Just Another Blue Teamer · @LeeArchinal
134 followers · 201 posts · Server ioc.exchange
Good day all! The Computer Emergency Response Team of Ukraine, CERT-UA reports on a targeted attack attributed to #APT28 they observed on critical energy infrastructure facility in Ukraine. It started with a #phishing email that contained a link to an archive that led to a downloaded zip file that contained three decoy JPGs and a bat file that would run on the victims computer. The BAT file would, again, open some decoy web pages, but more importantly would create a .bat and .vbs file. There was some discovery commands issued, TOR program downloaded and hidden on the victim's computer as a hidden service, and abused common ports (445,389,3389,443). Last but not least, a PowerShell script was used to collect the password hash of the account. Enjoy and Happy Hunting!
https://cert.gov.ua/article/5702579
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #CERTUA
#apt28 #phishing #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting #readoftheday #certua
Mr.Trunk · @mrtrunk
7 followers · 15418 posts · Server dromedary.seedoubleyou.me
Asec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15320 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15215 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15115 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15013 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 14912 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 14608 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14507 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14305 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14204 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14103 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14002 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
5 followers · 10133 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june
Mr.Trunk · @mrtrunk
5 followers · 10035 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june
Mr.Trunk · @mrtrunk
5 followers · 9931 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june
Mr.Trunk · @mrtrunk
5 followers · 9831 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june
Mr.Trunk · @mrtrunk
5 followers · 9728 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june
Mr.Trunk · @mrtrunk
5 followers · 9526 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june
Mr.Trunk · @mrtrunk
5 followers · 9425 posts · Server dromedary.seedoubleyou.meHackmageddon: 16-30 June 2023 Cyber Attacks Timeline https://www.hackmageddon.com/2023/08/01/16-30-june-2023-cyber-attacks-timeline/ #CyberAttacksTimelines #PBIResearchServices #AnonymousSudan #CVE-2023-34362 #CyberEspionage #NoName057(16) #CyberAttacks #CyberWarfare #LazarusGroup #MustangPanda #CyberCrime #Hacktivism #Ransomware #Security #JokerSpy #Timeline #REF9134 #MOVEit #APT15 #APT28 #APT29 #APT37 #2023 #Cl0p #Clop #June
#cyberattackstimelines #pbiresearchservices #anonymoussudan #cve #cyberespionage #noname057 #cyberattacks #cyberwarfare #lazarusgroup #mustangpanda #cybercrime #hacktivism #ransomware #security #jokerspy #timeline #ref9134 #moveit #apt15 #apt28 #apt29 #apt37 #cl0p #clop #june