piggo
@pigondrugs.bsky.social
I sheer alpacas and try to defend the internet from malware
~Socket~
Malicious 'Phantom Shuttle' Chrome extensions pose as a VPN to intercept traffic and exfiltrate user credentials via a C2 server.
-
IOCs: phantomshuttle[. ]space, 47[. ]244[. ]125[. ]55
-
#ChromeExtension #Malware #ThreatIntel
Malicious 'Phantom Shuttle' Chrome extensions pose as a VPN to intercept traffic and exfiltrate user credentials via a C2 server.
-
IOCs: phantomshuttle[. ]space, 47[. ]244[. ]125[. ]55
-
#ChromeExtension #Malware #ThreatIntel
Malicious 'Phantom Shuttle' Chrome Extension
socket.dev
December 23, 2025 at 8:04 PM
~Socket~
Malicious 'Phantom Shuttle' Chrome extensions pose as a VPN to intercept traffic and exfiltrate user credentials via a C2 server.
-
IOCs: phantomshuttle[. ]space, 47[. ]244[. ]125[. ]55
-
#ChromeExtension #Malware #ThreatIntel
Malicious 'Phantom Shuttle' Chrome extensions pose as a VPN to intercept traffic and exfiltrate user credentials via a C2 server.
-
IOCs: phantomshuttle[. ]space, 47[. ]244[. ]125[. ]55
-
#ChromeExtension #Malware #ThreatIntel
~Cisa~
CISA released an updated ICS advisory (ICSA-25-177-01) for Mitsubishi Electric Air Conditioning Systems.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
CISA released an updated ICS advisory (ICSA-25-177-01) for Mitsubishi Electric Air Conditioning Systems.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
CISA ICS Advisory: Mitsubishi Electric
www.cisa.gov
December 23, 2025 at 8:01 PM
~Cisa~
CISA released an updated ICS advisory (ICSA-25-177-01) for Mitsubishi Electric Air Conditioning Systems.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
CISA released an updated ICS advisory (ICSA-25-177-01) for Mitsubishi Electric Air Conditioning Systems.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
~Trendmicro~
Survey finds security teams struggle most with managing complex hybrid and multi-cloud environments due to visibility gaps and diverse tooling.
-
IOCs: (None identified)
-
#CloudSecurity #RiskManagement #ThreatIntel
Survey finds security teams struggle most with managing complex hybrid and multi-cloud environments due to visibility gaps and diverse tooling.
-
IOCs: (None identified)
-
#CloudSecurity #RiskManagement #ThreatIntel
Managing Cloud Risk Challenges
www.trendmicro.com
December 23, 2025 at 4:15 AM
~Trendmicro~
Survey finds security teams struggle most with managing complex hybrid and multi-cloud environments due to visibility gaps and diverse tooling.
-
IOCs: (None identified)
-
#CloudSecurity #RiskManagement #ThreatIntel
Survey finds security teams struggle most with managing complex hybrid and multi-cloud environments due to visibility gaps and diverse tooling.
-
IOCs: (None identified)
-
#CloudSecurity #RiskManagement #ThreatIntel
~Socket~
Docker Hardened Images are now free and include Socket Firewall for runtime protection against supply chain threats.
-
IOCs: (None identified)
-
#Docker #SupplyChainSecurity #ThreatIntel
Docker Hardened Images are now free and include Socket Firewall for runtime protection against supply chain threats.
-
IOCs: (None identified)
-
#Docker #SupplyChainSecurity #ThreatIntel
Socket Firewall in Docker Hardened Images
socket.dev
December 23, 2025 at 4:04 AM
~Socket~
Docker Hardened Images are now free and include Socket Firewall for runtime protection against supply chain threats.
-
IOCs: (None identified)
-
#Docker #SupplyChainSecurity #ThreatIntel
Docker Hardened Images are now free and include Socket Firewall for runtime protection against supply chain threats.
-
IOCs: (None identified)
-
#Docker #SupplyChainSecurity #ThreatIntel
~Cisa~
CISA adds actively exploited Digiever DS-2105 Pro missing authorization vulnerability (CVE-2023-52163) to its KEV catalog.
