Bulwark Black LLC

TeamPCP Spreads Trivy Supply Chain Attack to Docker Hub and Kubernetes with Devastating Wiper Payload

acint4 weeks ago03 mins

The cybersecurity community is reeling from an escalating supply chain attack targeting Trivy, Aqua Security’s popular open-source vulnerability scanner with over 33,800 GitHub stars. The threat actor known as TeamPCP has expanded their campaign from compromised GitHub Actions to Docker Hub images and now a destructive Kubernetes wiper that specifically targets Iranian infrastructure. The Attack…

FBI Flash Alert: Iranian Handala Hackers Weaponize Telegram for Malware C2 Operations

acint4 weeks ago02 mins

The FBI has issued a flash alert warning network defenders that Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) are actively using Telegram as command-and-control (C2) infrastructure in malware attacks targeting journalists, dissidents, and opposition groups worldwide. Threat Actor Profile The bureau attributed these attacks to two Iranian-linked threat groups: Attack Methodology…

Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale

acint4 weeks ago03 mins

Palo Alto Networks’ Unit 42 has published new research examining how the rise of “agentic commerce” – AI agents that autonomously browse, shop, and transact on behalf of users – could be exploited by cybercriminals to conduct retail fraud at unprecedented scale. Read the full research from Unit 42. The Coming Wave of Agentic Commerce…

CVE-2026-33017: Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours of Disclosure

acint4 weeks ago03 mins

A critical vulnerability in Langflow, the popular open-source visual framework for building AI agents and RAG pipelines, was weaponized by threat actors within just 20 hours of public disclosure—before any proof-of-concept code was publicly available. The Vulnerability Tracked as CVE-2026-33017 (CVSS 9.3), the vulnerability is an unauthenticated remote code execution (RCE) flaw affecting the /api/v1/build_public_tmp/{flow_id}/flow…

DoJ Disrupts Four Massive IoT Botnets Behind Record-Breaking 31.4 Tbps DDoS Attacks

acint4 weeks ago02 mins

The U.S. Department of Justice announced a major law enforcement operation to disrupt four IoT botnets — AISURU, Kimwolf, JackSkid, and Mossad — responsible for record-breaking distributed denial-of-service (DDoS) attacks reaching 31.4 terabits per second. The court-authorized takedown, conducted in partnership with authorities from Canada and Germany, targeted command-and-control infrastructure that had enslaved over 3…

Interlock Ransomware Exploited Cisco Firewall Zero-Day Weeks Before Public Disclosure

acint4 weeks ago03 mins

Amazon’s security team has revealed that the Interlock ransomware gang exploited a critical Cisco firewall vulnerability as a zero-day for five weeks before it was publicly disclosed, giving attackers a significant head start against defenders. Zero-Day Exploitation Timeline According to CJ Moses, CISO of Amazon Integrated Security, Interlock began exploiting CVE-2026-20131 on January 26, 2026…

DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover

acint4 weeks ago03 mins

Google Threat Intelligence Group (GTIG), iVerify, and Lookout have jointly uncovered DarkSword, a sophisticated iOS exploit kit that enables complete device compromise with minimal user interaction. The kit, operational since at least November 2025, has been deployed by suspected Russian state-sponsored actors targeting Ukrainian users, as well as commercial surveillance vendors across multiple countries. Six…

CVE-2026-33017: Critical Langflow AI Platform Flaw Exploited Within 20 Hours of Disclosure

acint4 weeks ago02 mins

A critical vulnerability in Langflow, a popular open-source AI workflow automation platform, has been actively exploited in the wild within just 20 hours of public disclosure—before any proof-of-concept code was even available. The Vulnerability Tracked as CVE-2026-33017 with a CVSS score of 9.3, the flaw combines missing authentication with code injection to enable unauthenticated remote…

Critical Langflow AI Platform Flaw CVE-2026-33017 Exploited Within 20 Hours of Disclosure

acint4 weeks ago03 mins

A critical vulnerability in Langflow, the popular open-source AI workflow platform, has been actively exploited within just 20 hours of its public disclosure—before any proof-of-concept code was even available. The rapid weaponization highlights the shrinking window defenders have to patch critical flaws. The Vulnerability: CVE-2026-33017 Tracked as CVE-2026-33017 with a CVSS score of 9.3, the…

