Jeromy @jeromyokc

Recent searches

Search options

Only available when logged in.

52 posts20 participants1 post today

**CTI.FYI** @CTI_FYI@infosec.exchange · 3h

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog post!

Group name: killsecurity
Post title: Harcourts Prime Properties
Info: https://cti.fyi/groups/killsecurity.html

cti.fyikillsecurity

#ransomware #cti #threatintelligence

**VulDB** @vuldb@infosec.exchange · 12h

12h

VulDB @vuldb@infosec.exchange

Added some indicators for: QakBot (+4), MimiKatz (+1), DCRat (+1), Lumma Stealer (+1), Pony (+1), Tofsee (+2) and Mirai (+1). https://vuldb.com/?actor #apt #cti #ioc

vuldb.comActorsPredictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

**CTI.FYI** @CTI_FYI@infosec.exchange · 13h

13h

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog posts!

Group name: ransomhub
Post title: ccktech.com
Info: https://cti.fyi/groups/ransomhub.html

Group name: ransomhub
Post title: www.baxterlaboratories.com
Info: https://cti.fyi/groups/ransomhub.html

cti.fyiransomhub

#ransomware #cti #threatintelligence

**CTI.FYI** @CTI_FYI@infosec.exchange · 15h

15h

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog posts!

Group name: ransomhub
Post title: www.jhayber.com
Info: https://cti.fyi/groups/ransomhub.html

Group name: ransomhub
Post title: oneill.com
Info: https://cti.fyi/groups/ransomhub.html

cti.fyiransomhub

#ransomware #cti #threatintelligence

**CTI.FYI** @CTI_FYI@infosec.exchange · 19h

19h

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog posts!

Group name: hunters
Post title: CableVision
Info: https://cti.fyi/groups/hunters.html

Group name: FOG
Post title: RAE (Real Academia Española) (rae.es)
Info: https://cti.fyi/groups/FOG.html

cti.fyihunters

#ransomware #cti #threatintelligence

**lazarusholic** @lazarusholic@infosec.exchange · 20h

20h

lazarusholic @lazarusholic@infosec.exchange

"북한 라자루스(Lazarus) 그룹이 배포한 악성 npm 패키지 감염 사례" published by Logpresso. #Lazarus, #NPM, #DPRK, #CTI https://logpresso.com/ko/blog/2025-03-17-lazarus-npm

로그프레소[위협 분석] 북한 라자루스(Lazarus) 그룹이 배포한 악성 npm 패키지 감염 사례 | 로그프레소최근 북한의 라자루스(Lazarus) 해킹 그룹이 npm(Node Package Manager) 저장소를 통해 악성 패키지를 배포해 수백 명의 개발자들이 피해를 입은 사실이 확인되었습니다.

**lazarusholic** @lazarusholic@infosec.exchange · 20h

20h

lazarusholic @lazarusholic@infosec.exchange

"김수키(Kimsuky) 에서 만든 파워셀 악성코드-1.ps1(<-가칭 2025.3.13)" published by Sakai. #Kimsuky, #DPRK, #CTI https://wezard4u.tistory.com/429432

꿈을꾸는 파랑새 · 1d김수키(Kimsuky) 에서 만든 파워셀 악성코드-1.ps1(<-가칭 2025.3.13)오늘은 북한의 APT 조직인 북한 정찰총국 산하의 해킹 조직 중인 하나인 김수키(Kimsuky) 에서 만든 파워셀 악성코드인 1.ps1(파일명:1.ps1사이즈:1 MBMD5:85f5075610661c9706571a33548d7585SHA-1:bc36b9e8cf23dc0287f090a5c0bad3b391d00f86SHA-256:6ffb5106d912e582bde2c095365fa37a441741e4b9ea7f856b2ecad9516b74c2해당 코드는 단순하게 PowerShell(파워셀) 된 악성코드 이면 해당 코드 에 국민 메신저이고 어느 곳에서는 검열 문제로 시끄러운 카카오톡 관련 url 이 있는 악성코드입니다.악성코드 내용$iPath = "$env:TEMP\processlist(.)txt";$cPat..

