vx-underground on Twitter: "Conti ransomware group previously put out a message siding with the Russian government. Today a Conti member has begun leaking data with the message "Fuck the Russian government, Glory to Ukraine!" You can download the leaked Conti data here: https://t.co/BDzHQU5mgw https://t.co/AL7BXnihza" / Twitter
https://twitter.com/vxunderground/status/1498060366445613056
Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security
https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks | Broadcom Software Blogs
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
vx-underground - Directory
https://share.vx-underground.org/Conti/
disBalancer crowdsourcing cyber warfare (loic hive mind) - The Cyber Shafarat - Treadstone 71
https://cybershafarat.com/2022/02/27/disbalancer-crowdsourcing-cyber-warfare-loic-hive-mind/
Tweet / Twitter
https://twitter.com/JoshuaPotash/status/1498332884121399307
Conti ransomware gang chats leaked by pro-Ukraine member - The Record by Recorded Future
https://therecord.media/conti-ransomware-gang-chats-leaked-by-pro-ukraine-member/
404 - Not Found! - AnonFiles
https://anonfiles.com/VeP6K6K5xc/1_tgz
Christo Grozev on Twitter: "Last year, we got an anonymous tip that "a global cyber crime group acting on an FSB order has hacked one of your contributors. The only thing they were interested on, was anything related to your @navalny investigation". We took enormous measures to upgrade our e-security (1/n)" / Twitter
https://twitter.com/christogrozev/status/1498386621657493510
Russian Electric Vehicle Chargers Hacked, Tell Users ‘PUTIN IS A DICKHEAD’
https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead
Conti ransomware's internal chats leaked after siding with Russia
https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/
Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures
https://thehackernews.com/2022/02/experts-create-apple-airtag-clone-that.html
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits – Sophos News
https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/
Threat Intelligence on Twitter: "NEW: This is Daxin, the most advanced Chinese espionage tool we've ever found. Used to spy on governments worldwide. https://t.co/Xpn9sxJuR2 https://t.co/skSZ6ylz1f" / Twitter
https://twitter.com/threatintel/status/1498252179379007495
Screenshot from 2021-12-15 21-26-28.png - AnonFiles
https://anonfiles.com/f1VfcbLdxe/Screenshot_from_2021-12-15_21-26-28_png
Mykhailo Fedorov on Twitter: "Starlink — here. Thanks, @elonmusk https://t.co/dZbaYqWYCf" / Twitter
https://twitter.com/fedorovmykhailo/status/1498392515262746630
BrokenPrint: A Netgear stack overflow – NCC Group Research
https://research.nccgroup.com/2022/02/28/brokenprint-a-netgear-stack-overflow/
Orion/RAN_ALPHV_Feb_2022_1.yara at main · StrangerealIntel/Orion · GitHub
https://github.com/StrangerealIntel/Orion/blob/main/Ransomware/RAN_ALPHV_Feb_2022_1.yara
vx-underground on Twitter: "Gas stations in the Moscow area are displaying "Glory to Ukraine! Fuck Putin! Death to the enemy!". Individuals are unable to use the pumps. https://t.co/wy5O9wX5JI" / Twitter
https://twitter.com/vxunderground/status/1498284587180568578
vx-underground on Twitter: "The Conti ransomware leaks have unveiled Conti's primary Bitcoin address. From April 21st, 2017 - February 28th, 2022 Conti has received 65,498.197 BTC That is 2,707,466,220.29 USD. https://t.co/sUdRnkLsoo" / Twitter
https://twitter.com/vxunderground/status/1498394338027610124
CIT (en) on Twitter: "More and more evidence is emerging that the Russian forces rely on civilian radios and mobile phones for their communications. Our source in one invading unit confirms this. This photograph is said to show a civilian radio captured by Ukrainians. https://t.co/ppwYktFsaD" / Twitter
https://twitter.com/citeam_en/status/1498233574834716674
conti leaks on Twitter: "conti jabber leaks https://t.co/0FzXiXhI2d" / Twitter
https://twitter.com/ContiLeaks/status/1498030708736073734
storage-master-3607d1f6a72e28efe84b55e8a660ff97db0e79a2.zip - AnonFiles
