Bulwark Black LLC

Metro4Shell: Critical React Native CLI Vulnerability Actively Exploited to Deploy Malware

acint2 months ago02 mins

Threat actors are actively exploiting a critical remote code execution vulnerability in the popular @react-native-community/cli npm package, impacting countless mobile application developers worldwide. The Vulnerability: CVE-2025-11953 Dubbed Metro4Shell, this critical vulnerability (CVSS 9.8) affects the Metro Development Server bundled with the React Native CLI. The flaw allows remote unauthenticated attackers to execute arbitrary operating system…

AiFrame Campaign: 30 Fake AI Chrome Extensions with 300K Users Steal Credentials, Gmail Content

acint2 months ago03 mins

Researchers at browser security platform LayerX have uncovered a coordinated malware campaign dubbed “AiFrame” involving 30 malicious Chrome extensions installed by more than 300,000 users. The extensions masquerade as AI assistants while secretly stealing credentials, email content, and browsing information. Campaign Overview All analyzed extensions share the same internal structure, JavaScript logic, permissions, and communicate…

Phorpiex Botnet Resurfaces: Phishing Campaign Delivers Offline-Capable Global Group Ransomware

acint2 months ago02 mins

A new phishing campaign leveraging the infamous Phorpiex botnet has been observed distributing Global Group ransomware through weaponized Windows shortcut (.LNK) files, according to a new advisory from Forcepoint X-Labs. The Attack Chain The campaign uses phishing emails with the subject line “Your Document” — a lure that has remained effective throughout 2024 and 2025….

Cybercriminals Weaponize ChatGPT and Grok to Distribute AMOS Stealer on macOS

acint2 months ago03 mins

A sophisticated attack campaign is exploiting user trust in artificial intelligence platforms to distribute the Atomic macOS Stealer (AMOS), representing a dangerous evolution in social engineering tactics that combines legitimate AI chatbot services with paid Google advertising. According to research from Flare, threat actors are creating shareable AI chat links on ChatGPT and Grok containing…

XWorm RAT Campaign Exploits CVE-2018-0802 in Multi-Language Phishing Attacks Using Fileless Injection

acint2 months ago03 mins

FortiGuard Labs has uncovered a sophisticated phishing campaign delivering XWorm version 7.2, a multi-functional Remote Access Trojan (RAT) that provides attackers with full remote control of compromised Windows systems. Campaign Overview The campaign utilizes multiple phishing email themes written in various languages to maximize its reach. Emails are disguised as: Payment detail requests requiring recipient…

Google Warns of Sustained Russia and China Cyberattacks Targeting Defense Industrial Base

acint2 months ago04 mins

Google Threat Intelligence Group (GTIG) has published a comprehensive report revealing persistent cyber operations targeting the defense industrial base (DIB) from Russia and China-linked threat actors. The findings detail how state-sponsored hackers are exploiting everything from battlefield messaging apps to edge network devices to compromise defense contractors, military personnel, and the broader supply chain. Key…

WormGPT Database Breach Exposes 19,000 Cybercriminal Users and Billing Data

acint2 months ago03 mins

A threat actor has leaked the complete WormGPT database, exposing over 19,000 users of the notorious cybercrime AI platform along with their email addresses, billing data, and subscription information.

Chinese APT UNC3886 Breaches Singapore’s Four Largest Telcos in Coordinated Espionage Campaign

acint2 months ago03 mins

Singapore’s government has officially confirmed that a sophisticated Chinese cyber-espionage group breached all four of the nation’s largest telecommunications providers in a coordinated campaign that exploited zero-day vulnerabilities and deployed advanced persistence mechanisms. The Cyber Security Agency of Singapore (CSA) disclosed that UNC3886, a threat actor tracked by Google’s Mandiant security unit and linked to…

BlueNoroff’s GhostCall and GhostHire Campaigns Use Stolen Victim Videos to Compromise Crypto Executives

acint2 months ago03 mins

North Korean threat actor BlueNoroff (also known as Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has launched two sophisticated campaigns—GhostCall and GhostHire—targeting cryptocurrency executives, blockchain developers, and venture capital professionals, according to research published by Kaspersky. GhostCall: Fake Investment Meetings with Real Victim Recordings In the GhostCall campaign, attackers impersonate venture capitalists on…

