2022-06-24 10:27   RCS Labs Spyware vendor targets users in Italy and Kazakhstan. IOS: Use two 0day exploits. Android add package:com.fintur./support report: https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/ Technical analysis of CVE-2021-30983: https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html    #[email protected] #社交媒体 RCS Labs Spyware vendor targets users in Italy and Kazakhstan.IOS: Use two 0day exploits.Android add package:com.fintur./supportreport:blog.google/threat-analysis-…Technical analysis of CVE-2021-30983:googleprojectzero.blogspot.c…twitter.com/blackorbird/status/1537618630828953601#m

2022-06-18 15:29   mark    #[email protected] #社交媒体 marktwitter.com/LetsDefendIO/status/1537810563824242695#m

2022-06-17 14:50   #ModifiedElephant Attack China ioc: https://www.virustotal.com/gui/file/71def73e97a0e9daabbc13598540c587239ee66a503fd1ffbca2327dceac74db/relations report: https://mp.weixin.qq.com/s/mC5D8kFaQA-cIcw2rlTgeA https://mp-weixin-qq-com.translate.goog/s/mC5D8kFaQA-cIcw2rlTgeA?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en    #[email protected] #社交媒体 #ModifiedElephant Attack Chinaioc:virustotal.com/gui/file/71de…report:mp.weixin.qq.com/s/mC5D8kFaQ…mp-weixin-qq-com.translate.g…twitter.com/blackorbird/status/1537687091705835521#m

2022-06-17 14:42   Police Linked to Hacking Campaign to Frame Indian Activists #ModifiedElephant New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest. https://www.wired.com/story/modified-elephant-planted-evidence-hacking-police/    #[email protected] #社交媒体 Police Linked to Hacking Campaign to Frame Indian Activists #ModifiedElephant New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.wired.com/story/modified-ele…twitter.com/blackorbird/status/1492005108195885056#m

2022-06-17 11:32   Secure Messaging Apps and Group Protocols part1: https://blog.quarkslab.com/secure-messaging-apps-and-group-protocols-part-1.html part2: https://blog.quarkslab.com/secure-messaging-apps-and-group-protocols-part-2.html    #[email protected] #社交媒体 Secure Messaging Apps and Group Protocolspart1:blog.quarkslab.com/secure-me…part2:blog.quarkslab.com/secure-me…

2022-06-17 10:10   Android Spyware Deployed in Kazakhstan Package Name: com.xdja.safekeyservice com.xdja.jxclient com.tencent.mobileqq com.vodaservices com/.androidservices.support https://www.lookout.com/blog/hermit-spyware-discovery    #[email protected] #社交媒体 Android Spyware Deployed in KazakhstanPackage Name:com.xdja.safekeyservicecom.xdja.jxclientcom.tencent.mobileqqcom.vodaservicescom/.androidservices.supportlookout.com/blog/hermit-spyw…

2022-06-14 14:14   #SideWinder Android Spyware from Google Play. https://mp.weixin.qq.com/s/LaWE4R24D7og-d7sWvsGyg https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en    #[email protected] #社交媒体 #SideWinder Android Spyware from Google Play.mp.weixin.qq.com/s/LaWE4R24D…mp-weixin-qq-com.translate.g…

2022-06-14 10:45   mark    #[email protected] #社交媒体 marktwitter.com/TomTomjarvis/status/1536116337155637248#m

2022-06-10 14:53   R to @blackorbird: Symbiote uses BPF to hide traffic from someone that investigates an infected machine.    #[email protected] #社交媒体 Symbiote uses BPF to hide traffic from someone that investigates an infected machine.

2022-06-10 14:35   Symbiote utilizes BPF to hide malicious network traffic on an infected machine. The malware is designed to be loaded by the linker via the LD_PRELOAD directive. https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat https://www.intezer.com/blog/research/new-linux-threat-symbiote/    #[email protected] #社交媒体 Symbiote utilizes BPF to hide malicious network traffic on an infected machine.The malware is designed to be loaded by the linker via the LD_PRELOAD directive.blogs.blackberry.com/en/2022…intezer.com/blog/research/ne…

2022-06-09 18:41   Good way to forensics. Capture SSL/TLS text content without CA cert Using eBPF. https://github.com/ehids/ecapture    #[email protected] #社交媒体 Good way to forensics.Capture SSL/TLS text content without CA cert Using eBPF.github.com/ehids/ecapture

2022-06-08 11:14   #Bitter Group's New Management System. #APT Bitter && SideWinder IOCs https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg https://mp-weixin-qq-com.translate.goog/s/8j_rHA7gdMxY1_X8alj8Zg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en    #[email protected] #社交媒体 #Bitter Group's New Management System. #APT Bitter && SideWinder IOCsmp.weixin.qq.com/s/8j_rHA7gd…mp-weixin-qq-com.translate.g…

2022-06-07 18:58   #Kimsuky #BabyShark Update ielsems[.]com worldinfocontact[.]club H:\HIJACKING\OneDrive_Hijacking\googleDrive_rat_load_complete\googleDrive_rat_load_complete\rat_load\Release\rat_load.pdb https://mp.weixin.qq.com/s/ZV8AOTd7YGUgCTTTZtTktQ https://mp-weixin-qq-com.translate.goog/s/ZV8AOTd7YGUgCTTTZtTktQ?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en    #[email protected] #社交媒体 #Kimsuky #BabyShark Update ielsems[.]comworldinfocontact[.]clubH:\HIJACKING\OneDrive_Hijacking\googleDrive_rat_load_complete\googleDrive_rat_load_complete\rat_load\Release\rat_load.pdbmp.weixin.qq.com/s/ZV8AOTd7Y…mp-weixin-qq-com.translate.g…

2022-06-02 15:13   #sidewinder started using an anti-bot script to filter their victims. report: https://blog.group-ib.com/sidewinder-antibot    #[email protected] #社交媒体 #sidewinder started using an anti-bot script to filter their victims.report:blog.group-ib.com/sidewinder…

2022-06-02 10:47   #Oceanlotus new linux backdoor "Buni". /dev/disk/by-uuid/ cat /etc/*release | uniq ioc: https://www.virustotal.com/gui/domain/zabbixasaservice.com/relations report: https://mp.weixin.qq.com/s/zHLY81XeNL8afYaPtd0Myw https://mp-weixin-qq-com.translate.goog/s/zHLY81XeNL8afYaPtd0Myw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en    #[email protected] #社交媒体 #Oceanlotus new linux backdoor "Buni"./dev/disk/by-uuid/cat /etc/*release | uniqioc:virustotal.com/gui/domain/za…report:mp.weixin.qq.com/s/zHLY81XeN…mp-weixin-qq-com.translate.g…