-
IOCs: CVE-2023-52163
-
#CISA #CVE202352163 #ThreatIntel
CISA adds actively exploited Digiever DS-2105 Pro missing authorization vulnerability (CVE-2023-52163) to its KEV catalog.
-
IOCs: CVE-2023-52163
-
#CISA #CVE202352163 #ThreatIntel
CISA Adds CVE-2023-52163 to KEV Catalog
www.cisa.gov
December 22, 2025 at 8:01 PM
~Cisa~
CISA adds actively exploited Digiever DS-2105 Pro missing authorization vulnerability (CVE-2023-52163) to its KEV catalog.
-
IOCs: CVE-2023-52163
-
#CISA #CVE202352163 #ThreatIntel
CISA adds actively exploited Digiever DS-2105 Pro missing authorization vulnerability (CVE-2023-52163) to its KEV catalog.
-
IOCs: CVE-2023-52163
-
#CISA #CVE202352163 #ThreatIntel
~Cisa~
CISA and NIST released draft guidance for public comment on protecting identity tokens and assertions from theft and misuse in cloud environments.
-
IOCs: (None identified)
-
#CISA #CloudSecurity #IAM #ThreatIntel
CISA and NIST released draft guidance for public comment on protecting identity tokens and assertions from theft and misuse in cloud environments.
-
IOCs: (None identified)
-
#CISA #CloudSecurity #IAM #ThreatIntel
NIST/CISA Draft Guidance on Token Protection
www.cisa.gov
December 22, 2025 at 5:01 PM
~Cisa~
CISA and NIST released draft guidance for public comment on protecting identity tokens and assertions from theft and misuse in cloud environments.
-
IOCs: (None identified)
-
#CISA #CloudSecurity #IAM #ThreatIntel
CISA and NIST released draft guidance for public comment on protecting identity tokens and assertions from theft and misuse in cloud environments.
-
IOCs: (None identified)
-
#CISA #CloudSecurity #IAM #ThreatIntel
~Sekoia~
Researchers detail a method using capa to build a configuration extractor for a stealthy, RC4-encrypted TinyShell Linux backdoor variant.
-
IOCs: (None identified)
-
#Linux #ThreatIntel #TinyShell
Researchers detail a method using capa to build a configuration extractor for a stealthy, RC4-encrypted TinyShell Linux backdoor variant.
-
IOCs: (None identified)
-
#Linux #ThreatIntel #TinyShell
Using capa to Extract TinyShell Backdoor Configs
blog.sekoia.io
December 22, 2025 at 12:35 PM
~Sekoia~
Researchers detail a method using capa to build a configuration extractor for a stealthy, RC4-encrypted TinyShell Linux backdoor variant.
-
IOCs: (None identified)
-
#Linux #ThreatIntel #TinyShell
Researchers detail a method using capa to build a configuration extractor for a stealthy, RC4-encrypted TinyShell Linux backdoor variant.
-
IOCs: (None identified)
-
#Linux #ThreatIntel #TinyShell
~Eset~
A critical RCE flaw exists in WindowsCodecs.dll when re-encoding 12/16-bit JPGs, though exploitation is deemed unlikely.
-
IOCs: CVE-2025-50165
-
#CVE202550165 #ThreatIntel #Windows
A critical RCE flaw exists in WindowsCodecs.dll when re-encoding 12/16-bit JPGs, though exploitation is deemed unlikely.
-
IOCs: CVE-2025-50165
-
#CVE202550165 #ThreatIntel #Windows
Windows JPG RCE Flaw CVE-2025-50165
www.welivesecurity.com
December 22, 2025 at 12:32 PM
~Eset~
A critical RCE flaw exists in WindowsCodecs.dll when re-encoding 12/16-bit JPGs, though exploitation is deemed unlikely.
-
IOCs: CVE-2025-50165
-
#CVE202550165 #ThreatIntel #Windows
A critical RCE flaw exists in WindowsCodecs.dll when re-encoding 12/16-bit JPGs, though exploitation is deemed unlikely.
-
IOCs: CVE-2025-50165
-
#CVE202550165 #ThreatIntel #Windows
~Cisa~
CISA warns of active exploitation of a WatchGuard Firebox out-of-bounds write vulnerability (CVE-2025-14733).
