infosec.exchange
Open in
urlscan Pro
2a04:4e42::820
Public Scan
URL:
https://infosec.exchange/@screaminggoat/113546006053164263
Submission: On November 26 via api from IN — Scanned from US
Submission: On November 26 via api from IN — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Mastodon Create accountLogin RECENT SEARCHES No recent searches SEARCH OPTIONS Only available when logged in. infosec.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse. A Mastodon instance for info/cyber security-minded people. ADMINISTERED BY: Merry Jerry, powered by AI️ @jerry SERVER STATS: 15K active users infosec.exchange: About · Profiles directory · Privacy policy Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.1+glitch POSTS AND REPLIES Not Simon @screaminggoat ENFeatures an attached preview cardPublic Trend Micro: Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions [www.trendmicro.com] Trend Micro reports on Chinese state-sponsored APT Salt Typhoon (tracked as Earth Estries) using a new backdoor GHOSTSPIDER, discovered in racent attacks on Southeast Asian telecommunications companies. The campaign and attacker infrastructure analysis turned up interesting insights. Salt Typhoon also uses the backdoor SNAPPYBEE (aka Deed RAT) which is shared among Chinese APT groups. A cross-platform backdoor dubbed MASOL RAT targeted Linux systems on Southeast Asian government networks. Trend Micro also provides a disclaimer on their attribution to Microsoft's Salt Typhoon, stating that they "can only confirm that some of Earth Estries' tactics, techniques, and procedures (TTPs) overlap with that of FamousSparrow and GhostEmperor." Indicators of compromise plus 2 yara rules provided. Trend Micro · 1dGame of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions #famoussparrow#earthestries#ghostemperor…and 13 more 21h Not Simon @screaminggoat@infosec.exchange Analysis of Trend Micro's Salt Typhoon Indicators of Compromise [www.trendmicro.com] (IOC): Unsurprising that there's overlap between other previous GhostEmperor and Trend Micro reporting since they were used to pivot. * 193.239.86[.]168 seen July 17, 2024 - Sygnia: The Return of Ghost Emperor's Demodex [www.sygnia.co] * imap.dateupdata[.]com also mentioned in Sygnia post * 25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b and 6d64643c044fe534dbb2c1158409138fcded757e550c6f79eada15e69a7865bc show up November 07, 2024 - Trend Micro: Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations [www.trendmicro.com] cc: @nattothoughts My Salt Typhoon [infosec.press] APT profile was updated to include Trend Micro's blog post, and vulnerabilities exploited. #famoussparrow#earthestries#ghostemperor…and 13 more Nov 25, 2024, 12:42 PM·Public Last edited Nov 25, 12:43 PM 0boosts·3favorites Natto Thoughts @nattothoughts ENThis toot is a replyPublic @screaminggoat Thank you for keeping tracking on this. 10h ExploreLive feeds -------------------------------------------------------------------------------- Mastodon is the best way to keep up with what's happening. Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight. Create accountLogin -------------------------------------------------------------------------------- About Drag & drop to upload