@FaLconIntel profile picture
FaLcon Intelligence @FaLconIntel
Joined January 2020
  • Tweets 207
  • Following 12
  • Followers 440
134 Photos and videos
2021-10-29 #Malvertising -> #MagnitudeEK -> #Magniber #Ransomware location:Japan
1
5
6
FaLcon Intelligence retweeted
DirectoryRanger@DirectoryRanger
26 Sep 2021
Post Compromise Active Directory Checklist pwndefend.com/2021/09/15/pos…

2
79
203
FaLcon Intelligence retweeted
BleepingComputer
@BleepinComputer
24 Sep 2021
Exploit code released for three iOS 0-days that Apple failed to patch - @serghei bleepingcomputer.com/news/se…

Researcher drops three iOS zero-days that Apple refused to fix

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher.

bleepingcomputer.com
4
128
267
FaLcon Intelligence retweeted
Max_Malyutin@Max_Mal_
13 Sep 2021
#MSHTML RCE Vulnerability #CVE-2021-40444 (#CVE202140444) #DFIR #BlueTeam - Not only Control - CPL‼️ Potentially the exploit could run: #LOLBins 🔥🔥🔥🔥 MSHTA - HTA ✅ WSCRIPT - JS, JSE, VBA, WSF...✅ JAVAW - JAR ✅ MSIEXEC - MSI ✅ RegEdit - REG ✅ And MORE (?)
10
134
319
FaLcon Intelligence retweeted
Jakub Kroustek
@JakubKroustek
9 Sep 2021
#Sodinokibi / #REvil #ransomware is back and not just their sites. The latest variant from today: virustotal.com/gui/file/ab0a…
1
60
140
FaLcon Intelligence retweeted
BleepingComputer
@BleepinComputer
9 Sep 2021
Windows CVE-2021-40444 defenses bypassed as new info emerges - @LawrenceAbrams bleepingcomputer.com/news/mi…

Windows MSHTML zero-day defenses bypassed as new info emerges

New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks.

bleepingcomputer.com
1
122
226
FaLcon Intelligence retweeted
Max_Malyutin@Max_Mal_
9 Sep 2021
#MSHTML RCE Vulnerability #CVE-2021-40444 #DFIR How to find mhtml object: 1) Unzip the MalDoc 2) Navigate to *\word\_rels\* 3) open document.xml.rels 4) Screech for: Target="mhtml: Sample: bazaar.abuse.ch/sample/d0e1f…
4
51
146
FaLcon Intelligence retweeted
Gen Threat Labs
@GenThreatLabs
7 Sep 2021
We’ve found #UnderminerEK has the following modules and can exploit a whopping 11 different vulnerabilities including #PrintNightmare.
nao_sec@nao_sec
7 Sep 2021
#UnderminerEK is back! Now dropping #Amadey (CC: @malware_traffic, @jeromesegura) tria.ge/210907-pfppgsfgbq/be…
1
17
37
FaLcon Intelligence retweeted
RIVER@wugeej
18 Aug 2021
Fortinet FortiWeb OS Command Injection [‼️0-day] [PoC] POST /api/v2.0/user/remoteserver.saml HTTP/1.1 ... ... Content-Disposition: form-data; name="name" `touch /tmp/vulnerable` rapid7.com/blog/post/2021/08…
18
552
1,211
FaLcon Intelligence retweeted
Florian Roth ⚡️
@cyb3rops
10 Jul 2021
A #PrinterNightmare overview borncity.com/win/2021/07/08/…
4
67
308
FaLcon Intelligence retweeted
Virus Bulletin@virusbtn
30 Jun 2021
Proofpoint reports an increase in malicious use of Cobalt Strike in threat actor campaigns. Cobalt Strike is currently used by more cybercrime and general commodity malware operators than APT and espionage threat actors. proofpoint.com/us/blog/threa…
7
17
FaLcon Intelligence retweeted
Analysis Center@jpcert_ac
1 Jul 2021
ラッキービジター詐欺で不正サイトへのリダイレクトに悪用されるドメインを掲載するレポジトリを公開しました。新しい不正ドメインが観測された際は、こちらに掲載されますので、ご活用ください。 ^ST github.com/JPCERTCC/Lucky-Vi…

GitHub - JPCERTCC/Lucky-Visitor-Scam-IoC: Automatically update IoC for lucky visitor scam

Automatically update IoC for lucky visitor scam. Contribute to JPCERTCC/Lucky-Visitor-Scam-IoC development by creating an account on GitHub.

github.com
1
48
74
2021年5月に観測したPurple Foxのランディングはこちらです。 #PurpleFox(#PurpleFoxEK)
株式会社マクニカ ネットワークス カンパニー@mncofficial2004
27 May 2021
海外においてPurple Fox EKが活発です。 IEのパッチ適用状況確認(特に21年3月修正のCVE-2021-26411)やIE以外のブラウザへの切替について海外拠点への注意喚起をご検討ください。 ランディングページは特定できておりませんが、PSの接続先は以下ドメインです。
5
8
FaLcon Intelligence retweeted
nao_sec@nao_sec
18 Feb 2021
New blog post! #nccTrojan is a RAT used by #TA428 in attacks targeting East Asian defense and aviation organizations. Please see the analysis result of nccTrojan v1 and v2😆 insight-jp.nttsecurity.com/p…

1
28
50
2021-02-17 #Malvertising -> #RIGEK -> #loader -> #BrowserAssistant The loader had Microsoft digital certification, which has been identified as an invalid signature. app.any.run/tasks/0b345b26-e… virustotal.com/gui/file/660f…
1
3
2021-01-29 #Malvertising -> #RIGEK(#ExploitKit) -> #Smokeloader -> #Ursnif(#Dreambot) location:Japan SerpentKey=78347829JSDUKLHG Version:250161 id=8005 tria.ge/210128-mlthgt7r1n/ app.any.run/tasks/2f03c307-a…
1
15
2021-01-28 #Malvertising -> #RIGEK(#ExploitKit) -> #Buer(##BuerLoader) app.any.run/tasks/00911cec-c… tria.ge/201109-k5prgaf7c2/be…

Analysis http://zeroexit.xyz/9HJDckdsvfsdefvs34 Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run
1
2
2021-01-20 #Malvertising -> #RIGEK(#ExploitKit) -> #Dridex OR Unknown malware It seems that the malware that infects depends on the location. app.any.run/tasks/50ae4c7f-6… tria.ge/210120-y331pgwt4x/ app.any.run/tasks/b06331f4-9… tria.ge/210120-v29hj1wrce/ analyze.intezer.com/analyses…
2
9
FaLcon Intelligence retweeted
nao_sec@nao_sec
29 Dec 2020
#PurpleFox Exploit Kit -> #PhantomNugget app.any.run/tasks/ba193e96-d…
12
31
2020-12-08 #Malvertising(#Makemoney) -> #RIGEK(#ExploitKit) -> #Taurus Sample app.any.run/tasks/19d0b239-0… tria.ge/201207-6lzldmdycn/ Reference blog.malwarebytes.com/malwar…
2
3
Load more