-
IOCs: CVE-2025-14733
-
#CVE202514733 #ThreatIntel #WatchGuard
CISA warns of active exploitation of a WatchGuard Firebox out-of-bounds write vulnerability (CVE-2025-14733).
-
IOCs: CVE-2025-14733
-
#CVE202514733 #ThreatIntel #WatchGuard
CISA Adds WatchGuard Vuln to KEV Catalog
www.cisa.gov
December 19, 2025 at 8:01 PM
~Cisa~
CISA warns of active exploitation of a WatchGuard Firebox out-of-bounds write vulnerability (CVE-2025-14733).
-
IOCs: CVE-2025-14733
-
#CVE202514733 #ThreatIntel #WatchGuard
CISA warns of active exploitation of a WatchGuard Firebox out-of-bounds write vulnerability (CVE-2025-14733).
-
IOCs: CVE-2025-14733
-
#CVE202514733 #ThreatIntel #WatchGuard
~Zscaler~
SideWinder APT targets Indian entities using DLL side-loading with a legitimate Microsoft Defender binary to evade detection.
-
IOCs: 8. 217. 152. 225, 180. 178. 56. 230, gfmqvip. vip
-
#APT #SideWinder #ThreatIntel
SideWinder APT targets Indian entities using DLL side-loading with a legitimate Microsoft Defender binary to evade detection.
-
IOCs: 8. 217. 152. 225, 180. 178. 56. 230, gfmqvip. vip
-
#APT #SideWinder #ThreatIntel
SideWinder APT Uses Evasive DLL Side-Loading
www.zscaler.com
December 19, 2025 at 5:17 PM
~Zscaler~
SideWinder APT targets Indian entities using DLL side-loading with a legitimate Microsoft Defender binary to evade detection.
-
IOCs: 8. 217. 152. 225, 180. 178. 56. 230, gfmqvip. vip
-
#APT #SideWinder #ThreatIntel
SideWinder APT targets Indian entities using DLL side-loading with a legitimate Microsoft Defender binary to evade detection.
-
IOCs: 8. 217. 152. 225, 180. 178. 56. 230, gfmqvip. vip
-
#APT #SideWinder #ThreatIntel
Okay, who let AI into @sophossecurity.bsky.social webservers?
December 19, 2025 at 5:13 PM
Okay, who let AI into @sophossecurity.bsky.social webservers?
~Cisa~
CISA and partners released updated IOCs and YARA rules for new Rust-based BRICKSTORM backdoor samples.
-
IOCs: (None identified)
-
#BRICKSTORM #Malware #ThreatIntel
CISA and partners released updated IOCs and YARA rules for new Rust-based BRICKSTORM backdoor samples.
-
IOCs: (None identified)
-
#BRICKSTORM #Malware #ThreatIntel
CISA Updates BRICKSTORM Backdoor Report
www.cisa.gov
December 19, 2025 at 5:01 PM
~Cisa~
CISA and partners released updated IOCs and YARA rules for new Rust-based BRICKSTORM backdoor samples.
-
IOCs: (None identified)
-
#BRICKSTORM #Malware #ThreatIntel
CISA and partners released updated IOCs and YARA rules for new Rust-based BRICKSTORM backdoor samples.
-
IOCs: (None identified)
-
#BRICKSTORM #Malware #ThreatIntel
~Trendmicro~
A new survey finds cyber defenders' top AI-related risks are fraud and impersonation attacks.
-
IOCs: (None identified)
-
#AI #Cybersecurity #ThreatIntel
A new survey finds cyber defenders' top AI-related risks are fraud and impersonation attacks.
-
IOCs: (None identified)
-
#AI #Cybersecurity #ThreatIntel
Survey: Cyber Defenders on AI Risk
www.trendmicro.com
December 19, 2025 at 4:15 AM
~Trendmicro~
A new survey finds cyber defenders' top AI-related risks are fraud and impersonation attacks.
-
IOCs: (None identified)
-
#AI #Cybersecurity #ThreatIntel
A new survey finds cyber defenders' top AI-related risks are fraud and impersonation attacks.
-
IOCs: (None identified)
-
#AI #Cybersecurity #ThreatIntel
~Sophos~
A fake CAPTCHA ('ClickFix') campaign installs NetSupport RAT to deploy StealC infostealer, leading to Qilin ransomware.
