22 Jan 2025
¡¡El @truetrue llega al Lorca de #Móstoles !!
Juntos aprenderemos todas las posibilidades que nos ofrece en el aula. Además de sus tarjetas, también funciona con #appseducativas como la que aparece en el vídeo: “Truebot MusicCard” 🎶🤖🚀✨
#codigoescuela4_0_madrid #if_cmadrid
2
10
376
15 May 2024
TrueBot malware is a known malware used for data exfiltration which has been used by infamous groups such as CL0P ransomware group.
you can find my analysis for TrueBot malware and its anti-emulation tricks
apophis133.medium.com/truebo…
3
128
14 Mar 2024
🚨 🎥 In this #ThreatThursday live demo, @tcraf7 & @1qazCasey will delve into the intricacies of #TrueBot #malware, a potent tool often wielded as an initial access vector by cyber threat actors. x.com/i/broadcasts/1yNGaZdeq…
2
4
651
13 Mar 2024
💥🦄Join us for #ThreatThursday LIVE on March 14, 11:30AM - 12:15PM (ET)! In this demo, @tcraf7 & @1qazCasey will delve into the intricacies of #TrueBot #malware, a potent tool often wielded as an initial access vector by cyber threat actors. Register ⤵️
learn.scythe.io/threat-thurs…
1
5
424
8 Mar 2024
🚨 🎥 Join us LIVE on March 14! In this #ThreatThursday demo, @tcraf7 & @1qazCasey will delve into the intricacies of #TrueBot #malware, a potent tool often wielded as an initial access vector by cyber threat actors. Add to your calendar & tune in next Thurs ⬇️ streamyard.com/watch/saR7iMi…
ALT red & black Threat Thursday graphic (live stream) - March 14 - 11:30 AM (ET) - headshot of Trey Bilbrey, SCYTHE Lead Adversary Emulation Engineer & Tyler Casey, SCYTHE Detection Engineer (SCYTHE logo)
3
6
671
6 Mar 2024
We've made some updates to vx-underground
- The Old New Thing for February, 2024
- MyloBot
- Stealc
- Truebot
- zgRAT
- Remcos
- QakBot
- RedLine
- Pikabot
- LilithBot
- ParadiseRansomware
- Bandook
- Android.HookBot
- Atharvan
- AgentTesla
- Android.Coper
1
7
84
18,059
13 Feb 2024
🌀 An interesting Twist on the 36 #ShadowSyndicate servers 🕵️♂️ - apart from the usual mix of #CobaltStrike 💻, #RustC2 🛠️, #Covenant 🗝️, #Truebot 🦠, One Russian IP is allegedly hosting a FORENSIC COPY OF THE HUNTER #BIDEN LAPTOP! 💼🔍💾
Is ShadowSyndicate linked to Russian State propaganda?
4
7
3,892
2 Jan 2024
Hello, how are you? Back to the grind.
Malware family additions:
- NodeStealer
- RhysidaRansomware
- Truebot
- VenusRansomware
- Rekoobe
- RustBucket
- SystemBC
- Lokibot
- PlugX
- SectopRAT
- RedLine
- Emotet
- AkiraRansomware
More updates coming today. Have a nice day.
4
26
284
31,710
1 Jan 2024
5/ 🧼 "A Truly Graceful Wipe Out" - Observations on Truebot deploying Cobalt Strike and FlawedGrace, leading to data exfiltration and more.
🔗 thedfirreport.com/2023/06/12…
by @Kostastsale, @svch0st and @0xThiebaut
1
8
700
10 Nov 2023
@James_inthe_box @AnFam17 @Gi7w0rm @pr0xylife every time I pull a string I find a new thing, Clop, Qakbot, Truebot, Cobalt Strike...etc. Anyone want to take a look? Is this just part of a sewer?
pumpkininnovations[.]com
103.212.121.75
34.102.136.180
virustotal.com/gui/domain/pu…
2
2
12
1,475
9 Nov 2023
New #Cl0P thread!
👉New campaign, same hosting? 🧐
Assumption based on previous @bridewellsec, DFIR reports and SysAid report: 3 IP addresses linked to #Grace or #Truebot on the same /24 subnet hosting provider.
