Discover and read the best of Twitter Threads about #APT

Most recents (24)

🧵#MustangPanda 🐼 (& other #APT groups) use DLL side-loading/search-order hijacking (see ATT&CK).

It's a pain for #CTI analysts who manually vet IOCs -> as this TTP involves delivering a valid vulnerable application, Bring-Your-Own-Vulnerable-App (BYOVA), if you will... 1/3
For example, take this Symantec.exe binary, it's a valid, signed file 🔍 but it's used by #MustangPanda 🐼 for dll side-loading!

Should you pre-emptively block it? Maybe. But first, be sure to check 📝 for its presence in the org -> before causing lots of alerts or worse ⚠️ 2/3 ImageImage
OR you should give warnings ⚠️ before sharing these BYOVA bins as IOCs!

🥲The CTI analyst struggle to vet IOCs is real... but this may help!

I created a Gist & VT Collection for triage:

1.🔗gist.github.com/BushidoUK/181d…

2. 🔗 virustotal.com/gui/collection…

Hopefully this is useful! 2/2
Read 3 tweets
Iran-linked hackers Agrius deploying new ransomware against Israeli orgs

An Iran-linked advanced persistent threat #APT group is using new #ransomware while targeting a familiar adversary in the Middle East, researchers have found.

#Iran #CyberAttack
therecord.media/iran-hackers-a…
"Check Point’s Incident Response Team investigated the deployment of the ransomware against #Israeli organizations and claimed by a group dubbing itself Moneybird."
"Researchers found that it bore the hallmarks of Agrius, a #hacker group that has been around since 2020 and has attempted to disguise itself with aliases like BlackShadow."
Read 6 tweets
Top 30 Trending Coins on @coingecko 🔍

This week, we see Ethereum (#ETH) coming in at number 1, followed by Sui (#SUI) and Aptos (#APT)!

Got any of these in your bag?
coingecko.com/en/discover Image
@ethereum - $ETH
@SuiNetwork - $SUI
@Aptos_Network - $APT
@Polkadot - $DOT
@PancakeSwap - $CAKE
@0xPolygon - $MATIC
@ton_blockchain - $TON
@pepecoineth - $PEPE
@tomipioneers - $TOMI
@arbitrum - $ARB
@miladymemecoin - $LADYS
@solana - $SOL
@Ripple - $XRP
@BNBCHAIN - $BNB
Read 4 tweets
1/ New #MuddyWater 🇮🇷Infra detected; moves to #Metasploit and #HPAnywhere/#Teradici tool added?

@GroupIB_TI released a great report detailing MuddyWater’s use of SimpleHelp Remote Support Software. They tracked the #APT's infrastructure using Etags.

Let's take a look! 🧐 👇👇 Image
2/ First Etag(153): 🔟results.

First IP of interest: 👉164.132.237[.]67

If we now pivot on the SSH hash, we match on another IP:

👉3.6.222[.]144.

Looking at this IP, the SSL certificate presented mentions O=Teradici Corporation... Image
3/ Teradici (now HP Anywhere) allows for remote access to machines from any PCoIP client. 💻⬅️🌐⬅️💻

Indicating that MuddyWater may also be using HP’s Anywhere/Teradici as well as SimpleHelp?🧐 Image
Read 12 tweets
【关于门头沟事件,是否会对接下来的市场造成抛压和冲击,导致大跌】

这应该是我第三次谈及这个话题,无奈每过一段时间,这件事都会被拿出来炒作一下

先说结论:不会

短期门头沟事件会被资本利用,制造短期的恐慌,从而洗出更便宜的筹码,长期门头沟事件难以对市场造成大的冲击,更不用说致命性打击
1/8

关于Mt.Gox事件:

2014 年,作为曾占比特币交易量 70% 的全球第一大交易所遭遇黑客攻击,共有 10 万枚比特币及用户 75 万枚比特币被盗(后找回 20 万枚比特币并陆续抛售6 万枚)

用户资产一夜之间“灰飞烟灭”, 3 天后 Mt.Gox 申请破产,该事件并引起了比特币急剧下跌,并在随后几个月内持续下滑
2/8

关于赔偿和解锁时间:

Mt.Gox 官网公告,债权人要想获得赔偿,需在 2023 年 3 月 10 日前登记并选择还款方式,首批赔付的最后期限为 2023 年 9 月 30 日。

如果未能在截止时间内完成登记和注册,这部分债权人将无法获得提前一次性还款,且失去部分加密货币恢复索赔、银行汇款支付的权利
Read 9 tweets
1) ⚠️ FA CLASSES PART 4 HOMEWORK REVIEW⚠️

You were given the assignment to review 2 projects based on ''tokenomics'' only.