-
IOCs: 94. 158. 245. 13, islonline. org, yungask. com
-
#Qilin #Ransomware #StealC #ThreatIntel
A fake CAPTCHA ('ClickFix') campaign installs NetSupport RAT to deploy StealC infostealer, leading to Qilin ransomware.
-
IOCs: 94. 158. 245. 13, islonline. org, yungask. com
-
#Qilin #Ransomware #StealC #ThreatIntel
ClickFix Deploys StealC and Qilin Ransomware
news.sophos.com
December 18, 2025 at 8:05 PM
~Sophos~
A fake CAPTCHA ('ClickFix') campaign installs NetSupport RAT to deploy StealC infostealer, leading to Qilin ransomware.
-
IOCs: 94. 158. 245. 13, islonline. org, yungask. com
-
#Qilin #Ransomware #StealC #ThreatIntel
A fake CAPTCHA ('ClickFix') campaign installs NetSupport RAT to deploy StealC infostealer, leading to Qilin ransomware.
-
IOCs: 94. 158. 245. 13, islonline. org, yungask. com
-
#Qilin #Ransomware #StealC #ThreatIntel
~Cisa~
CISA has released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
CISA has released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
CISA Releases 9 ICS Advisories
www.cisa.gov
December 18, 2025 at 8:01 PM
~Cisa~
CISA has released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
CISA has released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
~Eset~
New China-aligned APT targets governments in SE Asia & Japan, using Group Policy and custom malware like NosyDoor for espionage.
-
IOCs: 118. 107. 234. 29, 38. 54. 17. 131, 103. 159. 132. 30
-
#APT #LongNosedGoblin #ThreatIntel
New China-aligned APT targets governments in SE Asia & Japan, using Group Policy and custom malware like NosyDoor for espionage.
-
IOCs: 118. 107. 234. 29, 38. 54. 17. 131, 103. 159. 132. 30
-
#APT #LongNosedGoblin #ThreatIntel
LongNosedGoblin APT Targets SE Asia & Japan Govs
www.welivesecurity.com
December 18, 2025 at 12:32 PM
~Eset~
New China-aligned APT targets governments in SE Asia & Japan, using Group Policy and custom malware like NosyDoor for espionage.
-
IOCs: 118. 107. 234. 29, 38. 54. 17. 131, 103. 159. 132. 30
-
#APT #LongNosedGoblin #ThreatIntel
New China-aligned APT targets governments in SE Asia & Japan, using Group Policy and custom malware like NosyDoor for espionage.
-
IOCs: 118. 107. 234. 29, 38. 54. 17. 131, 103. 159. 132. 30
-
#APT #LongNosedGoblin #ThreatIntel
~Zscaler~
Zscaler ThreatLabz reports OpenAI overwhelmingly dominates enterprise AI traffic in 2025, with engineering departments leading usage.
-
IOCs: (None identified)
-
#AI #EnterpriseSecurity #ThreatIntel
Zscaler ThreatLabz reports OpenAI overwhelmingly dominates enterprise AI traffic in 2025, with engineering departments leading usage.
-
IOCs: (None identified)
-
#AI #EnterpriseSecurity #ThreatIntel
ThreatLabz 2025 Enterprise AI Usage Report
www.zscaler.com
December 18, 2025 at 4:05 AM
~Zscaler~
Zscaler ThreatLabz reports OpenAI overwhelmingly dominates enterprise AI traffic in 2025, with engineering departments leading usage.
-
IOCs: (None identified)
-
#AI #EnterpriseSecurity #ThreatIntel
Zscaler ThreatLabz reports OpenAI overwhelmingly dominates enterprise AI traffic in 2025, with engineering departments leading usage.
-
IOCs: (None identified)
-
#AI #EnterpriseSecurity #ThreatIntel
~Cisa~
CISA adds three actively exploited vulnerabilities affecting Cisco, SonicWall, and ASUS products to its KEV catalog.
-
IOCs: CVE-2025-20393, CVE-2025-40602, CVE-2025-59374
-
#CISA #KEV #ThreatIntel #Vulnerability
CISA adds three actively exploited vulnerabilities affecting Cisco, SonicWall, and ASUS products to its KEV catalog.
