Iranian threat group #AgentSerpens (#CharmingKitten) was observed likely using generative AI in a malicious PDF masquerading as a document from U.S. non-profit research organization, RAND. The PDF is deployed alongside Agent Serpens’ “PowerLess” malware.
REFERENCES:
- https://x.com/Unit42_Intel/status/1932120671183630453
- https://www.linkedin.com/feed/update/urn:li:ugcPost:7337886287195947009/
REFERENCES:
- https://x.com/Unit42_Intel/status/1932120671183630453
- https://www.linkedin.com/feed/update/urn:li:ugcPost:7337886287195947009/
NOTES:
- 686c40fd7bd9cacd9a9a40dffcc12000f9e3ce6aacfe7d261411ff34e576dcbe
- - RAND Discussion Topics.lnk
- 33ea3a8e535e7eea71ffaaab83abef7cea776fcb23376a71c37977ae4be23778
- - sin[.]dll
- 0e2e5c126987fe81b7eab1b7f9b53ab66fdcceb064279125f8ca67cdac329e8b
- - sst[.]dll
- 7f183724120f6e1dc75e8522040c8849a326b62ca40cca43f9bff1c8c00e5c3e
- - ssts[.]dll
❤2🔥2
Red Team Gold: Extracting Credentials from MDT Shares
https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares
https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares
❤3🔥1
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
SSTIC2025_Slides_windows_kernel_shadow_stack_mitigation_aulnette.pdf
2.8 MB
Analyzing the Windows kernel shadow stack mitigation
#slides
#binary
#windows
#exploitation
#shadow_stack
———
🆔 @Infosec_Fortress
#slides
#binary
#windows
#exploitation
#shadow_stack
———
🆔 @Infosec_Fortress
❤5
👍9👎4🔥3
Source Byte
https://news.1rj.ru/str/+4CffqtOZoZwxMTcx Handala targets Israel gas system
Ummm
I don't see any advance attack yet🤔
I think only buy credentials from brokers
I don't see any advance attack yet🤔
I think only buy credentials from brokers
😁8👍1
مگاهرتز
نشریه نیولاینز این هفته گزارش داده است که یک نرمافزار #جاسوسی موبایلی که بر روی دستگاههای شخصی سربازان ارتش #سوریه نصب شده بود، نقش مهمی در فروپاشی ناگهانی حکومت #اسد در ماههای پایانی سال ۲۰۲۴ داشته است. در این گزارش، این برنامه بهعنوان نمونهای برجسته…
Note for our Iranian followers :
One of the current campaigns against Syrian army & people is formed in noscript of "Livelihood Assistance" , Probably this TA ( likely linked to Israel ) will perform such campaign against Iran civilians too
So plz be careful to such noscripts these days :
"کمک معیشتی"
"سامانه حمایت"
"کمک های حلال احمر"
و ...
Previous campaign IoC :
To other admins of popular cyber sec community if you see this message plz spread it in any form you like and can , this likely prevent massive INT collection if you need more I formation check the source
One of the current campaigns against Syrian army & people is formed in noscript of "Livelihood Assistance" , Probably this TA ( likely linked to Israel ) will perform such campaign against Iran civilians too
So plz be careful to such noscripts these days :
"کمک معیشتی"
"سامانه حمایت"
"کمک های حلال احمر"
و ...
Previous campaign IoC :
Files :
d83204a01d3c6f14096f6fe1b59e3f11e8f2c6fb2736792febffb1701fe9a5bc
c82aa80d45022ae7f009e82586e34f990288625c1c876c85e07df74ab3136450
28fef58c7817926cf7dc0f44e92c1e6716d125b2675e753d415dafe8e7094b37
60ca970a774c5ff1ada52170857989721158064b932e999714bff7f4bd8b570c
2c1aa8139f55b6566ff8fcb88efccd169040b8cff932683e8d4e1401f9c64644
db041da97c1f30a6fc7765994b556839f8550774af1662ae0ab105e2fc324487
Network :
syr1[.]store
syr1[.]online
west2[.]shop
🔥6❤4🤔2
Source Byte
Note for our Iranian followers : One of the current campaigns against Syrian army & people is formed in noscript of "Livelihood Assistance" , Probably this TA ( likely linked to Israel ) will perform such campaign against Iran civilians too So plz be careful…
To CyberSec community
If you observed such campaign plz share IoC here :
https://news.1rj.ru/str/Sourc3_Byte_Chat/10
If you observed such campaign plz share IoC here :
https://news.1rj.ru/str/Sourc3_Byte_Chat/10
❤2👍1
who is "saeed" and what's it's connection to "Edaalate Ali"
related google account :
related google account :
ACg8ocJGEs3seqjfj1p5fb0YIof2OjbvMqvpRK6saWzC6Lbpx658Fg
👍8👏3❤1🗿1
i share some anti-Iranian TAs in CTI Sources topic in group , i hope by monitoring their activities we got better understanding of their moments and planning better strategies .
i will update the list as long as i can
planning to add previous IoCs / TTPs etc ....
i will update the list as long as i can
planning to add previous IoCs / TTPs etc ....
❤7👍1🗿1
We observed new Iran linked TA named "IGC ( Iran Cyber Net )" targetting IS Financial & Health sector
They announced they developed new variant of Ransom in their attacks
They announced they developed new variant of Ransom in their attacks
🔥22❤3
Signature Kid is a header only tool that st.eal.s a signature from a file and copy it to whathever file you want.
Beyond St.ea.ling, Signature Kid goes a step further by Windows Internal to trick the system to treat the copied signature as valid.
https://github.com/dslee2022/SignatureKid
Beyond St.ea.ling, Signature Kid goes a step further by Windows Internal to trick the system to treat the copied signature as valid.
https://github.com/dslee2022/SignatureKid
❤6
Source Byte
i share some anti-Iranian TAs in CTI Sources topic in group , i hope by monitoring their activities we got better understanding of their moments and planning better strategies . i will update the list as long as i can planning to add previous IoCs / TTPs…
updated
[ ] new Indra TA social medias
[ ] wallet addresses added
[ ] new Indra TA social medias
[ ] wallet addresses added
❤3