• $MNW
• $APT

Here's my review on how I work to make a project pass our ''FA analysis' ' 🧵 👇 Image
2) $MNW

The token is the main fuel that allows their middleware solution (their product) to work.

Tokens can be used as a value based utility or to pay for transaction fees.

⏩ Almost 80% of the supply is unlocked (circ vs total supply). Image
3) $APT

The token is used for:

• Governance: holders can vote.

• Network fees: pay for transactions.

• Validators staking: secure the blockchain.

⏩ Almost 20% of the supply is unlocked (circ supply vs total supply). Image
Read 10 tweets
Proud to contribute to the remarkable scientific journey of #APT, whose 10-year analysis is now published on @TheLancetOncol. Adjuvant TH confirmed outstanding long-term outcomes for patients with small HER2+ breast cancer. Aim for the next decade: biomarker-informed treatments!
Here a thread on the clinical and biomarker findings from this 10-year update: 👇 🧵
Icing on the cake: a great accompanying commentary by Elena Geuna, @curijoey & @FilippoMontemu1

sciencedirect.com/science/articl…
Read 4 tweets
#APT #Airdrop $APT
#2 chance for $APT Airdrop?

In the tokenomics of the project, 51% of the tokens are allocated to the community. I think that at least a second airdrop will be offered by them from $APT

Let's dive in what you have to do 👇
1. First you have to creat an account on forum.aptoslabs.com.

2. You have to be active in the comunnity and earn badges.
3.The most important badges are : Certified, Licensed and Member.
4. Below i will post 2 links with full detailed tutorial on how you can get those 3 badges.

forum.aptoslabs.com/t/how-to-get-y…

forum.aptoslabs.com/t/all-badges-i…
Read 5 tweets
GM!

Les dejo algunos charts que voy a estar siguiendo ⬇️
Read 5 tweets
كشف حساب
ماذا قدمت للمحتوي العربي و في ماذا أخطأت منذ 2021 الي 2023 منذ بدايه مشاركة تحليلي ونظرتي
1-حذرت من القمة 61 الف
2- حذرت من الهبوط50% عند 47الف
3- حذرت من العبوط عند 31 الف
4- حذرت عند 20 الف قبل كسر قاع ftx
5-دخلت السوق من 16100
6- حذرت من جشع فريق عملة icp عند سعر 70$
7- وصيت علي عمله #step وحققنا فيها 10 دبلات و خرجنا من قمتها

8- وصيت علي عملة #Deso من سعر 5,60 وخرجت عند 20$ 3 دبل

9-وصيت علي عملة #SYLO وحققنا فيها دبل

10-وصيت علي عملة #Orai من سعر دولار الان 5$

11-وصيت علي #apt من سعر 4$ الان 18$

12-وصيت علي #high من سعر 1$ الان 3,30$
13- وصيت علي neer من 19سينت و خرجنا من 50سينت دبل ونصف

15- وصيت علي azero من 70 سينت الان 1,30$

16-وصيت علي cru عند 0,78 الان 1,60

وباقي العملات اللي وصيت عليها الان علي ربح مابين10% الي 30% زي #mover #Boson #pyr #ksm
هذا ما اتذكره الان
Read 5 tweets
Vì sap #APT tăng x6 trong tháng vừa qua, mình note lại cái này để mọi người có thể suy luận sang các dòng khác.

