#Darkhotel #APT #infection Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks The Spreader is highly aggressive in its propagation mechanism and any PE executables residing in the targeted drives would be candidates for infection. report: welivesecurity.com/2020/05/13/ram…

amazing project

『DarkHotel has been linked to both Higaisa and StarCruft, all of them have some connection to South Korea in one way or another.』🤔 Deep-dive: The DarkHotel APT blog.bushidotoken.net/2020/06/deep-d…

New Blog Post: Evolution of Malware LODEINFO ^YU blogs.jpcert.or.jp/en/2020/06/evo…

medium.com/@dimazarno/byp…

My new AMSI bypass script based on Matt Graeber Matt Graeber 'amsiInitFailed' script. With a little math 0/59 AV detects as malicious in 2020. Happy pentesting. kmkz

.Trend Micro cyberthreat researcher joeychen breaks down #TropicTrooper 's use of USBferry at #HITCON2020. More about this topic: bit.ly/2zubhEb

New post: The U.S. Justice Department charged 5 members of a Chinese state-sponsored group known as #APT41 for hacking over 100 institutions worldwide. Last May, Trend Micro also connected the group to ransomware attacks on Taiwanese organizations. trendmicro.com/en_us/research…

sd-magazine.com/securite-numer…

Chinese espionage tool exploits vulnerabilities in 58 widely used websites... Fifty-seven of the sites are popular Chinese portals, while the last is the site for US newspaper, the New York Times. therecord.media/chinese-espion… via The Record From Recorded Future News

Verifying myself: I am joey_chen222 on Keybase.io. jt8RW_nlKBlThsZc4H2NnzUdrFD4uWYnfwxj / keybase.io/joey_chen222/s…

🔥New from #SentinelLabs! Chinese-aligned APT group Moshen Dragon caught side-loading #malware through multiple #AV products to infect telecoms sector. By Joey Chen and AmitaiBs3. Read the blog: sentinelone.com/labs/moshen-dr… #moshendragon #cybersecurity #plugx #shadowpad

fd8c53670c2dcea06abfe49b364875643f6c499ca77c6a49a63a1ae4364c03c5 d011130defd8b988ab78043b30a9f7e0cada5751064b3975a19f4de92d2c0025 Interesting pdb strings

2022年6月に新たな攻撃者グループによる日本組織を狙った「サプライチェーン攻撃」を確認しました。 攻撃で利用された4つのマルウェアを中心に、その機能や背後に潜む攻撃者像について紹介しています。ぜひご活用ください。 lac.co.jp/lacwatch/repor… #株式会社ラック　#サプライチェーン攻撃

淮南锋川网络科技有限责任公司 submitted the binary to MS to be signed 96170614bbd02223dc79cec12afb6b11004c8edb8f3de91f78a6fc54d0844622

Cisco Talos researchers Chetan Raghuprasad & Joey Che discovered a financially motivated threat actor targeting users in several Asian & Southeast Asian countries. CoralRaider focuses on stealing victims’ credentials, financial data & social media accounts blog.talosintelligence.com/coralraider-ta…

New blog post! "Building Casper's Shadow". We discovered and researched the #ShadowPad builder. See how ShadowPad is built 😎👻 nao-sec.org/2024/06/buildi…

#HITB2024BKK COMMSEC: CoralRaider Targets Victims Data and Social Media Accounts - Joey Chen & Chetan Raghuprasad - conference.hitb.org/hitbsecconf202…