Florian Roth

@cyb3rops

Placeholder profile : https://x.com/cyb3rops | glad to be in this respectful safe space | vi/vim

1,353
Followers 3
Following 5
Posts 16.11.2024
Joined

Posts Following

Latest posts by Florian Roth @cyb3rops

Florian Roth ⚡️ on X: "Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs https://t.co/UlLkyZM6eC" / X Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs https://t.co/UlLkyZM6eC

FYI we got some IOCs from @rapid7.com
x.com/cyb3rops/sta...

02.02.2026 16:30 👍 4 🔁 0 💬 0 📌 0

Write-up says update traffic was selectively redirected to attacker-controlled servers & hints at a CN state group

If that’s the case, there must be at least some infra IOCs: IPs/FQDNs, redirect URL

Even if you don’t have package hashes, can you share infra IOCs so people can check proxy/DNS logs?

02.02.2026 11:08 👍 23 🔁 0 💬 1 📌 0

Never give up! We got your back

21.11.2024 07:26 👍 1 🔁 0 💬 0 📌 0

🫶😹

20.11.2024 21:02 👍 0 🔁 0 💬 0 📌 0

16.11.2024 08:37 👍 23 🔁 1 💬 0 📌 1