Kala

@4j

87 Following

4 Followers

Kala pfp

Audience & Prerequsities 🤘

0 reply

0 recast

0 reaction

Kala pfp

Hunting Adversary Infrastructure Course Summary Q1. A brief overview of the @Intel_Ops_io Q1 Adversary Infrastructure Hunting course and upcoming plans: A big thank you to everyone who enrolled and purchased the course🙏 Stay tuned for more exciting content, including APTs,

0 reply

0 recast

0 reaction

Kala pfp

Anyway, guys please don't fall into such lame social engineering traps. Threat Actor TTPs 👇

0 reply

0 recast

0 reaction

Kala pfp

🚨New module coming soon: #Mispadu banking trojan and the #Malteiro Group! 🚨

0 reply

0 recast

0 reaction

Kala pfp

We will soon be distributing digital badges to all students who have successfully completed all the labs/content from the first quarter. Stay tuned for more info soon! 🚀🚀🚀

0 reply

0 recast

0 reaction

Kala pfp

Threat actors are impersonating Calendly to serve malicious OAuth applications to users and gain access to their cloud accounts online. We're tracking one active campaign from this IP which was flagged by @MichalKoczwara a

0 reply

0 recast

0 reaction

Kala pfp

0 reply

0 recast

0 reaction

Kala pfp

Threat actors occasionally modify their infrastructure to evade detection and bypass basic scanners.

0 reply

0 recast

0 reaction

Kala pfp

For example, the default Cobalt Strike content length of "0" is sometimes changed to a different value to avoid detection.

0 reply

0 recast

0 reaction

Kala pfp

Your hunt rules should be dynamic,

0 reply

0 recast

0 reaction

Kala pfp

After one of our researchers received a #suspicioustext message, we analyzed its link and uncovered a #MoqHao campaign using iCloud and VK to target Android and Apple devices. Read more about this malware in our latest blog post!

0 reply

0 recast

0 reaction

Kala pfp

Catching DPRK with Korean Linguistic Traits🇰🇵 Recently I have been approached by a few people on how to identify and attribute malware to DPRK. Everyone of us in the CTI field knows how difficult attribution is, and while I cant provide you with something like: "Because the bad

0 reply

0 recast

0 reaction

Kala pfp

Threat Actor is using Gophish to impersonate/target KPMG (financial department).

0 reply

0 recast

0 reaction

Kala pfp

Discover how @RacWatchin8872 expanded a phishing analysis into ~2k confirmed Storm-1747 domains using Validin's powerful threat-hunting tools. A must-read for analysts hunting advanced phishing kits!

0 reply

0 recast

0 reaction

Kala pfp

At Validin, we believe high-quality threat intel should be accessible, public reporting should be properly attributed, and connections between reports and ground truth should be independently verifiable.

0 reply

0 recast

0 reaction

Kala pfp

Lazarus/APT38 🇰🇵 "Contagious Interview" campaign is still ongoing and new infrastructure is set up. Impersonation of Robinhood

0 reply

0 recast

0 reaction

Kala pfp

Researcher @lontze7 explored recent Contagious Interview #Lazarus #APT findings, detailing hunting techniques you can follow in Validin to corroborate ~170 related lure domains.

0 reply

0 recast

0 reaction

Kala pfp

We're tracking an interesting cluster linked to ShadowSyndicate that suggests that the operators are involved in various initial access campaigns, leverage multiple post-exploitation techniques, tools and ransomware.

0 reply

0 recast

0 reaction

Kala pfp

Maverits researchers are releasing a comprehensive special report on APT28. This report delves into #APT28’s activities since the start of the Russian war in Ukraine in 2022, analyzing their major campaigns, evolving tactics and objectives.

0 reply

0 recast

0 reaction

Kala pfp

being used to establish stealthy

0 reply

0 recast

0 reaction