**lazarusholic** @lazarusholic@infosec.exchange · 20h

20h

lazarusholic @lazarusholic@infosec.exchange

"Analysis of LinkedIn Recruitment Phishing" published by Slowmist. #ContagiousInterview, #DPRK, #CTI https://slowmist.medium.com/slowmist-analysis-of-linkedin-recruitment-phishing-4b4b55e02bf4

Medium · 2dSlowMist: Analysis of LinkedIn Recruitment PhishingBy SlowMist

**lazarusholic** @lazarusholic@infosec.exchange · 20h

20h

lazarusholic @lazarusholic@infosec.exchange

"Malicious HWP Document Disguised as Reunification Education Support Application" published by Ahnlab. #Wateringhole, #DPRK, #CTI https://asec.ahnlab.com/en/86841/

ASEC · 5dMalicious HWP Document Disguised as Reunification Education Support Application - ASECOn March 5, AhnLab SEcurity intelligence Center (ASEC) found a post recruiting students for a unification-related course, which included a link to download a malicious HWP document. At the time of analysis, there were download links for JPG, HWP, and DOC files at the bottom of the post. The HWP file among them was identified […]

**lazarusholic** @lazarusholic@infosec.exchange · 20h

20h

lazarusholic @lazarusholic@infosec.exchange

"Squid Werewolf cyber spies masquerade as recruiters" published by BiZone. #SquidWerewolf, #DPRK, #CTI https://bi.zone/eng/expertise/blog/sotni-tysyach-rubley-za-vashi-sekrety-kibershpiony-squid-werewolf-maskiruyutsya-pod-rekruterov/?utm_source=main&utm_medium=link&utm_campaign=sotni-tysyach-rubley-za-vashi-sekrety-kibershpiony-squid-werewolf-maskiruyutsya-pod-rekruterov

BI.ZONESquid Werewolf cyber spies masquerade as recruitersThe adversaries impersonated a legitimate company, emailing fake job descriptions to employees of targeted organizations

**CTI.FYI** @CTI_FYI@infosec.exchange · 23h

23h

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog posts!

Group name: cactus
Post title: kyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

Group name: cactus
Post title: assaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

Group name: cactus
Post title: baillie.com\$130.5M\USA\52GB\100% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

Group name: cactus
Post title: thermoid.com\$183.2M\USA\199GB\100% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

Group name: cactus
Post title: tempel.com\$628.7M\USA\111GB\100% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

Group name: cactus
Post title: rocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

Group name: cactus
Post title: urban1.com\$460.3M\USA\2.5TB\100% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

cti.fyicactus

#ransomware #cti #threatintelligence

**CTI.FYI** @CTI_FYI@infosec.exchange · 1d

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog post!

Group name: cactus
Post title: bluedge.com\$104.5M\USA\994GB\100% DISCLOSED
Info: https://cti.fyi/groups/cactus.html

cti.fyicactus

#ransomware #cti #threatintelligence

**VulDB** @vuldb@infosec.exchange · 1d

VulDB @vuldb@infosec.exchange

Added indicators for: Meterpreter (+1), QakBot (+1), BianLian (+1), ValleyRAT (+1), Pink (+1), Stealc (+1) and BlackShades (+1). https://vuldb.com/?actor #apt #cti #ioc

vuldb.comActorsPredictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

**CTI.FYI** @CTI_FYI@infosec.exchange · 1d

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog post!

Group name: ransomhub
Post title: www.ameda.com
Info: https://cti.fyi/groups/ransomhub.html

cti.fyiransomhub

#ransomware #cti #threatintelligence

**CTI.FYI** @CTI_FYI@infosec.exchange · 1d

CTI.FYI @CTI_FYI@infosec.exchange

New ransom group blog post!

Group name: hunters
Post title: Courageous Home Care
Info: https://cti.fyi/groups/hunters.html

cti.fyihunters

#ransomware #cti #threatintelligence

**VulDB** @vuldb@infosec.exchange · 2d

VulDB @vuldb@infosec.exchange

Looking for IOC, TTP, and IOA? Check our GitHub repository: https://github.com/vuldb/cyber_threat_intelligence #vuldb #github #cti #ioc #ttp #ioa

GitHubGitHub - vuldb/cyber_threat_intelligence: Cyber Threat Intelligence Data, Indicators, and AnalysisCyber Threat Intelligence Data, Indicators, and Analysis - vuldb/cyber_threat_intelligence

**VulDB** @vuldb@infosec.exchange · 2d

VulDB @vuldb@infosec.exchange

New indicators for: DeimosC2 (+1), PlugX (+1), QakBot (+2), CyberGate (+1), ValleyRAT (+5), Stealc (+1) and Nimplant (+1). https://vuldb.com/?actor #apt #cti #ioc

vuldb.comActorsPredictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.