Profile avatar
strikereadylabs.com
https://strikeready.com/blog.html Download live malware samples mentioned here: https://github.com/StrikeReady-Inc/samples If you prefer marketing (our product is great!) subscribe to our main page @strikeready.com
276 posts 486 followers 1,634 following
Prolific Poster

#dailyopendir #malware howwasthetea.ddns[.]net

these types of terrorism threats happen every day to governments, and they have to chase them down. it's ddos, but in real life.

#dailyphish #crimeware if you liked 2FA-themed phishing, you'll love 3FA-themed phishing

#dailyphish #crimeware @vercel.com invoice-8094.vercel[.]app/success.html

Great deep research into "bitter", one of the longer running South Asian APTs

#apt Targeting Bosnia and Herzegovina Riga2025.pptm 3476eeb72a6138d75bf7d922062674fb50323f6bdd41b391e846f6f9462398df -> f6c127a01cadf49b0da0d12b6836c6e12b6a6705ef3b6285a90f4d38038725ff ow123msadmasj41.exe #dailyphish

#dailyopendir also see adm001-4 #malware

interesting way to drop a malicious .js

interesting apk... "base.apk" b3ca9b9f4ac9701e662e117437b80ed22e00c2792334c8594ed7bf99b034baf3 sends an sms worm ("this subscriber has been hacked")

"脱密 中央国安办.IMG" (Declassified Central National Security Office.img) ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5

"gov-pk.pk" hmmmm

#apt 플랜아이 작업계획서 및 작업완료서_기계연 이명화.scr 123aefe0734da130b475bfdad6c3ebe49688569ab8310e71ec5252ec46cb67eb

#apt a16bbc8acf626a966bec45d1ecac4681dafde23127aabc3ada5ccfc16c02bdb9 news-telephone1.space

#apt KB국민은행 소명자료 제출 요청의 건_20250430TS5869570S.zip #dprk 3f92ea810aecf95898fb07293e5fcca3374462638c0ecf86cac86fe3104a6738

#apt useof. org/my-files/DistributionDocument-90421.pdf.zip useof. org/my-files/3.PL_PIEC001-L20250227-GLOBAL_ATOP.pdf.zip 0bbbd415060a96c175c7fe7376a8bad40f3a05d84603548c18973cf695af6fac -> 92.119.114.128/ov4_dd_p.rar

#apt #phishing Caution Against Propaganda and Misinformation Campaigns. zip 66d285ad9df2d14ce57a86568eb382c4a4cb31fe917dacd9ade1da46860a203a

#apt Action Plan 2025 and the Strategic Plan for the period 2025-2029.docx 558de2a01fbd76be171561c3c82fd6a8e2d4c913444850af99d44a4cfb41b680 www-presidentsoffice-gov-lk.dwnlld.com

#apt PMYP Sub Domains.rar d41c86bf77f83ae42b97ffa8d9b01d510711f4bac59fbf91feacd59abaa9861a -> ntplugnplay. com/jb5.php

#dailyopendir #malware #msc

don't often see phishing in hebrew #dailyphish

#dailyphish #maybeapt us02web-zoom-us.mulsue23.com/us02web.zoom.us2 us02web-zoom-us.tapizacar.com/us02web-zoom-us us02web-zoom-us.mulsue23. com/us02web.zoom.us2/Documents.zip

"CPEC Project Critical Load Approval.xlsx.iqy" -> kaatinteriordecor. com #apt 6a5f01d4cfdc4215a8a1b661e12b15b2208eb7f693989d2637471df78ac555c2

I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it. cloud.google.com/blog/topics/...