-
IOCs: CVE-2025-20393, CVE-2025-40602, CVE-2025-59374
-
#CISA #KEV #ThreatIntel #Vulnerability
CISA Adds 3 Vulns to KEV Catalog
www.cisa.gov
December 18, 2025 at 4:01 AM
~Cisa~
CISA adds three actively exploited vulnerabilities affecting Cisco, SonicWall, and ASUS products to its KEV catalog.
-
IOCs: CVE-2025-20393, CVE-2025-40602, CVE-2025-59374
-
#CISA #KEV #ThreatIntel #Vulnerability
CISA adds three actively exploited vulnerabilities affecting Cisco, SonicWall, and ASUS products to its KEV catalog.
-
IOCs: CVE-2025-20393, CVE-2025-40602, CVE-2025-59374
-
#CISA #KEV #ThreatIntel #Vulnerability
~Socket~
A creative warning about software supply chain attacks via malicious dependencies in CI/CD pipelines.
-
IOCs: (None identified)
-
#DevSecOps #SupplyChain #ThreatIntel
A creative warning about software supply chain attacks via malicious dependencies in CI/CD pipelines.
-
IOCs: (None identified)
-
#DevSecOps #SupplyChain #ThreatIntel
The Nightmare Before Deployment
socket.dev
December 17, 2025 at 5:06 PM
~Socket~
A creative warning about software supply chain attacks via malicious dependencies in CI/CD pipelines.
-
IOCs: (None identified)
-
#DevSecOps #SupplyChain #ThreatIntel
A creative warning about software supply chain attacks via malicious dependencies in CI/CD pipelines.
-
IOCs: (None identified)
-
#DevSecOps #SupplyChain #ThreatIntel
~Cofense~
Threat actors abuse legitimate Windows features like registry Run keys, startup folders, and scheduled tasks to maintain malware persistence.
-
IOCs: (None identified)
-
#Persistence #ThreatIntel #Windows
Threat actors abuse legitimate Windows features like registry Run keys, startup folders, and scheduled tasks to maintain malware persistence.
-
IOCs: (None identified)
-
#Persistence #ThreatIntel #Windows
Windows Malware Persistence Techniques
cofense.com
December 17, 2025 at 5:03 PM
~Cofense~
Threat actors abuse legitimate Windows features like registry Run keys, startup folders, and scheduled tasks to maintain malware persistence.
-
IOCs: (None identified)
-
#Persistence #ThreatIntel #Windows
Threat actors abuse legitimate Windows features like registry Run keys, startup folders, and scheduled tasks to maintain malware persistence.
-
IOCs: (None identified)
-
#Persistence #ThreatIntel #Windows
~Checkpoint~
New Node.js loader GachiLoader, spread via YouTube, deploys Rhadamanthys infostealer using a novel PE injection technique.
-
IOCs: 94. 154. 35. 99, nexus-cloud-360. com, davpniktonevidit. cfd
-
#GachiLoader #NodeJS #ThreatIntel
New Node.js loader GachiLoader, spread via YouTube, deploys Rhadamanthys infostealer using a novel PE injection technique.
-
IOCs: 94. 154. 35. 99, nexus-cloud-360. com, davpniktonevidit. cfd
-
#GachiLoader #NodeJS #ThreatIntel
GachiLoader Node.js Malware
research.checkpoint.com
December 17, 2025 at 5:02 PM
~Checkpoint~
New Node.js loader GachiLoader, spread via YouTube, deploys Rhadamanthys infostealer using a novel PE injection technique.
-
IOCs: 94. 154. 35. 99, nexus-cloud-360. com, davpniktonevidit. cfd
-
#GachiLoader #NodeJS #ThreatIntel
New Node.js loader GachiLoader, spread via YouTube, deploys Rhadamanthys infostealer using a novel PE injection technique.
-
IOCs: 94. 154. 35. 99, nexus-cloud-360. com, davpniktonevidit. cfd
-
#GachiLoader #NodeJS #ThreatIntel
~Paloalto~
RansomHouse has upgraded its 'Mario' encryptor with a multi-layered, chunk-based encryption scheme, making it more resilient to analysis.
-
IOCs: (None identified)
-
#ESXi #RansomHouse #Ransomware #ThreatIntel
RansomHouse has upgraded its 'Mario' encryptor with a multi-layered, chunk-based encryption scheme, making it more resilient to analysis.