APT28 Exploits CVE-2026-21509 in Operation Neusploit: Stealing Emails with MiniDoor Backdoor

acint2 months ago03 mins

Russia’s infamous APT28 (Fancy Bear/Forest Blizzard) threat group has weaponized a recently patched Microsoft Office vulnerability in just three days, launching a sophisticated espionage campaign dubbed Operation Neusploit targeting government and diplomatic entities across Central and Eastern Europe. Rapid Weaponization of CVE-2026-21509 Zscaler ThreatLabz researchers discovered that APT28 began exploiting CVE-2026-21509—a critical Microsoft Office memory…

📁 Home → 📁 IOCs_YARA_TTPs_Posted_Articles ↓

Name	Size	Date
AsyncRAT-loader-URL-Check.txt AsyncRAT loader URL Check.txt text/plainAsyncRAT loader URL Check.txt Open Download Copy Link 2.46 KB 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	2.46 KB	January 7, 2024
AsyncRAT-loader-hashes.txt AsyncRAT loader hashes.txt text/plainAsyncRAT loader hashes.txt Open Download Copy Link 662 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	662 B	January 7, 2024
Hackers-Modifying-Registry-Keys-to-Establish-Persistence-via-Scheduled-Tasks.txt Hackers Modifying Registry Keys to Establish Persistence via Scheduled Tasks.txt text/plainHackers Modifying Registry Keys to Establish Persistence via Scheduled Tasks.txt Open Download Copy Link 945 B 2024-01-12 January 12, 2024 2024-01-06 January 6, 2024	945 B	January 6, 2024
Hackers-target-Apache-RocketMQ-servers-vulnerable-to-RCE-attack.txt Hackers target Apache RocketMQ servers vulnerable to RCE attack.txt text/plainHackers target Apache RocketMQ servers vulnerable to RCE attack.txt Open Download Copy Link 77 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	77 B	January 5, 2024
IOC-and-TTPs-Backdoor_Win32-Carbanak-Anunak-Named-Pipe-Null-DACL.txt IOC and TTPs Backdoor.Win32 Carbanak (Anunak) - Named Pipe Null DACL.txt text/plainIOC and TTPs Backdoor.Win32 Carbanak (Anunak) - Named Pipe Null DACL.txt Open Download Copy Link 5.02 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	5.02 KB	January 11, 2024
IOCs-Chapter-84-In-depth-analysis-and-technical-analysis-of-LockBit-the-top-encryption-ransomware-organization-Part-1.txt IOCs Chapter 84 In-depth analysis and technical analysis of LockBit the top encryption ransomware organization Part 1.txt text/plainIOCs Chapter 84 In-depth analysis and technical analysis of LockBit the top encryption ransomware organization Part 1.txt Open Download Copy Link 236 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	236 B	January 7, 2024
IOCs-and-TTPs-Financially-motivated-threat-actors-misusing-App-Installer.txt IOCs and TTPs Financially motivated threat actors misusing App Installer.txt text/plainIOCs and TTPs Financially motivated threat actors misusing App Installer.txt Open Download Copy Link 7.26 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	7.26 KB	January 9, 2024
IOCs-and-TTPs_-Analysis-of-OT-cyberattacks-and-malwares.txt IOCs and TTPs_ Analysis of OT cyberattacks and malwares.txt text/plainIOCs and TTPs_ Analysis of OT cyberattacks and malwares.txt Open Download Copy Link 8.82 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	8.82 KB	January 9, 2024
IOCs-and-Yara-Hundreds-of-Thousands-of-Dollars-Worth-of-Solana-Cryptocurrency-Assets-Stolen-in-Recent-CLINKSINK-Drainer-Campaigns.txt IOCs and Yara Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns.txt text/plainIOCs and Yara Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns.txt Open Download Copy Link 1.38 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	1.38 KB	January 11, 2024
IOCs-and-other-AsyncRat.txt IOCs and other AsyncRat.txt text/plainIOCs and other AsyncRat.txt Open Download Copy Link 1.04 KB 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	1.04 KB	January 7, 2024