#dailyphish interesting use of a teams lure -> prognomi. com/themes/colors/?action=validate

"CZ depositors 060525.xlsx.lnk" tracking opening only by fetching ico ngm1xef. click/1/DPHA/xlsx.ico 2aef9ddc74e6afd027f3eec7461717a0236db8872f4fb3db0ea5f6ad543d72a6

#apt "KISA알림.pdf.lnk" -> 64.20.59.148:7711 ab5fc8790c0623470c8365d8a50db21a6bd586bb9595be3befc0a4aa79dbc2f1

#apt targeting india Blackout-Rehearsal-Plan.zip 929d7080b4c06d0e2a2aa08910ac08308120c3e121fa59cafb80990a10172894 -> gchindia. com/lib/pdf/Blackout-Rehearsal-Plan/wins/BlackoutRehearsalPlan.msi -> sync.amsisupport. com

feels like genai image for this #apt

#dprk #apt 공문_가상자산관련 외부평가위원 위촉 안내.zip adc4b34ec75d92ed7bcdc81f609732e57a0605662dd2c0f8b67d5647eb0ba1fa c2 sitisrlweb. com/wp-includes/js/inc/get.php decoy translated

#dailyphish using @msftresearch.bsky.social "sway" to host the phish

#dailyphish -> www.web3-companion.com

MILITARYSTRATEGY_00425.desktop 9b3f66b7cc7f00a1ff8f962f2a0f13765a8324d6b532be02dce14e0a0de7e723 #apt #linux

2025年《亚太区域经济合作发展报告》约稿回执.docx [spaces].IMG WindowsPCHealthCheckSetup.msi eFctA.mst f2b5cf94ffbf37b8d99c896010fce0c5fbaaa81b6219d4b79f19d6e3662a7658 约稿执.docx.lnk msiexec /qn /i WindowsPCHealthCheckSetup.msi TRANSFORMS=eFctA.mst -> 45.142.202.56

"Perelik_dokumentiv.txt.lnk" #apt 2f3b6223e31562592e86ae4dd4a5d0ceff518cf4feeb98f796febcb66d9148c4 146.185.239.10 decoy translated

#apt #linux #malware 165.227.153.114 161.35.24.231 Opportunity for Exercise, Re Exercise of Option for pay Fixation.desktop c2f0f011eabb4fae94e7a5973f1f05208e197db983a09e2f7096bcff69a794d1

#dailyphish @msftresearch.bsky.social phishers have leveraged "https://customervoice.microsoft.com/" in the past for phishing, and this campaign is no different customervoice[.microsoft.com/Pages/ResponsePage.aspx?id=qBF6XnWMPE-Egl3Cny39jo0zZ5NLG05MuWSz_MgG_0NUOFRYWDhDWVhWVE5IUEo4TVhaWlVJS1E0Ni4u

your hunting console should highlight this, whether or not there is a positive detection to go along with it

HTV-Opomena.pdf.lnk hosted on a Hungarian site, targeting Croatia 5bd9a248d2ced9d14d76da09ff55aaad445df45579783e9e6473507598411c74 samples download here: github.com/StrikeReady-... decoy is a legit gov doc talking about radio/tv policy

#apt 81de1af16a3f0d8e79b6869e54b50b51b029e33d223d3e48fd828736f3b82cd9 Email - Letter.rar www.mediafire[.]com/file_premium/dik84lh89bvzzkg/Email_-_Letter.rar/file 81de1af16a3f0d8e79b6869e54b50b51b029e33d223d3e48fd828736f3b82cd9 -> gofinancially[.]com/images/upload/0424.png decoy

#dprk #apt NTS_eTaxInvoice.html.lnk c8b4f858a44a7f0c10f342a33586200874952616274c95243d729f65a3043c78 -> deliberatecollaboration. com/wp-includes/js/inc/

#sidewinder #apt pimec-paknavy.updates-installer.store

pretty good #apt MSC, downloading unrar along with pass protected rar (pass uVtjpNSgTmwoK3gh and poiuytrewq1234) after 82798369823 levels of powershell Distribution Document.pdf. zip 9a5800b486cad5f8876d96084d713acaf75af8735e52e4cf1860aee682947d72 next stages on 92.119.114.128