CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

squiblydoo@infosec.exchange

@squiblydoo@infosec.exchange

Topics

S

Orange Cyberdefence recently published their research on SmokedHam.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized
2

3

0 Votes

2 Posts

0 Views

S

The full report can be found here and is well worth the read. https://research.cert.orangecyberdefense.com/smokedham/smoking_out_an_affiliate.pdf2/2
S

I don't know how to feel about this domain: maybedontbanplease[.]com
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized
5

2

0 Votes

5 Posts

0 Views

S

@darfplatypus This python dropper is tracked as "CastleLoader", there are a few actors that are leveraging it. Also, happy to talk via email or another medium if desired. (My email is Squiblydoo@pm.me)
S

Golden Eye Dog (APT-Q-27) seems to have come back from break
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized
1

1

0 Votes

1 Posts

0 Views

S

Golden Eye Dog (APT-Q-27) seems to have come back from break.We've seen 6 unique EV code-signing certs for campaigns in April already. All of these get reported and all get revoked. More about them in the thread. h/t @g0njxa, @malwrhunterteam1/4

CIRCLE WITH A DOT

squiblydoo@infosec.exchange

Topics

Orange Cyberdefence recently published their research on SmokedHam.

I don't know how to feel about this domain: maybedontbanplease[.]com

Golden Eye Dog (APT-Q-27) seems to have come back from break