https://anonfiles.com/ndh8deL5xd/storage-master-3607d1f6a72e28efe84b55e8a660ff97db0e79a2_zip
185.25.51.173-20220228.json - AnonFiles
https://anonfiles.com/X0vcd8L7x8/185.25.51.173-20220228_json
Ransomwhere
http://ransomwhe.re
Rob Price 🏔 on Twitter: "Crypto exchanges are refusing calls to freeze Russian accounts. A Binance spokesperson said doing so "would fly in the face of the reason why crypto exists." Kraken's CEO said the move would violate bitcoin's "libertarian values." https://t.co/ocl1CWOgTa" / Twitter
https://twitter.com/robaeprice/status/1498380415781924864
‘Exploiting Cadavers ’and ‘Faked IEDs’: Experts Debunk Staged Pre-War ‘Provocation’ in the Donbas - bellingcat
https://www.bellingcat.com/news/2022/02/28/exploiting-cadavers-and-faked-ieds-experts-debunk-staged-pre-war-provocation-in-the-donbas/
Toyota suspends domestic factory operations after suspected cyber attack | Reuters
https://www.reuters.com/business/autos-transportation/toyota-suspends-all-domestic-factory-operations-after-suspected-cyber-attack-2022-02-28/
spoked-master-cf530950c30b81188d40c56b9a66e7d3bb21710c.zip - AnonFiles
https://anonfiles.com/dch1dfL6x4/spoked-master-cf530950c30b81188d40c56b9a66e7d3bb21710c_zip
Insurance giant AON hit by a cyberattack over the weekend
https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/
SANS Institute on Twitter: "Join Summit Chairs @likethecoins and @rj_chap for the first-ever #RansomwareSummit 2022 on June 16 for expert in-depth talks and discussions focused on #ransomware prevention, detection, response, and recovery! Attend Live Online for Free: https://t.co/BMb9Zn8Iv8 https://t.co/nQpN7CS1Jh" / Twitter
https://twitter.com/SANSInstitute/status/1498327969487593474
| Job Preference
http://www.jobpreference.com
Toyota halts production after reported cyberattack on supplier
https://www.bleepingcomputer.com/news/security/toyota-halts-production-after-reported-cyberattack-on-supplier/
Sources: Belarus to join Russia’s war on Ukraine within hours
https://kyivindependent.com/national/sources-belarus-to-join-russias-war-on-ukraine-within-hours/
Signal on Twitter: "We've had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives." / Twitter
https://twitter.com/signalapp/status/1498437474611343367
Joe's Transition - Cobalt Strike Research and Development
https://www.cobaltstrike.com/blog/joes-transition/
GitHub - TheParmak/conti-leaks-englished: Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
https://github.com/TheParmak/conti-leaks-englished
Humble Book Bundle: The Joy of Coding by No Starch Press
https://www.humblebundle.com/books/joy-coding-no-starch-press-books
YaraDBG v0.0.2
http://yaradbg.dev
𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 on Twitter: "#cyberwar unfolds with a leak of internal communications of the #conti #ransomware group for the past 13 months ⚡️ https://t.co/Mj9QGOIjXe" / Twitter
https://twitter.com/ddd1ms/status/1498070988734570500
Catalin Cimpanu on Twitter: "NEW: A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on Friday https://t.co/f0Grquk3qg https://t.co/724xeG36hx" / Twitter
https://twitter.com/campuscodi/status/1498103886476824576
Ready, Set, Go — Golang Internals and Symbol Recovery | Mandiant
https://www.mandiant.com/resources/golang-internals-symbol-recovery
Intelligence X
https://intelx.io/?did=64ea2187-8ae9-4053-ba46-06413b809713
2.tgz - AnonFiles
https://anonfiles.com/H8B7b1L4x6/2_tgz
Vitali Kremez on Twitter: "@albertzsigovits @y_advintel @sS55752750 @campuscodi @malwrhunterteam Yes, indeed. Carbon Black is the one the Conti group oftentimes reference as the most "formidable" EDR defense against their intrusions. 🤔Someone from Carbon Black under the name "Marion" granted Conti access to the EDR for the user "Ilja". The group obtained access as such. https://t.co/UWYi0IA0zY" / Twitter
https://twitter.com/VK_Intel/status/1498362619505356800
AsyncRAT/AsyncRAT_28.02.2022.txt at main · pr0xylife/AsyncRAT · GitHub
https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_28.02.2022.txt