Philippe Lagadec @ UYBHYS
@decalage2 -
Artsiom Holub
@Mesiagh -
Malekal's site
@malekal_morte -
Jiri Kropac
@jiriatvirlab -
Corsin Camichel 🌻
@cocaman -
The Missing LNK
@BitDefense
Something went wrong.
Something went wrong.