Đây cũng là cái để giải thích lý do vì sao xảy ra xu hướng tăng của thị trường crypto hay $BTC những ngày qua👇
1. Các token #DOGE, #SHIB được đề cử giải "máy bơm" trong năm 2021, và mở đầu năm 2023 vinh dự ô nhục này được dành cho #Aptos, tăng gần 500% với "chẳng lý do gì cả, như một con chó meme".
2. Nói lại Aptos có khả năng xử lý 10k tps hướng tới 100k tps, dùng Move đc đánh giá cao về bảo mật và dễ sài. Huy động đc $200M, định giá $2B phần chính là FTX Ventures (đã hẹo), Binance vào sau mức định giá tới $4B, ngày ra mắt định giá $12B
Read 7 tweets
Un pullback del mercato di martedì si è trasformato in un ritorno di mercoledì quando il bitcoin è salito oltre i $ 23.700 prima di ritirarsi leggermente. Eth sale sopra i $1.618. Altre criptovalute come #APT,registrano guadagni del 48% nelle ultime 24 ore,

Thread
Bitcoin ed Ether sono rimbalzati nel trading di giovedì mattina in Asia dopo la correzione di ieri tra indicatori economici misti e earnings deboli di Microsoft che avevano fatto scendere i prezzi.
Solana, Polygon e Cardano hanno guidato i guadagni tra i primi 10 per capitalizzazione di mercato. Le azioni statunitensi sono state contrastanti durante la notte.
Read 23 tweets
1/🪂 AIRDROP HUNT 🪂

𝗙𝗢𝗥𝗕𝗜𝗧𝗦𝗪𝗔𝗣

@forbitswap is an #APTOS AMMs)
and liquidity pools to enables peer-to-peer (P2P) cryptocurrency trades that execute without order books or a centralized intermediary on MOVE language.

#airdrop confirmed 💰

#airdrops $APT Image
2/ Airdrop is annonced for OG role (raffle) and WL (guaranteed) check details below.

To receive roles 🎭, you must do
@crew3xyz task and join #Giveaway with Forbitswap partners.
Team will randomly draw 1000 WL slot among OGs roles. Image
3/👇AIRDROP STRATEGY 👇

You need an Aptos wallet and some testnet $APT
To claim testnet tokens : aptoslabs.com/testnet-faucet

1️⃣ Go to move.forbitswap.com/#/swap
Connect your wallet on the right corner and set your wallet on '' Aptos Testnet '' network ✅ ImageImage
Read 9 tweets
1/ @SBF_FTX 's new fav token is on a rapid rise. Image
2/ #APT sees a drastic positive change in open interest (Oi) change over the past hours. Image
3/ Oi increased by around 18% in 4h and vol increased as well. Image
Read 7 tweets
📢I recently investigated a campaign targeting the cryptocurrency industry. I wrote a detailed report that includes TTP, IOC and more. Here is a thread about this attack! 🧵👇

@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt

microsoft.com/en-us/security…
The attack started on Telegram to identify the targets, then they deployed a weaponized Excel document which finally delivered the final backdoor through multiple mechanisms. ☠☠️ #infosec #malware #backdoor
🧐To identify the targets, the threat actor sought out members of cryptocurrency investment groups on Telegram.

👀They created fake profiles using details from employees of the company OKX. #infosec #Cryptocurency
Read 14 tweets
Increase your chances of getting WL by 85% 🧵👇
The thread will consist of 4 Strategies that should increase ur chances of getting WL.

They will be in order from High barrier entry-> Low barrier entry.

Let's begin. 🫡
1) Blue chips:
When u are a holder of a blue chip the likelihood of getting hyped WL’s increases, as blue chips holds status.
When projects are approached by blue chips to them It’s like Mercedes wants to collab with their project.
Read 18 tweets
[1/5] #APT group Earth Aughisky (aka #Taidoor) has been active in cyberespionage for over 10 years. The first malware attributed to them was Taidoor, followed by a series of malware that vary according to their targets. Follow this thread: research.trendmicro.com/3EgHWN4
[2/5] Earth Aughisky consistently targets high-value targets in #Taiwan. In recent years, however, this #APT group has expanded to other countries in the region: Japan and Southeast Asia. Image
[3/5] Our monitoring of #APT group Earth Aughisky noted significant changes in its level and frequency of activities, suggesting a potential internal change in objectives and organization. Image
Read 5 tweets
Here's my top 10 big "unattributed" #APT mysteries:
Read 12 tweets
Since your malicious cyberattack timelines matched cybersecurity’s research to strengthen security for years and now, you hack alone but with a cooperative goal to damage national security. Which Advanced Persistent Threats group/s #APTs are you in, #Animez_UK? Image
Converting traditional crime to cyber-enabled crime and becomes a malicious attacker against the UK, for

1- financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the UKGOV.

