Pinned
Vitali Kremez
4,669 posts
Vitali Kremez
@VK_Intel
Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
- Meme of the day - exploring typical flow of ransomware initial access patient zero research
- [*] Beware: Some scams utilize my name and impersonate myself to amplify extortions.
- 🔥We have a major discovery to be announced soon probably one of the most important in 2020 😉 Stay tuned until tomorrow.
GIF - 🔥[Breaking blog] Ransomware Advisory:#Log4Shell Exploitation for Initial Access & Lateral Movement 1⃣Log4Shell |2⃣Discovery: Conti Becomes The First Sophisticated Crimeware Group Weaponizing Log4j2 |3⃣Early Warning: Ransomware Exploitation of Vuln advintel.io/post/ransomwar…
- 2020-11-06: 🔥[Breaking] 📚"Anatomy of Attack: Inside #BazarBackdoor to #Ryuk #Ransomware "one" Group via #CobaltStrike" 1⃣Ryuk “one” Adversary Dossier 🔖 2⃣Cobalt Strike Anatomy of the Attack ⛓️ 3⃣Post-Exploitation Detections & Mitigations 🛡️ advanced-intel.com/post/anatomy-o…
- 🤯Today is the largest ransomware case by impact on a Friday! >200 orgs 📌REvil affiliate "sub:8254" - watch for changing logged-on user's pass & config to automatically login on reboot as "DTrump4ever" It is recommended to immediately isolate Kaseya VSA! h/t @malwrhunterteam
- 🛡Tomorrow at 10am ET we release probably one of the largest unique discoveries/service ever of its kind. The discovery is tied to a number of high-profile breaches & ransomware cases across the globe. It will illuminate old breaches for which never figured out initial access.
GIF - 2021-03-25: 🔥[Anatomy of an Attack] #REvil #Ransomware Human Exploitation Operation: 🦆Windows Defender Bypass Includes SmartScreen ShutDown 🎯Hunting Query: icacls "%systemroot%\System32\smartscreen.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18
- 2020-11-03: 🆕👁🗨#RegretLocker #Ransomware 🔒 Weaponizes Windows Virtualization for Ransomware🔥 1⃣open_virtual_drive /* OpenVirtualDisk➡️AttachVirtualDisk➡️ GetVirtualDiskPhysicalPath➡️.➡️ */ 2⃣smb_scanner 3⃣crypted_callback 4⃣get_process_opened_file (Rm*) h/t @malwrhunterteam
- 2020-12-03:🔥 And ... [Major Discovery] 🤖"Persist, Brick, Profit -#TrickBot Offers New “#TrickBoot” UEFI-Focused Functionality" 🆕*First* Time Crimeware Group Pursued UEFI Firmware Exploitation | #YARA+IOCs in MISP JSON/CSV @eclypsium | @IntelAdvanced advanced-intel.com/post/persist-b…
- 🔥Welcome to a new era...Introducing #MountLocker #Ransomware | Domain “Worm” Feature 🏘️First corporate ransomware for "pros" w/ LDAP domain queries for Active Directory enumeration LDAP ActiveDS API NetGetDCName➡️ADsOpenObject(…“(objectClass=computer)“) h/t @malwrhunterteam
- 2021-03-23:🆕 #REvil #Ransomware Smart Tactics to Bypass EDR/AV Probably Inspired by #Snatch Earlier WinExec API: 1⃣bootcfg /raw /a /safeboot:network /id 1 2⃣bcdedit /set {current} safeboot network 🛡️Ensure security product is running in "safe mode" as it is not often the case.
- 2020-06-08: 🆕🐍#SNAKE/#EKANS #Ransomware | Possible @Honda Lockdown Incident RW References to Honda: 1⃣Honda ISP ("AHMC") 🇺🇸IP "170.108.71. 153" 2⃣"MDS. HONDA. COM" Check Source: C:/Users/Admin3/go/src/.../<RAND>.go @malwrhunterteam @BleepinComputer
