Is Now on VT!
@Now_on_VT
Stay ahead of cyber threats. Get real-time alerts on notable APT/FIN/ORB indicators from VirusTotal. A threat intel project by @craiu.
Sample is now on VT! 🚩Hash: fbd5e3eb17ef62f2ecf7890108a3af9bcc229aaa51820a6e5ec08a56864d864d 🎯Actor name: Lazarus 🔹Comment: The Safe{Wallet} JavaScript used by Lazarus in the ByBit hack that was deployed Feb 19, 2025 17:29:05 and replaced with the original clean version…
even if the final payloads IOCs were not available on VT, after extracting it you will find that this new campaign payloads are detected by Thor 8b6acc087e403b913254dd7d99f09136dc54fa45cf3029a8566151120d34d1c2 969fb3e705ba8afe757ba7617e75d1096d4793d14796e2734613cfcc50675652
The Arctic Wolf Labs team has uncovered a new campaign by APT group Dropping Elephant targeting major Turkish defense contractors and weapons manufacturers. Learn more in our latest blog: ow.ly/xLih50WueNn #HypersonicEspionage #TurkeyPakistan #DroppingElephant #Türkiye
Another artefact from the SharePoint exploitation (CVE-2025-53770) just showed up: 30955794792a7ce045660bb1e1917eef36f1d5865891b8110bf982382b305b27 virustotal.com/gui/file/30955… The PowerShell payload described in @eye_security’s write-up triggered multiple YARA rules in our…
Wrote a set of YARA rules to detect the specific web shells dropped during the SharePoint CVE-2025-53770 exploitation. - Cleartext and compiled variants - Forensic artefacts in logs and on disk Hope it helps. Rules will be available in THOR Lite and THOR Cloud Lite shortly.…
🧐x.com/NCSC/status/19…
🚨Today, the NCSC is revealing that Russian military intelligence has been responsible for deploying a sophisticated malware dubbed AUTHENTIC ANTICS as part of its operations. ncsc.gov.uk/news/uk-call-o…
Sample is now on VT! 🚩Hash: 70d92e2b00ec6702e17e266b7742bbab 🎯Actor name: Kimsuky 🔹Comment PEBBLEDASH - PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus…
Got any hashes (MD5, SHA1, SHA256) you want tracked on @VirusTotal? We’ll monitor them and alert you when samples pop up. DMs are open!
A recent phishing campaign is abusing the Anydesk brand: anydesktenewo[.]com anydeskxxvvza[.]top anydeskxxvvzb[.]top anydeskxxvvzc[.]top anydeskxxvvzd[.]top anydeskxxvvzm[.]top anydeskxxvvzn[.]top anydeskxxvvzs[.]top anydeskxxvvzv[.]top anydeskxxvvzx[.]top anydeskxxvvzz[.]top…
YARA-X 1.4.0 has been released. Now with a new feature for suppressing individual warnings: virustotal.github.io/yara-x/blog/su…
Sample is now on VT! 🚩Hash: 009bb71299a4f74fe00cf7b8cd26fdfc 🎯Actor name: UnknownAPT 🔹Comment: Spearphishing and Attacks Using LNK Files… 🌐URL: asec.ahnlab.com/en/87400/ 🔎OnVT: virustotal.com/gui/file/009bb…
To improve threat intelligence sharing, we've released a detailed report on #APT group #NightEagle (APT-Q-95), including analysis of a novel malware, additional #IOCs, and full documentation of the Exchange attack chain. report:github.com/RedDrip7/Night…
At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95). This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields. Actors used an unknown Exchange exploit chain. PPT: #IOCs #APT
UMBRELLA STAND and SHOE RACK samples hitting VT, alerts should be coming soon 😃
At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95). This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields. Actors used an unknown Exchange exploit chain. PPT: #IOCs #APT
Some weird samples submitted from Singapore and Vietnam, may be related to #Chinese #APT: MD5: 48613d25c0c4c79f0895489371f8bec2 MD5: 7499383cbf25d5102dbaf51e5840b5ae 139[.]99.85.213 (OVH SAS) 139[.]99.87.31 (OVH SAS)
Also fresh today from Israel: ✴️ aa93c1f66c707a495ddbf3a37345f40c (wipe32Task.ps1) ✴️ 95f14acc2cee0ecbb81528586335aab3 (bsod-v3.2.bat) ✴️ b9e1737abe5684ea3c7359ce0f52e420 (KILLER.exe) ✴️ 6093afce53d56355dbabb43f2bbd2085 (wipe32.exe) ^ All available on VT
Fresh wiper binary (wipe32.exe) uploaded from Israel 🇮🇱 today – only 4 / 72 AV engines flag it. Strings point to full-disk wipe behaviour. Sample here: virustotal.com/gui/file/12c39…