CVE-2026-3564: Critical ScreenConnect Flaw Enables Session Hijacking Through ASP.NET Machine Key Abuse

acint4 weeks ago02 mins

ConnectWise has released an emergency patch for a critical vulnerability (CVE-2026-3564) in its ScreenConnect remote access platform that could allow unauthenticated attackers to hijack legitimate sessions by forging authentication credentials using extracted ASP.NET machine keys. Understanding the Vulnerability The flaw affects all versions of ScreenConnect before version 26.1 and stems from improper verification of cryptographic…

📁 Home → 📁 IOCs_YARA_TTPs_Posted_Articles ↓

Name	Size	Date
AsyncRAT-loader-URL-Check.txt AsyncRAT loader URL Check.txt text/plainAsyncRAT loader URL Check.txt Open Download Copy Link 2.46 KB 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	2.46 KB	January 7, 2024
AsyncRAT-loader-hashes.txt AsyncRAT loader hashes.txt text/plainAsyncRAT loader hashes.txt Open Download Copy Link 662 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	662 B	January 7, 2024
Hackers-Modifying-Registry-Keys-to-Establish-Persistence-via-Scheduled-Tasks.txt Hackers Modifying Registry Keys to Establish Persistence via Scheduled Tasks.txt text/plainHackers Modifying Registry Keys to Establish Persistence via Scheduled Tasks.txt Open Download Copy Link 945 B 2024-01-12 January 12, 2024 2024-01-06 January 6, 2024	945 B	January 6, 2024
Hackers-target-Apache-RocketMQ-servers-vulnerable-to-RCE-attack.txt Hackers target Apache RocketMQ servers vulnerable to RCE attack.txt text/plainHackers target Apache RocketMQ servers vulnerable to RCE attack.txt Open Download Copy Link 77 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	77 B	January 5, 2024
IOC-and-TTPs-Backdoor_Win32-Carbanak-Anunak-Named-Pipe-Null-DACL.txt IOC and TTPs Backdoor.Win32 Carbanak (Anunak) - Named Pipe Null DACL.txt text/plainIOC and TTPs Backdoor.Win32 Carbanak (Anunak) - Named Pipe Null DACL.txt Open Download Copy Link 5.02 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	5.02 KB	January 11, 2024
IOCs-Chapter-84-In-depth-analysis-and-technical-analysis-of-LockBit-the-top-encryption-ransomware-organization-Part-1.txt IOCs Chapter 84 In-depth analysis and technical analysis of LockBit the top encryption ransomware organization Part 1.txt text/plainIOCs Chapter 84 In-depth analysis and technical analysis of LockBit the top encryption ransomware organization Part 1.txt Open Download Copy Link 236 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	236 B	January 7, 2024
IOCs-and-TTPs-Financially-motivated-threat-actors-misusing-App-Installer.txt IOCs and TTPs Financially motivated threat actors misusing App Installer.txt text/plainIOCs and TTPs Financially motivated threat actors misusing App Installer.txt Open Download Copy Link 7.26 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	7.26 KB	January 9, 2024
IOCs-and-TTPs_-Analysis-of-OT-cyberattacks-and-malwares.txt IOCs and TTPs_ Analysis of OT cyberattacks and malwares.txt text/plainIOCs and TTPs_ Analysis of OT cyberattacks and malwares.txt Open Download Copy Link 8.82 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	8.82 KB	January 9, 2024
IOCs-and-Yara-Hundreds-of-Thousands-of-Dollars-Worth-of-Solana-Cryptocurrency-Assets-Stolen-in-Recent-CLINKSINK-Drainer-Campaigns.txt IOCs and Yara Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns.txt text/plainIOCs and Yara Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns.txt Open Download Copy Link 1.38 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	1.38 KB	January 11, 2024
IOCs-and-other-AsyncRat.txt IOCs and other AsyncRat.txt text/plainIOCs and other AsyncRat.txt Open Download Copy Link 1.04 KB 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	1.04 KB	January 7, 2024
