🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

'uni.bat' looks like DiscordRAT abuse.ch bazaar.abuse.ch/sample/33e34ac…

Low detected 'CALDEMON HEAT EXCHANGERS, S.L. req 2211059.rar' variants from China and Germany abuse.ch bazaar.abuse.ch/sample/17e06bf… and bazaar.abuse.ch/sample/ecca139…

'24654_222_88_NOTIFICACION_VIRUAL_AUTO_ADMIOSRIO_DEMANDA_LABORAL_Juzgado_09_Laboral_del_Circuito_de_Bogota_D_C_CONFIRMAR_RECIBIDO.js' as a FUD abuse.ch bazaar.abuse.ch/sample/95a1a59…

⚠️ While investigating a new CEO fraud campaign, I discovered that attackers are using a trick to bypass the redirect warning usually shown by Google (google[.]com/url?q=https://www.example[.]com). This open redirect allows attackers to evade certain detections and stealthily

Looks like a FUD, but sandboxes are red as hell. 'QQHong_ec1ea5d9bce7568b2aeaef912fd9e2f2' as a #ValleyRAT abuse.ch bazaar.abuse.ch/sample/44bc85d…

Active exploits for CVE-2025-53770 are uploaded abuse.ch bazaar.abuse.ch/browse/tag/CVE… (ASPX files are still under investigation)

Lame #malspam in the name of #Hungarian Minister of Interior. Fake sender and self signed #GuLoader, which brings a #Formbook abuse.ch bazaar.abuse.ch/sample/1f7d1d7…

'connectorONE_0296.bat' with low detection abuse.ch bazaar.abuse.ch/sample/aaabb84… TCP: 185(.)126(.)82(.)114:4441

'Microsoft.vbs' as a low detected #xworm from #Türkiye abuse.ch bazaar.abuse.ch/sample/c6150cf… GitHub: /github(.)com/MockaPro/PS1/ ܛܔܔܔܛܔܛܔܛ

'lul4.ps1' from Poland for reconnaissance abuse.ch bazaar.abuse.ch/sample/f5bfa6e… ܛܔܔܔܛܔܛܔܛ

This 'Office License.pdf.lnk' is from #Ukraine bazaar.abuse.ch/sample/1a3bbf5… Drops this one (vin.bat): bazaar.abuse.ch/sample/eb86326… ...with this decoy(https): /j-bookmarks-annie-possess(.)trycloudflare(.)com/pdf/office365.pdf First upload from abuse.ch Original URL(http):

Global Maritime and Safety System users targeted with this one especially in Greece, Germany and UK: 'GMDSS Service Report_xlsx.rar' Looks like #ModiLoader abuse.ch bazaar.abuse.ch/sample/4c27d80…

'Listed PN on Engine Parts.vbs' fresh #njrat from Türkiye abuse.ch bazaar.abuse.ch/sample/4a6d095…

'WindowsUpdateService.ps1' from Germany abuse.ch bazaar.abuse.ch/sample/0bce0e2… Original URL(http): /62.113.66(.)137/WindowsUpdateService.ps1 (RU) urlhaus.abuse.ch/url/3589408/

'4a5a7c.msi' from Hungary looks like an unsigned RMM client. abuse.ch bazaar.abuse.ch/sample/49da684… URL(https): /adjects.com/diagnostics.php

'customer-receipt.pdf.lnk' from Ukraine abuse.ch bazaar.abuse.ch/sample/16b18d7… Original URL(http): /77.110.113(.)73/Documents/customer-receipt.pdf.lnk Coyote(http): /driverupdate.ue3hdn4-cdnsecurefile.com/Chrono24-receipt.pdf Dropped BAT: bazaar.abuse.ch/sample/e2bf4c3… Dropped HTA: