GitHub

mmc_lolbas_execution_process_spawn.yml

description: The following analytic identifies `mmc.exe` spawning a LOLBAS execution process. It leverages data from Endpoint Detection and Response (EDR) agents, focusing on process creation events ...
GitHub

ImJer/blum-panel-fivem-backdoor-analysis

All payloads use api: "every" meaning they are available to every customer, not restricted by API key. The earliest payload dates to November 2024, proving the operation has been actively maintained ...
LinkedIn

RoyalCity Hiring Repo: Crypto Stealer Delivered Through an InfiniGods Impersonation

I received a take-home "assessment" repo that looked like a normal React/Node project. It was labeled InfiniGods / RoyalCity and presented as a villa rental and investment app. Before running anything ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...