CSA-APT5-CITRIXADC-V1.PDF
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
PSIRT Advisories | FortiGuard
https://www.fortiguard.com/psirt/FG-IR-22-398
Fuzzing the Shield: CVE-2022–24548 | by S2W | S2W BLOG | Dec, 2022 | Medium
https://medium.com/s2wblog/fuzzing-the-shield-cve-2022-24548-96f568980c0
Released: Citrix ADC and Citrix Gateway (security bulletin CTX474995) security update | Citrix Blogs
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability
https://thehackernews.com/2022/12/fortinet-warns-of-active-exploitation.html
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant
https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks
https://www.bleepingcomputer.com/news/security/fortinet-says-ssl-vpn-pre-auth-rce-bug-is-exploited-in-attacks/
Rob Joyce on Twitter: "Active exploitation Citrix devices underway by APT5. @NSACyber threat hunting guidance linked below to identify and remediate this activity. Update to the latest Citrix release, check for compromise, and let us know if you find anything. https://t.co/7KeEX3i4gp" / Twitter
https://twitter.com/nsa_csdirector/status/1602639460751101952
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/96bcdc8801252e98c32bdb640f7205eac2a8ba5231eb6b85c1cbcddfdae899d7/
Uber suffers new data breach after attack on vendor, info leaked online
https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/
Qakbot/Qakbot_obama227_13.12.2022.txt at main · pr0xylife/Qakbot · GitHub
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama227_13.12.2022.txt
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/991ec01fb1e190467b2520abee18952b4ef1f130e94bacb729e83e3b1c93320d/
GitHub - jart/blink: tiniest x86-64-linux emulator
https://github.com/jart/blink
FortiOSのヒープベースのバッファーオーバーフローの脆弱性(CVE-2022-42475)に関する注意喚起
https://www.jpcert.or.jp/at/2022/at220032.html
‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future
https://therecord.media/crisis-situation-declared-as-two-swedish-municipalities-hit-by-cyberattack/
New Python malware backdoors VMware ESXi servers for remote access
https://www.bleepingcomputer.com/news/security/new-python-malware-backdoors-vmware-esxi-servers-for-remote-access/
proxylife on Twitter: "#Qakbot - azd - .html > .zip > .img > .lnk > .cmd > .dll (12.12.2022) cmd /c DOC_FI7303.lnk cmd.exe /c NewInvoice.cmd A B C D E F G H I J K L M N O P Q R S T U V W X Y Z rundll32 /s newrules.get,DrawThemeIcon Sample 👇 https://t.co/yueHr6bZNV IOC's https://t.co/M34XHAEuWb https://t.co/wOo4XN9NRw" / Twitter
https://twitter.com/pr0xylife/status/1602604206346608641
A Custom Python Backdoor for VMWare ESXi Servers | Official Juniper Networks Blogs
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
IIS modules: The evolution of web shells and how to detect them - Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
Hackers exploit critical Citrix ADC and Gateway zero day, patch now
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-citrix-adc-and-gateway-zero-day-patch-now/
Project Zero: Exploiting CVE-2022-42703 - Bringing back the stack attack
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518
https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/bfb03d7fc0d96a912aad1956dadd103251afab4f416ecfccf94cbadf6b7aeb60/
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/db6eb4644ac8aa6ffd71209a6c19eb460225074741a83e7e4e04c56553621583/
Qakbot/Qakbot_BB10_12.12.2022.txt at main · pr0xylife/Qakbot · GitHub
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_12.12.2022.txt
Jason's Pen Test – Darknet Diaries
https://darknetdiaries.com/episode/130
Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research
https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper/
Unnamed Directory Objects – Pavel Yosifovich
http://scorpiosoftware.net/2022/12/13/unnamed-directory-objects/