IOCs-Deceptive-Cracked-Software-Spreads-Lumma-Variant-on-YouTube.txt IOCs Deceptive Cracked Software Spreads Lumma Variant on YouTube.txt text/plainIOCs Deceptive Cracked Software Spreads Lumma Variant on YouTube.txt Open Download Copy Link 1.16 KB 2024-01-12 January 12, 2024 2024-01-08 January 8, 2024	1.16 KB	January 8, 2024
IOCs-DreamBus-Unleashes-Metabase-Mayhem-With-New-Exploit-Module.txt IOCs DreamBus Unleashes Metabase Mayhem With New Exploit Module.txt text/plainIOCs DreamBus Unleashes Metabase Mayhem With New Exploit Module.txt Open Download Copy Link 1.65 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	1.65 KB	January 11, 2024
IOCs-Hide-and-Seek-in-Windows-Closet-Unmasking-the-WinSxS-Hijacking-Hideout.txt IOCs Hide and Seek in Windows' Closet Unmasking the WinSxS Hijacking Hideout.txt text/plainIOCs Hide and Seek in Windows' Closet Unmasking the WinSxS Hijacking Hideout.txt Open Download Copy Link 415 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	415 B	January 5, 2024
IOCs-TTPs-and-yara-Opening-a-Can-of-Whoop-Ads-Detecting-and-Disrupting-a-Malvertising-Campaign-Distributing-Backdoors.txt IOCs TTPs and yara Opening a Can of Whoop Ads Detecting and Disrupting a Malvertising Campaign Distributing Backdoors.txt text/plainIOCs TTPs and yara Opening a Can of Whoop Ads Detecting and Disrupting a Malvertising Campaign Distributing Backdoors.txt Open Download Copy Link 15.56 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	15.56 KB	January 9, 2024
IOCs-Tackling-Anti-Analysis-Techniques-of-GuLoader-and-RedLine-Stealer.txt IOCs Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer.txt text/plainIOCs Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer.txt Open Download Copy Link 143 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	143 B	January 5, 2024
Prior-to-Cyber-Attack-Russian-Attackers-Spent-Months-Inside-the-Ukraine-Telecoms-Giant.txt Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant.txt text/plainPrior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant.txt Open Download Copy Link 168 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	168 B	January 7, 2024
yara-rules-from-100-Days-of-Yara-and-other-infor.txt yara rules from 100 Days of Yara and other infor.txt text/plainyara rules from 100 Days of Yara and other infor.txt Open Download Copy Link 49.69 KB 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	49.69 KB	January 5, 2024
Pig-butchering-is-an-evolution-of-a-social-engineering-tactic-weve-seen-for-years.txt Pig butchering is an evolution of a social engineering tactic we’ve seen for years.txt text/plainPig butchering is an evolution of a social engineering tactic we’ve seen for years.txt Open Download Copy Link 770 B 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	770 B	March 22, 2024
IOCs-Curious-Serpens-FalseFont-Backdoor-Technical-Analysis-Detection-and-Prevention.txt IOCs Curious Serpens FalseFont Backdoor Technical Analysis Detection and Prevention.txt text/plainIOCs Curious Serpens FalseFont Backdoor Technical Analysis Detection and Prevention.txt Open Download Copy Link 501 B 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	501 B	March 22, 2024
IOCs-The-Updated-APT-Playbook-Tales-from-the-Kimsuky-threat-actor-group.txt IOCs The Updated APT Playbook Tales from the Kimsuky threat actor group.txt text/plainIOCs The Updated APT Playbook Tales from the Kimsuky threat actor group.txt Open Download Copy Link 1.44 KB 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	1.44 KB	March 22, 2024

https://bulwarkblack.com/page/15?ee=1&eeFolder=IOCs_YARA_TTPs_Posted_Articles&eeListID=2 0 1

1 - 20 21 - 21

Page: 1 of 2

1402c6ab4a