#Animez_UK ImageImage
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learn to communicate with #women.
-favours #authoritarianism.
-enjoys #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.

#Animez_UK ImageImage
Read 214 tweets
Having fun with cyberstalking #UKGOV, attacking organisations, universities & individuals connected to the justice system, UK #military against #NCSC, treating #intelligence & #GCHQ as jokes to your 15- 20 yrs malicious #hacking for #China & #Russia inside #Britain, @Animez_UK?01
Converting #traditional crime to cyber-enabled crime and becomes a malicious #cyberattacker against the UK, for

1- #financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the #UKGOV.

@Animez_UK @NCSC

02 Image
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learned to communicate with #women.
-favours #authoritarianism.
-enjoys to #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.

@Animez_UK @NCSC Image
Read 188 tweets
Thread on #APT grps, #hacktivists, #Ransomware gangs with their ‘likely’ associations (as per TTPs and reports) that are playing a significant role in impending #Ukraine #Russian conflict. Correct me if i am wrong or missing any one. 1/
Firstly on Russian 🇷🇺side there are #GhostWriter (#Belarus Govt Backed) #CozyBear (Russian Foreign Intel aka #SVR) #UNC1151 (Minsk based) #FancyBears & #SandWorm (Russian Military Intel aka #GRU) #Turla and #Gamaredon (Russian Internal Intel #FSB Former KGB) 2/
Read 7 tweets
This is really interesting!
Maybe it is an #APT attack targeting #Ukriane:

Zip -> dovidka.chm -> WScript.exe ignit.vbs -> wscript.exe desktop.ini -> regasm.exe core.dll

Also it drops "Windows Prefetch.lNk" in Start-Up directory to make "desktop.ini" persistence.
(1/3)
The dropped payload is a small .Net payload that is obfuscated using ConfuserEx. It has been compiled on Jan 31 2022.

IOCs:
e34d6387d3ab063b0d926ac1fca8c4c4
довідка.zip

2556a9e1d5e9874171f51620e5c5e09a
dovidka.chm (According to VT it is exploiting CVE-2019-0541)

(2/3)
ignit.vbs
bd65d0d59f6127b28f0af8a7f2619588

Desktop.ini
a9dcaf1c709f96bc125c8d1262bac4b6

Windows Prefetch.lNk
fb418bb5bd3e592651d0a4f9ae668962

core.dll
d2a795af12e937eb8a89d470a96f15a5

C2:
xbeta[.]online
185.175.158.27
(3/3)
Read 3 tweets
It's been one of the more eventful weeks in cybersecurity history. In my little corner of the world, it went a little something like this... 1/n
The first #log4j / #log4shell blog from #SURGe @splunk splunk.com/en_us/blog/sec… was published a week ago with @meansec leading from the front and jump-started by @DrShannon2000 and @jsy9981 2/n
Meanwhile, hundreds of Splunkers worked through last weekend to publish our official advisory. If you take one thing from this thread, it should be this! It's updated frequently and includes details about CVE-2021-45046 and more. splunk.com/en_us/blog/bul… 3/n
Read 28 tweets
Some updates on this suspected #Lazarus #APT:(thread, 1/4)
1) The remote template is VBA stomped or at least it was able to hide itself from olevba and oledump
2) The remote template drops an obfuscated vbs file and registers it as a scheduled service
3) All the strings in "OneDriveUpdateNew.vbs" are obfuscated and are decoded using "string_decoder" function with a hardcoded key table.

You can see the decoder and list of the decoded strings used by this vbs file here:
github.com/HHJazi/APT
2/4
4) The vbs file collects the victim info and builds an HTTP request:
"Username-ComputerName_UUID;OSName"
5) Then it encodes the request using hard coded key and sends the generated request to C2
6) Receives a payload from the C2 and writes it into "%APPDATA%/OD_update.exe"
3/4
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!