Untill now We shared :
[ 00 ] Attack Against Iran’s State Broadcaster (done by Ghyam Sarnegouni TA )
[ 01 ] Indra (گنجشگ درنده) samples related to attacks on Iran Railway Company & some Companies on syria ( related to I.R.G.C )
find them on Samples Topic on Group
Plz share us your IoCs related to current attacks against Iran it will help everyone prepping for Threat Actors as currently we don't have any global CTI
[ 00 ] Attack Against Iran’s State Broadcaster (done by Ghyam Sarnegouni TA )
[ 01 ] Indra (گنجشگ درنده) samples related to attacks on Iran Railway Company & some Companies on syria ( related to I.R.G.C )
find them on Samples Topic on Group
Plz share us your IoCs related to current attacks against Iran it will help everyone prepping for Threat Actors as currently we don't have any global CTI
🔥4❤1
sepah bank.png
349.1 KB
According to Israeli sources (who obtained a copy of the AFTA report on the recent Sepah Bank attack by Indra):
[00] The attacker gained access through an old Windows Server 2003 machine used for email services. This server was running MDaemon.
Note: The source stated that the specific mail server was server[.]ictops[.]ir, but we found no public records of this domain. It is likely a local/internal domain used by the bank, which reduces the likelihood that this server was the initial entry point in this attack.
[01] The attacker moved Lateral to other servers (no evidence on how this was done).
[02] They reached the targeted server and deployed their C2 (NjRat) via a PowerShell noscript.
Note : The C2 server was hosted in Canada.
that's all we know :(
i created a chart for better understanding
wish it helps
PDF version :
[00] The attacker gained access through an old Windows Server 2003 machine used for email services. This server was running MDaemon.
Note: The source stated that the specific mail server was server[.]ictops[.]ir, but we found no public records of this domain. It is likely a local/internal domain used by the bank, which reduces the likelihood that this server was the initial entry point in this attack.
[01] The attacker moved Lateral to other servers (no evidence on how this was done).
[02] They reached the targeted server and deployed their C2 (NjRat) via a PowerShell noscript.
Note : The C2 server was hosted in Canada.
that's all we know :(
i created a chart for better understanding
wish it helps
PDF version :
❤8😁2👍1🗿1
Nobitex Breach: Infostealers Expose Critical Employee Credentials in Latest Crypto Exchange Hack
https://www.infostealers.com/article/nobitex-breach-infostealers-expose-critical-employee-credentials-in-latest-crypto-exchange-hack/
https://www.infostealers.com/article/nobitex-breach-infostealers-expose-critical-employee-credentials-in-latest-crypto-exchange-hack/
❤3
APT IRAN مرکز تحقیقاتی
در این عکس مشاهده میکنید اطلاعات کارمندان Nobitex به مدت طولانی در اختیار مهاجمان بوده. همانطور که گفتیم متاسفانه تمام سیستم آلوده بوده و این مربوط به امروز یا دیروز نیست و این یک زنجیره حملات به بخش مالی در کشور هستند.
you were right
i can't believe this
same scenario as snappfood !!!!!!!
again stealc WTF !!!!!!!!!!!
i can't believe this
same scenario as snappfood !!!!!!!
again stealc WTF !!!!!!!!!!!
👍5❤3👎3🤯1😱1
ArvinClub has been active for a while
https://news.1rj.ru/str/arvinclub3
They done cool things
Such as finding BlackReward onion website IP
DDOS on mojahedin khalq
And also not cool things like ransom companies 👀
https://news.1rj.ru/str/arvinclub3
They done cool things
Such as finding BlackReward onion website IP
DDOS on mojahedin khalq
And also not cool things like ransom companies 👀
❤3👍2
Forwarded from ARVIN
i found this stealer developer
This individual executed the stealer on their own device for testing purposes. Here, we are sharing the logs from the developer system.
This individual executed the stealer on their own device for testing purposes. Here, we are sharing the logs from the developer system.
Forwarded from ARVIN
And now the developer identity is revealed.
https://by.linkedin.com/in/hady-asmar-414489136
https://by.linkedin.com/in/hady-asmar-414489136
❤1
may be useful
might be related to bank melli current breach 🤷🏻♂️
Fact or lie? A superficial review of the latest attack on the National Bank server
( mail[.]sadad[.]co[.]ir , mail[.]bmi[.]ir , mail[.]mail2[.]bmi[.]ir )
https://web.archive.org/web/20221103094525/https://aptiran.github.io/CENTER/
might be related to bank melli current breach 🤷🏻♂️
Fact or lie? A superficial review of the latest attack on the National Bank server
( mail[.]sadad[.]co[.]ir , mail[.]bmi[.]ir , mail[.]mail2[.]bmi[.]ir )
https://web.archive.org/web/20221103094525/https://aptiran.github.io/CENTER/
👍4
We should not be happy by every r ocket we fire
and we should not be sad by every r ocket hit us
Iran fight 8 years in this period Iran done around 25 large operations but only 30-40 % of them succeeded , at the end we won because saddam did not take our lands
This gonna be long war .... stay ahead and be patient
and we should not be sad by every r ocket hit us
Iran fight 8 years in this period Iran done around 25 large operations but only 30-40 % of them succeeded , at the end we won because saddam did not take our lands
This gonna be long war .... stay ahead and be patient
❤34👎14👍9
Source Byte
We should not be happy by every r ocket we fire and we should not be sad by every r ocket hit us Iran fight 8 years in this period Iran done around 25 large operations but only 30-40 % of them succeeded , at the end we won because saddam did not take our…
یا رب روا مدار لوتیان خار شوند
😁6🥰3❤1
Forwarded from CyberSecurityTechnologies (-CST-)
#reversing
Windows Inter Process Communication:
A Deep Dive Beyond the Surface
Part 1 - IPC Roadmap
Part 2 - RPC Architecture Overview
Part 3 - Handles and binding
Part 4 - RPC Security
Windows Inter Process Communication:
A Deep Dive Beyond the Surface
Part 1 - IPC Roadmap
Part 2 - RPC Architecture Overview
Part 3 - Handles and binding
Part 4 - RPC Security
🔥9❤3👍2👏2
MacOS hacking part 2: classic injection trick into macOS applications. Simple C example by cocomelonc
#APT34 (aka OILRIG) is known to use code injection techniques to interact with macOS and Linux systems, leveraging vulnerabilities and weaknesses in the system’s security mechanisms to inject code into running processes.
#APT10 (aka Red Apollo), another advanced Chinese group, has been known to use techniques like process injection and DLL hijacking to manipulate and monitor systems. This is conceptually similar to DYLD_INSERT_LIBRARIES because it involves injecting malicious code into existing applications.
❤9
TrollBlacklistDLL
Reads blacklist.txt and blocks dlls from loading with option to unblock subsequently. Patches LdrLoadDll in local/remote process to return dll not found.
❤7👎1🤔1🤯1
Forwarded from Sec Note
Shellcode_Loader_RT.pdf
4.4 MB
"My First And Last Shellcode Loader", 2025.
Collect Windows telemetry for Maldev
Stealthily inject shellcode into an executable
MalDev Myths
12❤10