ANY.RUN<p>👾 Cactus is a <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> that encrypts not only your data, but its own binaries<br>It uses triple-extortion tactics and abuses <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a> days after they’re exposed</p><p>Learn more & collect <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>: <a href="https://any.run/malware-trends/cactus/?utm_source=mastodon&utm_medium=post&utm_campaign=cactus&utm_content=tracker&utm_term=170325" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/malware-trends/cactus/</span><span class="invisible">?utm_source=mastodon&utm_medium=post&utm_campaign=cactus&utm_content=tracker&utm_term=170325</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyber</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
okla.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Oklahoma... we're trying ya'll
Administered by:
Server stats:
33active users
okla.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#iocs
2 posts · 2 participants · 0 posts today
Funes<p>Yo <a href="https://infosec.exchange/tags/HijackLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HijackLoader</span></a> to <a href="https://infosec.exchange/tags/RedLineStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedLineStealer</span></a> incidents all over the place today. Make sure you're blocking 92.255.85[.]36 at the fw and bitly[.]cx unless you need to use that specific url shortening service for some strange reason.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/iocs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iocs</span></a></p>
ANY.RUN<p>⚠️ It may seem that <a href="https://infosec.exchange/tags/rootkits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rootkits</span></a> golden age has passed, but they are still present and dangerous.<br>Keep in mind what they are and how not to let them into your system.<br>🎯 Learn more & collect <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>: <a href="https://any.run/malware-trends/rootkit/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=110325" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/malware-trends/rootkit</span><span class="invisible">/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=110325</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
ANY.RUN<p>🚨 Fake Booking.com phishing pages used to deliver malware and steal data<br>⚠️ Attackers use <a href="https://infosec.exchange/tags/cybersquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersquatting</span></a>, mimicking Booking website to create legitimate-looking phishing pages that trick users into executing malicious actions.<br>Leveraging <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a>'s interactivity, security professionals can follow the entire infection chain and gather <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>.</p><p>👨💻 Case 1: The user is instructed to open the Run tool by pressing Win + R, then Ctrl + V to paste the script, and hit Enter. This sequence of actions executes a <a href="https://infosec.exchange/tags/malicious" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malicious</span></a> script that downloads and runs malware, in this case, <a href="https://infosec.exchange/tags/XWorm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XWorm</span></a>.<br>Take a look at the analysis: <a href="https://app.any.run/tasks/61fd06c8-2332-450d-b44b-091fe5094335/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/61fd06c8-233</span><span class="invisible">2-450d-b44b-091fe5094335/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice</span></a></p><p>🔍 TI Lookup request to find domains, IPs, and analysis sessions related to this campaign:<br><a href="https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522mktoresp.com%255C%2522%2520AND%2520domainName:%255C%2522booking.*.%255C%2522%2522,%2522dateRange%2522:30%7D%20%20" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">intelligence.any.run/analysis/</span><span class="invisible">lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522mktoresp.com%255C%2522%2520AND%2520domainName:%255C%2522booking.*.%255C%2522%2522,%2522dateRange%2522:30%7D%20%20</span></a></p><p>🎯 Use this search query to find more examples of this fake <a href="https://infosec.exchange/tags/CAPTCHA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CAPTCHA</span></a> technique and enhance your organization's security response:<br><a href="https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522commandLine:%5C%2522" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">intelligence.any.run/analysis/</span><span class="invisible">lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522commandLine:%5C%2522</span></a></p><p>👨💻 Case 2: In this scenario, threat actors aim to steal victims’ banking information. It’s a typical phishing site that mimics Booking website and, after a few steps, prompts users to enter their card details to ‘verify’ their stay.<br>See example: <a href="https://app.any.run/tasks/87c49110-90ff-4833-8f65-af87e49fcc8d/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/87c49110-90f</span><span class="invisible">f-4833-8f65-af87e49fcc8d/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice</span></a></p><p>📌 A key domain in this campaign, Iili[.]io, was also used by <a href="https://infosec.exchange/tags/Tycoon2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tycoon2FA</span></a> <a href="https://infosec.exchange/tags/phishkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishkit</span></a>.