Bulwark Black LLC

Chinese APT Exploited Dell RecoverPoint Zero-Day for 18 Months Before Discovery

acint2 months ago03 mins

A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day vulnerability in Dell’s RecoverPoint for Virtual Machines (CVE-2026-22769) since at least mid-2024, according to new research from Google’s Threat Intelligence Group (GTIG) and Mandiant. The attackers deployed sophisticated backdoors and maintained persistent access inside targeted networks for over 18 months before discovery. 🎯…

Remcos RAT Evolves with Real-Time Webcam Streaming and Live Keylogging Capabilities

acint2 months ago02 mins

A newly observed variant of Remcos RAT has introduced significant upgrades to its surveillance arsenal, marking a dangerous evolution in how this remote access trojan operates on compromised Windows systems. From Storage to Streaming According to Infosecurity Magazine, the updated strain represents a fundamental shift in operational methodology. Rather than relying primarily on storing stolen…

CVE-2026-20841: Windows Notepad RCE Vulnerability Weaponized with Public PoC Exploit

acint2 months ago03 mins

A high-severity remote code execution (RCE) vulnerability in Microsoft’s modern Windows Notepad application has been patched as part of the February 2026 Patch Tuesday release—but security researchers have already published a working proof-of-concept exploit on GitHub, raising concerns about active exploitation in the wild. The Vulnerability: Command Injection via Markdown Rendering Tracked as CVE-2026-20841, the…

SANDWORMMODE: Self-Replicating npm Worm Steals Dev Secrets and Targets AI Coding Tools

acint2 months ago02 mins

A sophisticated supply chain worm dubbed SANDWORMMODE is actively targeting the npm ecosystem, compromising at least 19 malicious packages designed to steal developer credentials and CI/CD secrets while automatically spreading across repositories and workflows. Researchers at Socket identified the campaign, which uses typosquatted npm packages and poisoned GitHub Actions to infect developer machines and CI…

Starkiller: New Commercial-Grade Phishing Kit Bypasses MFA with Live Site Proxying

acint2 months ago02 mins

A newly uncovered phishing kit allows cybercriminals to steal credentials with a sophisticated toolkit that spoofs live login pages and bypasses multi-factor authentication (MFA) protections, cybersecurity analysts at Abnormal Security have warned. Dubbed Starkiller, the phishing platform has been described as “a commercial-grade cybercrime platform” and “a comprehensive toolkit for stealing identities at scale.” The…

IDMerit Exposes One Billion Personal Records in Massive KYC Database Leak

acint2 months ago03 mins

Digital identity verification provider IDMerit inadvertently exposed more than one billion personal records across 26 countries after leaving a database unsecured and accessible on the public internet, according to research by Cybernews. Scale of the Exposure The exposed MongoDB database contained over three billion records weighing more than one terabyte. Security researchers estimate that approximately…

Facebook Malvertising Campaign Uses Fake Windows 11 Pages to Deploy Credential-Stealing Malware

acint2 months ago03 mins

Attackers are running a sophisticated malvertising campaign that leverages paid Facebook ads to distribute credential-stealing malware disguised as official Windows 11 updates. The campaign uses convincing fake Microsoft download pages and includes multiple technical countermeasures designed to evade security researchers. How the Attack Works The campaign starts with professional-looking Facebook advertisements featuring Microsoft branding, promoting…

AI-Fueled Supply Chain Attacks Surge in Asia-Pacific: Group-IB Report Exposes Self-Reinforcing Cybercrime Ecosystem

acint2 months ago04 mins

Supply chain cyber attacks are reshaping the threat landscape across Asia-Pacific, as criminals and state-aligned groups increasingly use trusted vendors, software components, and service providers as entry points into broader networks, according to Group-IB’s High-Tech Crime Trends Report 2026. The Interconnected Threat Ecosystem The report describes a fundamental shift from single-target intrusions to what it…

