Stef Rand · @techieStef
129 followers · 5 posts · Server infosec.exchangeOur monthly Intelligence Insight for December is out!
Highlighted topics this month are #YellowCockatoo (aka #Solarmarker aka #JupyterInfostealer), and recent changes to #Gootloader TTPs.
https://redcanary.com/blog/intelligence-insights-december-2022/
#yellowcockatoo #solarmarker #jupyterinfostealer #Gootloader
Stef Rand · @techieStef
134 followers · 7 posts · Server infosec.exchangeOur monthly Intelligence Insight for December is out!
Highlighted topics this month are #YellowCockatoo (aka #Solarmarker aka #JupyterInfostealer), and recent changes to #Gootloader TTPs.
https://redcanary.com/blog/intelligence-insights-december-2022/
#yellowcockatoo #solarmarker #jupyterinfostealer #Gootloader
David Prahl · @infosec_chonk
15 followers · 37 posts · Server infosec.exchange
Whoa. You can use OpenAI to deobfuscate #malware. Here's a chunk of old #Solarmarker, which it correctly summarized. #Infosec
#malware #solarmarker #infosec
Jérôme Segura · @malwareinfosec
174 followers · 22 posts · Server infosec.exchange
The #sczriptzzbn campaign which normally delivers #netsupportRAT, #solarmarker or #icedID is currently redirecting to a tech support scam :blobeyes:
friscomusicgroup[.]com/br2
existsupport22[.]z13[.]web[.]core[.]windows[.]net
#sczriptzzbn #netsupportrat #solarmarker #icedid
seadev · @seadev
123 followers · 65 posts · Server infosec.exchange
This awesome blog about #SolarMarker / #YellowCockatoo / #Jupyter infostealer by Squiblydoo doubles as a really great beginner #powershell walk through from a blue team perspective. They provide easy to spot red flags, and explain how to break down a script into digestible pieces.
https://squiblydoo.blog/2022/09/27/solarmarker-the-old-is-new/
#solarmarker #yellowcockatoo #jupyter #powershell