🎙️ On #PIVOTcon24 stage we have now Selena & Konstantin Klinger telling the saga of #TA577 - distributor of #Qbot and #Pikabot . Interesting tips for tracking being shared 💪
#PIVOTcon24 #CTI #ThreatIntel
⚠️TA577 starts spreading #Pikabot #malware
eml>.zip>.html(link)
html files with 0 detections on Virustotal and decoy latin words
🔥staging ip:
204.44.125.68
103.124.104.76
103.124.104.22
66.63.188.19
104.129.20.167
#infosecurity #CyberAttack
🚨 #Alert : #SysWhispers2 ( #directsyscalls / #indirectsyscalls ) uncovered in #Pikabot & #QBot
🔎 VMRay Labs identified #SysWhispers2 in #Pikabot samples. This evasion technique for #AVs & #EDRs is a well-known open-source framework whose usage we've tracked back to #QBot
🧵