287 Chrome Extensions Caught Exfiltrating Browsing History from 37.4 Million Users

acint2 months ago02 mins

A massive data exfiltration operation involving 287 Chrome extensions that secretly steal browsing history from approximately 37.4 million users worldwide has been uncovered by security researcher Q Continuum (alias qcontinuum1). The discovery represents roughly one percent of the global Chrome user base, highlighting a significant privacy breach affecting millions of internet users. How the Extensions…

Kimwolf Botnet Swamps I2P Anonymity Network in Massive Sybil Attack

acint2 months ago13 mins

The massive Kimwolf IoT botnet has caused significant disruptions to The Invisible Internet Project (I2P), a decentralized privacy network, after botnet operators accidentally overwhelmed the system while attempting to use it for command-and-control evasion. The Attack According to Krebs on Security, I2P users began reporting severe network disruptions on February 3, 2026, when tens of…

📁 Home → 📁 IOCs_YARA_TTPs_Posted_Articles ↓

Name	Size	Date
AsyncRAT-loader-URL-Check.txt AsyncRAT loader URL Check.txt text/plainAsyncRAT loader URL Check.txt Open Download Copy Link 2.46 KB 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	2.46 KB	January 7, 2024
AsyncRAT-loader-hashes.txt AsyncRAT loader hashes.txt text/plainAsyncRAT loader hashes.txt Open Download Copy Link 662 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	662 B	January 7, 2024
Hackers-Modifying-Registry-Keys-to-Establish-Persistence-via-Scheduled-Tasks.txt Hackers Modifying Registry Keys to Establish Persistence via Scheduled Tasks.txt text/plainHackers Modifying Registry Keys to Establish Persistence via Scheduled Tasks.txt Open Download Copy Link 945 B 2024-01-12 January 12, 2024 2024-01-06 January 6, 2024	945 B	January 6, 2024
Hackers-target-Apache-RocketMQ-servers-vulnerable-to-RCE-attack.txt Hackers target Apache RocketMQ servers vulnerable to RCE attack.txt text/plainHackers target Apache RocketMQ servers vulnerable to RCE attack.txt Open Download Copy Link 77 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	77 B	January 5, 2024
IOC-and-TTPs-Backdoor_Win32-Carbanak-Anunak-Named-Pipe-Null-DACL.txt IOC and TTPs Backdoor.Win32 Carbanak (Anunak) - Named Pipe Null DACL.txt text/plainIOC and TTPs Backdoor.Win32 Carbanak (Anunak) - Named Pipe Null DACL.txt Open Download Copy Link 5.02 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	5.02 KB	January 11, 2024
IOCs-Chapter-84-In-depth-analysis-and-technical-analysis-of-LockBit-the-top-encryption-ransomware-organization-Part-1.txt IOCs Chapter 84 In-depth analysis and technical analysis of LockBit the top encryption ransomware organization Part 1.txt text/plainIOCs Chapter 84 In-depth analysis and technical analysis of LockBit the top encryption ransomware organization Part 1.txt Open Download Copy Link 236 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	236 B	January 7, 2024
IOCs-and-TTPs-Financially-motivated-threat-actors-misusing-App-Installer.txt IOCs and TTPs Financially motivated threat actors misusing App Installer.txt text/plainIOCs and TTPs Financially motivated threat actors misusing App Installer.txt Open Download Copy Link 7.26 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	7.26 KB	January 9, 2024
IOCs-and-TTPs_-Analysis-of-OT-cyberattacks-and-malwares.txt IOCs and TTPs_ Analysis of OT cyberattacks and malwares.txt text/plainIOCs and TTPs_ Analysis of OT cyberattacks and malwares.txt Open Download Copy Link 8.82 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	8.82 KB	January 9, 2024
IOCs-and-Yara-Hundreds-of-Thousands-of-Dollars-Worth-of-Solana-Cryptocurrency-Assets-Stolen-in-Recent-CLINKSINK-Drainer-Campaigns.txt IOCs and Yara Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns.txt text/plainIOCs and Yara Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns.txt Open Download Copy Link 1.38 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	1.38 KB	January 11, 2024
