sysopfb (@sysopfb)

11 Mar 2020

Maksim Yakubets was indicted but treasury department also went after Evil Corp, what is really interesting is all the alluding to them being linked to FSB and as it turns out Yakubets is married to the daughter of Eduard Bendersky. w/ Joshua Platt @ WSJPro in Charlotte, NC 1/3

sysopfb

Ctrl-Alt-Intel @ctrlaltintel

May 14

Dumped a bunch of notes surrounding a macos based stealer from etherhiding clickfix github.com/sysopfb/open_mal_… someone also released a blog surrounding pieces of it last night: medium.com/@ashishbogati098/…

1,343

Ctrl-Alt-Intel

sysopfb retweeted

Apr 15

Cool find from @sysopfb here is a couple of Images from the Panel, This specific panel was delivering a MacOS stealer notnullOSX http.html:"notnullOSX " - Shodan Search http://111.90.]143.163:8080/install

Apr 14

Nice writeup rmceoin.github.io/malware-an… Of note is a panel: hxxp://65.38.120.]80:8080 they left some tidbits behind in the login page: <<label>Пул доменов (по одному на строку)</label>"oeannon.]com
heethcote.]com
windlrr.]com"

1,345

sysopfb

Apr 14

1,870

sysopfb

Apr 14

253

sysopfb

Apr 6

Mapping Ottercookie Infrastructure

By: Jason Reaves

1,802

sysopfb

medium.com/@jason.reaves/dec…

4 Dec 2025

Decoding Brickstorms Garble strings

By: Jason Reaves

14,753

sysopfb

24 Nov 2025

Utilizing ChatGPT for Decoding Astaroth Strings

By: Jason Reaves

1,572

sysopfb

2 Jul 2025

Janela RAT and a stealer extension delivered together

By: Jason Reaves

1,273

sysopfb

11 Jun 2025

medium.com/walmartglobaltech… Kudos to GitHub they were taking stuff down very fast

Amos hiding in GitHub

By: Jason Reaves

952

sysopfb

27 May 2025

ARC Stealer Hiding in the Ether

By: Jason Reaves

3,956

sysopfb

31 Mar 2025

DFIRReport pastebin link also lines up with one of the pastebins I saw in my blog - "cLika3dt"; thedfirreport.com/2025/03/31…

Fake Zoom Ends in BlackSuit Ransomware - The DFIR Report

Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a file...

thedfirreport.com

13 Mar 2025

Auto decoding IOCs from Arechclient and the onboard browser extension they drop medium.com/walmartglobaltech…

1,002

sysopfb

13 Mar 2025

Auto decoding IOCs from Arechclient and the onboard browser extension they drop medium.com/walmartglobaltech…

ArechClient; Decoding IOCs and finding the onboard browser extension

By: Jason Reaves

2,224

sysopfb

11 Mar 2025

medium.com/walmartglobaltech… go through a little of the panel they are using for the fake invites also

Golang backdoor with a side of ChromeUpdateAlert App

By: Jason Reaves and Joshua Platt

1,204

sysopfb

28 Feb 2025

Agent AI, Basta Parser Extraordinaire

Black Basta is a ransomware group that has spent the past couple of years attacking global networks. Their activities are well known in the…

960

sysopfb

20 Jan 2025

Qbot is Back.Connect

By: Joshua Platt, Jason Reaves and Jonathan McCay

4,907

sysopfb

11 Dec 2024

Samples look like stealers. Some of the recent ones being Lumma placekeawe(.my

Diego @diego_gg95

10 Dec 2024

I got drained, fully drained. Hi everyone, I'm just coming to share with you all the worst day of my life, and how it happened so that you guys don't ever have to pass through it. Thread below.

1,103

sysopfb

11 Mar 2020

more replies

sysopfb