Kala

@4j

82 Following

9 Followers

Kala pfp

0 reply

0 recast

0 reaction

Kala pfp

Threat actors occasionally modify their infrastructure to evade detection and bypass basic scanners.

0 reply

0 recast

0 reaction

Kala pfp

For example, the default Cobalt Strike content length of "0" is sometimes changed to a different value to avoid detection.

0 reply

0 recast

0 reaction

Kala pfp

Your hunt rules should be dynamic,

0 reply

0 recast

0 reaction

Kala pfp

After one of our researchers received a #suspicioustext message, we analyzed its link and uncovered a #MoqHao campaign using iCloud and VK to target Android and Apple devices. Read more about this malware in our latest blog post!

0 reply

0 recast

0 reaction

Kala pfp

Catching DPRK with Korean Linguistic Traits🇰🇵 Recently I have been approached by a few people on how to identify and attribute malware to DPRK. Everyone of us in the CTI field knows how difficult attribution is, and while I cant provide you with something like: "Because the bad

0 reply

0 recast

0 reaction

Kala pfp

Threat Actor is using Gophish to impersonate/target KPMG (financial department).

0 reply

0 recast

0 reaction

Kala pfp

Discover how @RacWatchin8872 expanded a phishing analysis into ~2k confirmed Storm-1747 domains using Validin's powerful threat-hunting tools. A must-read for analysts hunting advanced phishing kits!

0 reply

0 recast

0 reaction

Kala pfp

At Validin, we believe high-quality threat intel should be accessible, public reporting should be properly attributed, and connections between reports and ground truth should be independently verifiable.

0 reply

0 recast

0 reaction

Kala pfp

Lazarus/APT38 🇰🇵 "Contagious Interview" campaign is still ongoing and new infrastructure is set up. Impersonation of Robinhood

0 reply

0 recast

0 reaction

Kala pfp

Researcher @lontze7 explored recent Contagious Interview #Lazarus #APT findings, detailing hunting techniques you can follow in Validin to corroborate ~170 related lure domains.

0 reply

0 recast

0 reaction

Kala pfp

We're tracking an interesting cluster linked to ShadowSyndicate that suggests that the operators are involved in various initial access campaigns, leverage multiple post-exploitation techniques, tools and ransomware.

0 reply

0 recast

0 reaction

Kala pfp

Maverits researchers are releasing a comprehensive special report on APT28. This report delves into #APT28’s activities since the start of the Russian war in Ukraine in 2022, analyzing their major campaigns, evolving tactics and objectives.

0 reply

0 recast

0 reaction

Kala pfp

being used to establish stealthy

0 reply

0 recast

0 reaction

Kala pfp

How the NSA (Equation Group) allegedly hacked into China's Polytechnical University

0 reply

0 recast

0 reaction

Kala pfp

I analysed intelligence reports from Chinese cyber firms (360, Pangu, CVERC) to aggregate TTPs attributed to Equation Group.

0 reply

0 recast

0 reaction

Kala pfp

Some upstarts like Titan are still trying it though.

0 reply

0 recast

0 reaction

Kala pfp

0 reply

0 recast

0 reaction

Kala pfp

When will the clankerMon reveal happen?

1 reply

0 recast

2 reactions

Kala pfp

0 reply

0 recast

1 reaction