IOCs-Deceptive-Cracked-Software-Spreads-Lumma-Variant-on-YouTube.txt IOCs Deceptive Cracked Software Spreads Lumma Variant on YouTube.txt text/plainIOCs Deceptive Cracked Software Spreads Lumma Variant on YouTube.txt Open Download Copy Link 1.16 KB 2024-01-12 January 12, 2024 2024-01-08 January 8, 2024	1.16 KB	January 8, 2024
IOCs-DreamBus-Unleashes-Metabase-Mayhem-With-New-Exploit-Module.txt IOCs DreamBus Unleashes Metabase Mayhem With New Exploit Module.txt text/plainIOCs DreamBus Unleashes Metabase Mayhem With New Exploit Module.txt Open Download Copy Link 1.65 KB 2024-01-12 January 12, 2024 2024-01-11 January 11, 2024	1.65 KB	January 11, 2024
IOCs-Hide-and-Seek-in-Windows-Closet-Unmasking-the-WinSxS-Hijacking-Hideout.txt IOCs Hide and Seek in Windows' Closet Unmasking the WinSxS Hijacking Hideout.txt text/plainIOCs Hide and Seek in Windows' Closet Unmasking the WinSxS Hijacking Hideout.txt Open Download Copy Link 415 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	415 B	January 5, 2024
IOCs-TTPs-and-yara-Opening-a-Can-of-Whoop-Ads-Detecting-and-Disrupting-a-Malvertising-Campaign-Distributing-Backdoors.txt IOCs TTPs and yara Opening a Can of Whoop Ads Detecting and Disrupting a Malvertising Campaign Distributing Backdoors.txt text/plainIOCs TTPs and yara Opening a Can of Whoop Ads Detecting and Disrupting a Malvertising Campaign Distributing Backdoors.txt Open Download Copy Link 15.56 KB 2024-01-12 January 12, 2024 2024-01-09 January 9, 2024	15.56 KB	January 9, 2024
IOCs-Tackling-Anti-Analysis-Techniques-of-GuLoader-and-RedLine-Stealer.txt IOCs Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer.txt text/plainIOCs Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer.txt Open Download Copy Link 143 B 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	143 B	January 5, 2024
Prior-to-Cyber-Attack-Russian-Attackers-Spent-Months-Inside-the-Ukraine-Telecoms-Giant.txt Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant.txt text/plainPrior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant.txt Open Download Copy Link 168 B 2024-01-12 January 12, 2024 2024-01-07 January 7, 2024	168 B	January 7, 2024
yara-rules-from-100-Days-of-Yara-and-other-infor.txt yara rules from 100 Days of Yara and other infor.txt text/plainyara rules from 100 Days of Yara and other infor.txt Open Download Copy Link 49.69 KB 2024-01-12 January 12, 2024 2024-01-05 January 5, 2024	49.69 KB	January 5, 2024
Pig-butchering-is-an-evolution-of-a-social-engineering-tactic-weve-seen-for-years.txt Pig butchering is an evolution of a social engineering tactic we’ve seen for years.txt text/plainPig butchering is an evolution of a social engineering tactic we’ve seen for years.txt Open Download Copy Link 770 B 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	770 B	March 22, 2024
IOCs-Curious-Serpens-FalseFont-Backdoor-Technical-Analysis-Detection-and-Prevention.txt IOCs Curious Serpens FalseFont Backdoor Technical Analysis Detection and Prevention.txt text/plainIOCs Curious Serpens FalseFont Backdoor Technical Analysis Detection and Prevention.txt Open Download Copy Link 501 B 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	501 B	March 22, 2024
IOCs-The-Updated-APT-Playbook-Tales-from-the-Kimsuky-threat-actor-group.txt IOCs The Updated APT Playbook Tales from the Kimsuky threat actor group.txt text/plainIOCs The Updated APT Playbook Tales from the Kimsuky threat actor group.txt Open Download Copy Link 1.44 KB 2024-03-22 March 22, 2024 2024-03-22 March 22, 2024	1.44 KB	March 22, 2024

https://bulwarkblack.com/page/4?ee=1&eeFolder=IOCs_YARA_TTPs_Posted_Articles&eeListID=2 0 1

1 - 20 21 - 21

Page: 1 of 2

6291fc182b