GRUzzly Bear :verified: · @1nternaut
239 followers · 107 posts · Server infosec.exchangeRT @sekoia_io@twitter.com
🕵️♂️ Following @Intrinsec@twitter.com’s report on #APT27 🇨🇳, we have just published a blogpost where we analyze #LuckyMouse TTPs and provide #SIGMA detection rules for most of them: https://blog.sekoia.io/lucky-mouse-incident-response-to-detection-engineering/
#apt27 #luckymouse #sigma #detectionengineering
· @redfrog
2984 followers · 57952 posts · Server mamot.fr#ESETResearch discovered that #LuckyMouse/#APT27 used a code-signing certificate belonging to VMPsoft, the developer of the VMProtect packer.
The signed file is a loader for the SysUpdate backdoor (aka Soldier).
We notified VMPSoft of this compromise 1/4
https://virustotal.com/gui/file/a8527a88fb9a48f043a0b762c7431fb52e601b72ff2fa0d35327e5cc72404edc
GRUzzly Bear :verified: · @1nternaut
239 followers · 107 posts · Server infosec.exchange
RT @ESETresearch@twitter.com
#ESETResearch discovered that #LuckyMouse/#APT27 used a code-signing certificate belonging to VMPsoft, the developer of the VMProtect packer. The signed file is a loader for the SysUpdate backdoor (aka Soldier). We notified VMPSoft of this compromise 1/4
https://www.virustotal.com/gui/file/a8527a88fb9a48f043a0b762c7431fb52e601b72ff2fa0d35327e5cc72404edc