<br>🔍 Use this TI Lookup query to find more examples:<br><a href="https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522bzib.nelreports.net%255C%2522%2520AND%2520domainName:%255C%2522xpaywalletcdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520AND%2520domainName:%255C%2522xpaycdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522iili.io%255C%2522%2522,%2522dateRange%2522:180%7D%20" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">intelligence.any.run/analysis/</span><span class="invisible">lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522bzib.nelreports.net%255C%2522%2520AND%2520domainName:%255C%2522xpaywalletcdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520AND%2520domainName:%255C%2522xpaycdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522iili.io%255C%2522%2522,%2522dateRange%2522:180%7D%20</span></a></p><p>Investigate the latest <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> and <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> attacks with <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> 🚀</p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ANY.RUN<p>👾 <a href="https://infosec.exchange/tags/Akira" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akira</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a>-as-a-service has been used to extort over $40 million from businesses in finance, technology, and healthcare.<br>⚠️ It is operated by Howling Scorpius and uses double extortion.</p><p>Learn more & collect <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>: <a href="https://any.run/malware-trends/akira/?utm_source=mastodon&utm_medium=post&utm_campaign=akira&utm_content=tracker&utm_term=030325" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/malware-trends/akira/?</span><span class="invisible">utm_source=mastodon&utm_medium=post&utm_campaign=akira&utm_content=tracker&utm_term=030325</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ANY.RUN<p>🎯 <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> TI Feeds feature both fresh and unique <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> extracted from malware configs and caught by <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> rules</p><p>Find out what indicators they contain and how they can level up your org's threat detection 👇<br><a href="https://any.run/cybersecurity-blog/indicators-in-ti-feeds/?utm_source=mastodon&utm_medium=post&utm_campaign=indicators_in_ti_feeds&utm_term=270225&utm_content=linktoblog" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/cybersecurity-blog/ind</span><span class="invisible">icators-in-ti-feeds/?utm_source=mastodon&utm_medium=post&utm_campaign=indicators_in_ti_feeds&utm_term=270225&utm_content=linktoblog</span></a></p><p><a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ANY.RUN<p>🔔 Subscribe to threat updates in TI Lookup<br>Regularly receive notifications about fresh intel of your interest, quickly track changes in <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>, <a href="https://infosec.exchange/tags/IOAs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOAs</span></a>, & <a href="https://infosec.exchange/tags/IOBs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOBs</span></a>, and stay informed about evolving threats</p><p>🚀 Streamline your work with <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a>: <a href="https://intelligence.any.run/plans/?utm_source=mastodon&utm_medium=post&utm_campaign=notifications_video&utm_term=250225&utm_content=linktotiplans/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">intelligence.any.run/plans/?ut</span><span class="invisible">m_source=mastodon&utm_medium=post&utm_campaign=notifications_video&utm_term=250225&utm_content=linktotiplans/</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
The Spamhaus Project<p>Mirai is the #1 malware family on <span class="h-card" translate="no"><a href="https://ioc.exchange/@abuse_ch" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>abuse_ch</span></a></span> URLhaus AND MalwareBazaar, with 5,363 sites reported and 3,210 samples shared.</p><p>🔗 URLHaus: <a href="https://www.spamhaus.org/malware-digest/#urlhaus" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">spamhaus.org/malware-digest/#u</span><span class="invisible">rlhaus</span></a><br>👾 MalwareBazaar: <a href="https://www.spamhaus.org/malware-digest/#malwarebazaar" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">spamhaus.org/malware-digest/#m</span><span class="invisible">alwarebazaar</span></a></p><p>But with 3,046 IOCs, find out which malware family is 🔝 of the charts on Threatfox👇 </p><p>🦊 ThreatFox: <a href="https://www.spamhaus.org/malware-digest/#threatfox" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">spamhaus.org/malware-digest/#t</span><span class="invisible">hreatfox</span></a></p><p><a href="https://infosec.exchange/tags/Mirai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mirai</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/abuseCH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abuseCH</span></a></p>