-
IOCs: (None identified)
-
#ESXi #RansomHouse #Ransomware #ThreatIntel
RansomHouse Ransomware Upgrades Encryption
unit42.paloaltonetworks.com
December 17, 2025 at 12:33 PM
~Paloalto~
RansomHouse has upgraded its 'Mario' encryptor with a multi-layered, chunk-based encryption scheme, making it more resilient to analysis.
-
IOCs: (None identified)
-
#ESXi #RansomHouse #Ransomware #ThreatIntel
RansomHouse has upgraded its 'Mario' encryptor with a multi-layered, chunk-based encryption scheme, making it more resilient to analysis.
-
IOCs: (None identified)
-
#ESXi #RansomHouse #Ransomware #ThreatIntel
~Trendmicro~
Organizations should integrate human risk and personalized security awareness training into their overall cyber risk exposure management strategy.
-
IOCs: (None identified)
-
#HumanRisk #SecurityAwareness #ThreatIntel
Organizations should integrate human risk and personalized security awareness training into their overall cyber risk exposure management strategy.
-
IOCs: (None identified)
-
#HumanRisk #SecurityAwareness #ThreatIntel
Integrating Human Risk into Exposure Management
www.trendmicro.com
December 17, 2025 at 4:05 AM
~Trendmicro~
Organizations should integrate human risk and personalized security awareness training into their overall cyber risk exposure management strategy.
-
IOCs: (None identified)
-
#HumanRisk #SecurityAwareness #ThreatIntel
Organizations should integrate human risk and personalized security awareness training into their overall cyber risk exposure management strategy.
-
IOCs: (None identified)
-
#HumanRisk #SecurityAwareness #ThreatIntel
~Socket~
Malicious NuGet package 'Tracer.Fody.NLog' typosquats a popular .NET library to steal Stratis wallet passwords and data.
-
IOCs: 176. 113. 82. 163
-
#Malware #NuGet #ThreatIntel #Typosquatting
Malicious NuGet package 'Tracer.Fody.NLog' typosquats a popular .NET library to steal Stratis wallet passwords and data.
-
IOCs: 176. 113. 82. 163
-
#Malware #NuGet #ThreatIntel #Typosquatting
Malicious NuGet Package Steals Crypto Wallets
socket.dev
December 17, 2025 at 4:04 AM
~Socket~
Malicious NuGet package 'Tracer.Fody.NLog' typosquats a popular .NET library to steal Stratis wallet passwords and data.
-
IOCs: 176. 113. 82. 163
-
#Malware #NuGet #ThreatIntel #Typosquatting
Malicious NuGet package 'Tracer.Fody.NLog' typosquats a popular .NET library to steal Stratis wallet passwords and data.
-
IOCs: 176. 113. 82. 163
-
#Malware #NuGet #ThreatIntel #Typosquatting
~Zscaler~
BlindEagle targets a Colombian government agency using a multi-stage attack with Caminho downloader and DCRAT RAT.
-
IOCs: 45. 74. 34. 32, 45. 133. 180. 138, 45. 133. 180. 154
-
#BlindEagle #DCRAT #Phishing #ThreatIntel
BlindEagle targets a Colombian government agency using a multi-stage attack with Caminho downloader and DCRAT RAT.
-
IOCs: 45. 74. 34. 32, 45. 133. 180. 138, 45. 133. 180. 154
-
#BlindEagle #DCRAT #Phishing #ThreatIntel
BlindEagle Deploys Caminho and DCRAT
www.zscaler.com
December 16, 2025 at 8:07 PM
~Zscaler~
BlindEagle targets a Colombian government agency using a multi-stage attack with Caminho downloader and DCRAT RAT.
-
IOCs: 45. 74. 34. 32, 45. 133. 180. 138, 45. 133. 180. 154
-
#BlindEagle #DCRAT #Phishing #ThreatIntel
BlindEagle targets a Colombian government agency using a multi-stage attack with Caminho downloader and DCRAT RAT.
-
IOCs: 45. 74. 34. 32, 45. 133. 180. 138, 45. 133. 180. 154
-
#BlindEagle #DCRAT #Phishing #ThreatIntel