Intel 471

?? EMERGING THREAT UPDATE: LOCKBIT 4.0 ?? LockBit 4.0 is pushing its evasion tactics further, using modified PowerShell scripts to execute malicious DLL payloads while disabling security features to stay undetected. Researchers have also observed obfuscation techniques that make detection even more challenging. The ransomware continues its pattern of encrypting files, appending the “.lockbit” extension, and demanding payment through a dropped ransom note. Intel 471 threat hunters have updated the collection with Hunt Packages tracking mshta.exe abuse, PowerShell-based downloads and execution, privilege escalation, RDP modifications, and obfuscated exfiltration methods using Rclone and MegaCMD. As LockBit operators refine their techniques, defenders must move just as fast. ?? Hunt Collection: https://hubs.la/Q03bNL5H0) ?? Full Report: https://hubs.la/Q03bNMVF0 Get free access to HUNTER Community Edition, including TTP-based hunt packages for SIEM, EDR, NDR, and XDR platforms, threat emulation & validation, analyst-focused runbooks, and transparent threat intelligence. Sign up here: https://hubs.la/Q03bNL9k0 #emergingthreat #threathunting #cybersecurity #infosec #threatintelligence #cyberthreats #lockbit

Cybersecurity researchers have identified a new variant of the TgToxic Android malware. This new variant is designed to steal user credentials, cryptocurrency from digital wallets and funds from banking and finance apps. Intel 471 was mentioned in a recent SC Media article highlighting how the malware now also features improved emulator detection and updates to its command-and-control URL generation, allowing it to avoid detection. Read more: https://hubs.la/Q03bLHS_0

Black Basta’s leader didn’t just slip through the cracks. He walked out of an Armenian courtroom and vanished. Intel 471 connected the dots, linking the ransomware gang’s leader, known as GG, to Oleg Nefedov. Leaked messages suggest high-level connections helped him escape. Read more on CyberNews: https://hubs.la/Q039W60W0 #Intel471 #cybersecurity #CTI

The highly anticipated 2025 SANS Threat Hunting Survey is almost here. Join SANS Principal Instructor Josh Lemon on March 13 for an exclusive first look at the findings and what they reveal about how organizations are tackling AI-driven threats and cloud security challenges. The webcast will explore key trends in threat detection, the impact of generative AI, and strategies for defending against supply chain attacks. Register here to attend: https://hubs.la/Q03bw8NJ0 #threathunting #SANSResearch #cybersecurity

Threat hunting is only effective when it’s focused on the right things. Too many hunters waste time on distractions instead of what drives real results. Out of the Woods: The Threat Hunting Podcast goes live tomorrow with an interactive discussion on how experienced hunters prioritize their time, refine their investigative approach, and avoid common pitfalls. Our hosts will share lessons learned, mistakes to watch for, and strategies that make an impact. Listeners can be part of the conversation through our Discord channel, where our hosts will be engaging in real time. Join the discussion: https://hubs.la/Q03bpX160 #threathunting #threatintelligence #cybersecurity #securityanalyst

If you’re the buyer of security products for a large company, how do you ensure that a product works as promised? In this Studio 471 episode, Simon Edwards of SE Labs walks through how his company conducts ethical and realistic tests based on the Cyber Kill Chain and MITRE ATT&CK. ??Tune in as Simon breaks down his approach to testing security software, sharing insights on his methods and what sets effective testing apart: https://hubs.la/Q03bjM4Q0 #Intel471 #Studio471 #cybersecurity #CTI

Threat hunting is stronger when we refine our approach together. Join Intel 471’s Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs on March 27 from 9:30 AM to 1:30 PM ET for a four-hour hands-on session focused on identifying adversary behaviors and sharpening investigative techniques. This interactive workshop covers key cybersecurity models, structured methodologies, and real-world hunting scenarios to help you build a stronger, intelligence-driven process. Those who complete the final challenge will earn the Threat Hunting – Foundational Badge, recognizing their ability to apply these skills in real investigations. Sign up today: https://hubs.la/Q03bcycD0 #threathunting #threatintelligence #cybersecurity #securityfoundations #TTPs

Intel 471 was cited in a recent article by Risky Business News, highlighting the leader of Black Basta gang being arrested after internal chat logs leaked online last month. This takedown is a significant achievement in the fight against cybercrime and emphasizes the importance of global collaboration in combating cyber threats. To learn more you can read the Risky Business news story below. https://hubs.la/Q039PT-_0 #Intel471 #cybersecurity #CTI #RiskyBiz

Don’t forget to mark your calendar for our 471 UnConference in Charlotte! ?? Join Intel 471 along with Charlotte's top cybersecurity industry experts at this exclusive UnConference. Afterwards, join us for drinks and steak at Fleming's Prime Steakhouse to network and unwind. ?? Limited spots are available; Reserve your spot here: https://hubs.la/Q039K8WY0

Only a few spots left for Breakfast Byte: Intelligence Driven Threat Hunting! We hope you will join us March 13th from 8:30-11:00 in Zagreb. Registration is required. Don't wait, snag your spot today! https://hubs.la/Q039J6Mj0 This event is being hosted with the support of the U.S. Commercial Service Zagreb, Croatia. #Intel471 #cybersecurity #CTI