ANY.RUN<p>👾 <a href="https://infosec.exchange/tags/Ramnit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ramnit</span></a> is a modular banking <a href="https://infosec.exchange/tags/trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trojan</span></a> with botnet capabilities</p><p>It steals financial data and credentials, recruits infected devices into <a href="https://infosec.exchange/tags/botnets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>botnets</span></a>, and is notably persistent</p><p>Learn more, collect <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> & samples: <a href="https://any.run/malware-trends/ramnit/?utm_source=mastodon&utm_medium=post&utm_campaign=ramnit&utm_content=mtt&utm_term=180225" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/malware-trends/ramnit/</span><span class="invisible">?utm_source=mastodon&utm_medium=post&utm_campaign=ramnit&utm_content=mtt&utm_term=180225</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
ANY.RUN<p>🚨 Zhong Stealer is a new <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> targeting <a href="https://infosec.exchange/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crypto</span></a> and <a href="https://infosec.exchange/tags/fintech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fintech</span></a> sectors</p><p>It infects orgs via support ticket systems and exfiltrates stolen data to C2 in Hong Kong</p><p>See detailed technical analysis and collect <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> 👇</p><p><a href="https://any.run/cybersecurity-blog/zhong-stealer-malware-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=zhong_malware_analysis&utm_term=180225&utm_content=linktoblog" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/cybersecurity-blog/zho</span><span class="invisible">ng-stealer-malware-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=zhong_malware_analysis&utm_term=180225&utm_content=linktoblog</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ANY.RUN<p>📢 New! Threat Intelligence Reports from ANYRUN</p><p>Discover detailed research on active cyber threats and <a href="https://infosec.exchange/tags/APTs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APTs</span></a> with actionable insights, <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>, & <a href="https://infosec.exchange/tags/TTPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TTPs</span></a> </p><p>Enrich proactive security, report on <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT41</span></a> inside ⬇️<br><a href="https://any.run/cybersecurity-blog/threat-intelligence-reports/?utm_source=mastodon&utm_medium=post&utm_campaign=ti_reports&utm_content=linktoblog&utm_term=130225" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/cybersecurity-blog/thr</span><span class="invisible">eat-intelligence-reports/?utm_source=mastodon&utm_medium=post&utm_campaign=ti_reports&utm_content=linktoblog&utm_term=130225</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a></p>
Infoblox Threat Intel<p>Stay alert! These disinformation campaigns affect all of us, no matter where we are!<br> <br>Traffic Distribution Systems (TDSs) run by malicious adtech companies are seen delivering disinformation in different languages, tailored to the country the victim accesses from. They utilize subdomains to differentiate their content. The landing pages impersonate well-known brands and celebrities, aiming to deceive users. It's crucial to block these TDS domains and prevent any content they deliver.<br> <br>Here are some examples of TDS domains that redirect to these disinformation campaigns:</p><p>zoograithavaupy[.]net<br>asjynxon[.]com<br>phaunaitsi[.]net<br> <br>And here are some landing page domains associated with this campaign:</p><p>cooknove[.]com<br>healthbrit[.]com<br>foodleas[.]com<br>daily-web[.]live</p><p><a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fraud</span></a> <a href="https://infosec.exchange/tags/disinformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disinformation</span></a> <a href="https://infosec.exchange/tags/threatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatIntel</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/threatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatIntelligence</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/iocs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iocs</span></a> <a href="https://infosec.exchange/tags/domains" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>domains</span></a> <a href="https://infosec.exchange/tags/impersonating" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>impersonating</span></a><br> <br><a href="https://urlscan.io/result/ef3f29ea-67df-4010-8a18-4638d401ab67/#summary" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">urlscan.io/result/ef3f29ea-67d</span><span class="invisible">f-4010-8a18-4638d401ab67/#summary</span></a></p>
ANY.RUN<p>▶️ Play is a <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> active since 2022.<br>It uses double extortion, exploits RDP servers, and targets companies in the US and EU 🎯 <br> <br>See how it operates and collect <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> & samples 👉 <a href="https://any.run/malware-trends/play/?utm_source=mastodon&utm_medium=post&utm_campaign=play&utm_term=100225&utm_content=linktomtt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/malware-trends/play/?u</span><span class="invisible">tm_source=mastodon&utm_medium=post&utm_campaign=play&utm_term=100225&utm_content=linktomtt</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