👉Includes a pivot for new indicators to keep an eye on.
1
16
63
14,789
27 Oct 2023
A number of post-exploitation frameworks such as Cobalt Strike & Mythic are found in this cluster, including Truebot C2. Some good pivoting points here. However, we are able to link this Meterpreter C2 to within this SSH cluster. 👍
Is this a Cl0P & BB affiliate?
1
5
355
27 Oct 2023
2⃣ Second Observation 🧐
👉The Meterpreter C2 shares an SSH fingerprint with cluster of IPs previously linked with Cl0P affiliate.
Bridewell had linked this SSH to a cluster of hashes linked to Cl0P due to each cluster of IP addresses owning at least 1 #Truebot C2 address.
1
2
2,907
Har du prøvet vores virtuelle AI assistent Truebot endnu?
Du kan tage en dialog med min virtuelle assistent - prøv det via linket her 👇🏼
trueshift.dk/truebot/
4
1
1
704
6 Oct 2023
It took me only 3 months to update my blog post about #TrueBot configuration extraction and to fix the extractor 💪👏 🙈 #TA505 #SMDA cc @push_pnx malware.love/malware_analysi…
5
17
1,789
Er du også ved at runde af inden weekenden?
I ugens løb har vi kickstartet nye visionære samarbejder med kunder i Trueshift AI og også prioriteret vores egne interne eksperimenter. Det ene er vores virtuelle AI assistent Truebot. Du kan tage en dialog med min virtuelle assistent og tage en helt konkret dialog med den omkring en af artiklerne vi har på websitet.
Er du nysgerrig på hvordan det fungerer i praksis? Så prøv det i linket (som du finder i kommentarfeltet)
1
4
5
1,582
4 Oct 2023
The SSH key on the CobaltStrike IP is linked to Truebot activity.
2
832
4 Oct 2023
🔍 Further analysis has unearthed 🕳️ more potential infrastructure linked to the same adversary 😈 using a simple pivot from the CobaltStrike IP and SSH Key.
What's even more intriguing is that the same SSH key is being used by #Truebot.
🔹88.214.25.242 0/88 VT
🔹5.188.87.37 11/89 VT
🔹45.227.255.34 1/89 VT
🔹45.182.189.118 9/89 VT
🛡️ Stay on your toes and remain vigilant! 🚨 #CyberSecurity #Pikabot 🤖
3 Oct 2023
2023-10-03 (Tuesday) - #Pikabot infection led to #CobaltStrike HTTPS C2 traffic using zzerxc[.]com on 179.60.149[.]244:443. List of indicators available at bit.ly/3LMc9q3. Thanks to the @Cryptolaemus1 crew for initially reporting today's Pikabot activity!
ALT 2023-10-03 (Tuesday): Pikabot infection with Cobalt Strike. Thread-hijacked email > link from email > password-protected zip archive > extracted Windows shortcut > URL for Pikabot DLL > Pikabot installer DLL > HTTPS C2 traffic from Pikabot > Follow-up activity: Cobalt Strike
ALT Screenshot of Downloads folder. Arrow pointing to Windows shortcut extracted from downloaded zip. Arrow pointing to text in Notepad, from Target in Shortcut menu pane.
ALT Scheduled task and registry update to keep Pikabot infection persistent
ALT Screenshot of Wireshark traffic.Arrows point to Pikabot command and control. Highlighted fields indicate where Cobalt Strike traffic starts.
19
61
15,140
2 Oct 2023
#CybersecurityAwarenessMonth Tip: Don't fall victim to TrueBot #malware by downloading a PDF from an untrusted source! 🙅 In this Juniper Threat Labs demo, our security team shows how bad actors spread the #ransomware. #SecureOurWorld juni.pr/3LLECw3
2
12
2,014
23 Sep 2023
The servers don’t host truebot, however CS configs and domain names convention are completely similar to those from the PaperCut related cases.
23 Sep 2023
#Silence gang started a new campaign and deployed few #CobaltStrike servers:
tsvsnjv[.]com
rokllofrold29[.]com
rokllold279[.]com
Attribution is based on CS watermarks and the unique domain names template. Final stage is a ransomware, possible types: #CL0P, #bl00dy.
1
3
312