Ukraine Network IOCs July 20 2022 - Pastebin.com
https://pastebin.com/PCK97yjc
APT41: A Case Sudy – Intrusion Truth
https://intrusiontruth.wordpress.com/2022/07/20/apt41/
Continued cyber activity in Eastern Europe observed by TAG
https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/
Is the Secret Service’s Claim About Erased Text Messages Plausible? (Updated)
https://zetter.substack.com/p/is-the-secret-services-claim-about
USCYBERCOM Cybersecurity Alert on Twitter: "🇺🇦🇺🇸Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with @servicessu, we are disclosing IOCs associated w/malware recently found in Ukrainian networks https://t.co/PPMRBEASST" / Twitter
https://twitter.com/CNMF_CyberAlert/status/1549764857972621322
How Meta and the security industry collaborate to secure the internet
https://engineering.fb.com/2022/07/20/security/how-meta-and-the-security-industry-collaborate-to-secure-the-internet/
IcedID/icedID_20.07.2022.txt at main · pr0xylife/IcedID · GitHub
https://github.com/pr0xylife/IcedID/blob/main/icedID_20.07.2022.txt
Arbitrary File Read on Skype For Business Server | VCSLab
https://lab.viettelcybersecurity.com/advisories/VCSA-97
MalwareBazaar | SHA256 77c3de1c2a5ced907159777ff648c2a1f3c4bdb8b6a9fbc9d06c76d8e6cb2c8d (IcedID)
https://bazaar.abuse.ch/sample/77c3de1c2a5ced907159777ff648c2a1f3c4bdb8b6a9fbc9d06c76d8e6cb2c8d/
MalwareBazaar | SHA256 e3507aa2e857c8d0bb4cb36c6fc81ac4527ff1a76b370bdfefe4ccc0f2e09a53 (IcedID)
https://bazaar.abuse.ch/sample/e3507aa2e857c8d0bb4cb36c6fc81ac4527ff1a76b370bdfefe4ccc0f2e09a53/
[CVE-2022-34918] A crack in the Linux firewall
https://www.randorisec.fr/crack-linux-firewall/![[CVE-2022-34918] A crack in the Linux firewall](/image/screenshot/689d6b3b9e0fdb034c62cefb7bb58570.webp)
Cloaked Ursa (APT29) Hackers Use Trusted Online Storage Services
https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/
Olof Haglund on Twitter: "@MalwareTechBlog Can someone give me a link to a TL;DR of what I have missed? 🤔" / Twitter
https://twitter.com/olofhaglund/status/1549801701007302658
Hatching Triage | Behavioral Report
https://tria.ge/220720-ls12haeecl/behavioral2
I see what you did there: A look at the CloudMensis macOS spyware | WeLiveSecurity
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GitHub - frkngksl/NiCOFF: COFF and BOF Loader written in Nim
https://github.com/frkngksl/NiCOFF
Analyze .NET deserialization: TypeConfuseDelegate gadget chain with BinaryFormatter | Quang Vo
https://mr-r3bot.github.io/research/2022/07/18/Analyze-.NET-deserialization-TypeConfuseDelegate-gadget.html
New Luna ransomware encrypts Windows, Linux, and ESXi systems
https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/
GitHub - kevwan/tproxy: A cli tool to proxy and analyze TCP connections.
https://github.com/kevwan/tproxy
The FBI Forced A Suspect To Unlock Amazon’s Encrypted App Wickr With Their Face
https://www.forbes.com/sites/thomasbrewster/2022/07/19/fbi-forces-open-amazon-wickr-app-with-a-suspects-face/
VirusTotal - File - 50e1203d5afefeed67f616b84459c55d8b38aafcacab7edab81f2055d21aefc1
https://www.virustotal.com/gui/file/50e1203d5afefeed67f616b84459c55d8b38aafcacab7edab81f2055d21aefc1
New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems
https://thehackernews.com/2022/07/new-rust-based-ransomware-family.html