Sophos X-Ops<p>You should also pay attention to the Address Bar if you’re prompted to log in to a service you use after opening an email attachment. </p><p>All of the <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> pages that loaded in our tests displayed the criminals’ website address, which was clearly not a <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> website. The Russian URLs were pretty obvious, if you looked.</p><p>We published the list of the <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> domains and other <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> on our Github page.</p><p><a href="https://github.com/sophoslabs/IoCs/blob/master/20250205_SVGspam.csv" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/sophoslabs/IoCs/blo</span><span class="invisible">b/master/20250205_SVGspam.csv</span></a></p><p>Stay safe, everyone.</p><p><a href="https://news.sophos.com/en-us/2025/02/05/svg-phishing/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.sophos.com/en-us/2025/02/</span><span class="invisible">05/svg-phishing/</span></a></p><p>9/9</p>
ANY.RUN<p>🌑 BlackMoon is a veteran banking <a href="https://infosec.exchange/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trojan</span></a> that emerged more than a decade ago <br>Today it is still evolving and remains a significant threat to businesses</p><p>Learn more, get <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a>, and collect samples<br>👉 <a href="https://any.run/malware-trends/blackmoon/?utm_source=mastodon&utm_medium=post&utm_campaign=blackmoon&utm_content=tracker&utm_term=030225" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">any.run/malware-trends/blackmo</span><span class="invisible">on/?utm_source=mastodon&utm_medium=post&utm_campaign=blackmoon&utm_content=tracker&utm_term=030225</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
log4jm<p>I've been enjoying infosec.exchange for the last month or so but have been putting off an <a href="https://infosec.exchange/tags/Introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Introduction</span></a> because I'm awkward and anxious (<a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> am I right?). I feel more comfortable talking about my cat than myself or my work on social media, so you'll probably mostly see him amongst my boosts and replies. He's a little hacker who tricks me into FaceID unlocking my iPad for him or hides my pouch of physical security keys to remind me not to be careless with them.</p><p>See how I just went on about the cat? Yeah... I feel imposter syndrome about belonging in <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>. I'm an IT <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> and <a href="https://infosec.exchange/tags/operations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>operations</span></a> focused <a href="https://infosec.exchange/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SysAdmin</span></a> (<a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a>) whose been fascinated/working with computers since I was 3, and have been doing it professionally for over 10 years now. Does that make me <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a>? I honestly don't know. I love this community though and want to make an effort to share what I do know more often besides the cat pics or conversations or boosting <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> and news I think to share.</p><p>If I had to sum up in a few hashtags and such, I know securing <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActiveDirectory</span></a> best but I use/protect <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> and <a href="https://infosec.exchange/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>macOS</span></a> if you'll forgive me for using <a href="https://infosec.exchange/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> there too. I love <a href="https://infosec.exchange/tags/scripting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scripting</span></a> and <a href="https://infosec.exchange/tags/automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>automation</span></a>, the <a href="https://infosec.exchange/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OSINT</span></a> and <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> and <a href="https://infosec.exchange/tags/IOCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOCs</span></a> we share, <a href="https://infosec.exchange/tags/infrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infrastructure</span></a> and <a href="https://infosec.exchange/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewall</span></a> stuff, <a href="https://infosec.exchange/tags/logging" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logging</span></a> and <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a>, and reading/writing reports just as much as code. I'm not super passionate about the <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a> but that's not a hill I'd die on and <a href="https://infosec.exchange/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Azure</span></a> is pretty cool.</p><p>Did I mention I have one of the best <a href="https://infosec.exchange/tags/CatsOfInfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CatsOfInfoSec</span></a> ever?</p><p>Anyway, "it's me, hi!"</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload