Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.
PEGASUS data leaks are on sale on the web. The user lucifer6a offers them on Raid Forums with a couple of samples to confirm its authenticity. They seem genuine
PEGASUS malware data leaked are on sale on the web. The user lucifer6a proposes it on Raid Forums with a couple of samples to confirm its authenticity. According to the post, the offer is linked to “The suspected hacking ‘wishlist’ reportedly goes back to 2016 and consists of entries selected by NSO Group clients in 10 countries, including Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE). Clients in Mexico selected the most numbers – more than 15,000 – followed by Morocco and the UAE, each with more than 10,000 numbers.” Based on some superficial research, the information shown appears genuine.