IOCs-and-other-AsyncRat.txt IOCs and other AsyncRat.txt text/plainIOCs and other AsyncRat.txt Open Download Copy Link 1.04 KB 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	1.04 KB	January 7, 2024
IOCs-Deceptive-Cracked-Software-Spreads-Lumma-Variant-on-YouTube.txt IOCs Deceptive Cracked Software Spreads Lumma Variant on YouTube.txt text/plainIOCs Deceptive Cracked Software Spreads Lumma Variant on YouTube.txt Open Download Copy Link 1.16 KB 2024-01-12 January 12, 2024 2024-01-08 January 8, 2024	1.16 KB	January 8, 2024
IOCs-DreamBus-Unleashes-Metabase-Mayhem-With-New-Exploit-Module.txt IOCs DreamBus Unleashes Metabase Mayhem With New Exploit Module.txt text/plainIOCs DreamBus Unleashes Metabase Mayhem With New Exploit Module.txt Open Download Copy Link 1.65 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	1.65 KB	January 11, 2024
IOCs-Hide-and-Seek-in-Windows-Closet-Unmasking-the-WinSxS-Hijacking-Hideout.txt IOCs Hide and Seek in Windows' Closet Unmasking the WinSxS Hijacking Hideout.txt text/plainIOCs Hide and Seek in Windows' Closet Unmasking the WinSxS Hijacking Hideout.txt Open Download Copy Link 415 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	415 B	January 5, 2024
IOCs-TTPs-and-yara-Opening-a-Can-of-Whoop-Ads-Detecting-and-Disrupting-a-Malvertising-Campaign-Distributing-Backdoors.txt IOCs TTPs and yara Opening a Can of Whoop Ads Detecting and Disrupting a Malvertising Campaign Distributing Backdoors.txt text/plainIOCs TTPs and yara Opening a Can of Whoop Ads Detecting and Disrupting a Malvertising Campaign Distributing Backdoors.txt Open Download Copy Link 15.56 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	15.56 KB	January 9, 2024
IOCs-Tackling-Anti-Analysis-Techniques-of-GuLoader-and-RedLine-Stealer.txt IOCs Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer.txt text/plainIOCs Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer.txt Open Download Copy Link 143 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	143 B	January 5, 2024
Prior-to-Cyber-Attack-Russian-Attackers-Spent-Months-Inside-the-Ukraine-Telecoms-Giant.txt Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant.txt text/plainPrior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant.txt Open Download Copy Link 168 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	168 B	January 7, 2024
yara-rules-from-100-Days-of-Yara-and-other-infor.txt yara rules from 100 Days of Yara and other infor.txt text/plainyara rules from 100 Days of Yara and other infor.txt Open Download Copy Link 49.69 KB 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	49.69 KB	January 5, 2024
Pig-butchering-is-an-evolution-of-a-social-engineering-tactic-weve-seen-for-years.txt Pig butchering is an evolution of a social engineering tactic we’ve seen for years.txt text/plainPig butchering is an evolution of a social engineering tactic we’ve seen for years.txt Open Download Copy Link 770 B 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	770 B	March 22, 2024
IOCs-Curious-Serpens-FalseFont-Backdoor-Technical-Analysis-Detection-and-Prevention.txt IOCs Curious Serpens FalseFont Backdoor Technical Analysis Detection and Prevention.txt text/plainIOCs Curious Serpens FalseFont Backdoor Technical Analysis Detection and Prevention.txt Open Download Copy Link 501 B 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	501 B	March 22, 2024
IOCs-The-Updated-APT-Playbook-Tales-from-the-Kimsuky-threat-actor-group.txt IOCs The Updated APT Playbook Tales from the Kimsuky threat actor group.txt text/plainIOCs The Updated APT Playbook Tales from the Kimsuky threat actor group.txt Open Download Copy Link 1.44 KB 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	1.44 KB	March 22, 2024

https://bulwarkblack.com/page/12?ee=1&eeFolder=IOCs_YARA_TTPs_Posted_Articles&eeListID=2 0 1

1 - 20 21 - 21

Page: 1 of 2

1402c6ab4a