Brute Ratel C4 Detected – 52[.]194[.]85[.]123:80
The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...
Wifi_Db – Script To Parse Aircrack-ng Captures To A SQLite Database
Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes (in 22000 hashcat format), MGT...
FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps
An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South...
Malware Analysis – djvu – ce3b3de5f62d393aeebd49c31bd29d41
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: ce3b3de5f62d393aeebd49c31bd29d41SHA1: 154ab2adc0f1921e0a2d6956e33d980e921a901fANALYSIS DATE: 2023-03-17T16:11:34ZTTPS: T1222, T1012, T1082, T1053,...
Malware Analysis – djvu – 68b0f16d837d77eb7edb40ade07b3844
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 68b0f16d837d77eb7edb40ade07b3844SHA1: e235b7725b1c1e5c7162f0010a7db46073b80040ANALYSIS DATE: 2023-03-17T16:15:06ZTTPS: T1060, T1112, T1012, T1082,...
Malware Analysis – gafgyt – bb5ac3218b68aec33e16261196971d7f
Score: 10 MALWARE FAMILY: gafgytTAGS:family:gafgyt, family:plugx, family:redline, botnet, discovery, exploit, infostealer, persistence, trojanMD5: bb5ac3218b68aec33e16261196971d7fSHA1: 7df56150a22016e079c4b3e3a45446bffc2fcd9eANALYSIS DATE: 2023-03-17T16:30:04ZTTPS: T1082, T1050, T1060,...
Malware Analysis – smokeloader – 3e59d07d7af4a0b0314ffcbff5fd12d8
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 3e59d07d7af4a0b0314ffcbff5fd12d8SHA1: fc32ffaf265d7b38adc59092c967babf1fd92baaANALYSIS DATE: 2023-03-17T17:31:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – discovery – 7a42e24c7b1607887a49e5929d38f8f9
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: 7a42e24c7b1607887a49e5929d38f8f9SHA1: 41f9462a8182758714761a839664f69d9d2c3b7eANALYSIS DATE: 2023-03-17T17:26:40ZTTPS: T1060, T1112, T1012, T1042, T1082, T1130 ScoreMeaningExample10Known badA malware...
Malware Analysis – ransomware – 3b56fee645b36a022471189294485517
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 3b56fee645b36a022471189294485517SHA1: 90138e3902b096a89b03271ea664ccc6193b766cANALYSIS DATE: 2023-03-17T17:07:14ZTTPS: T1005, T1081, T1491, T1112, T1082 ScoreMeaningExample10Known badA malware family...
Malware Analysis – amadey – 06c1e142d1c9f438103774ec50d9b348
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:rhadamanthys, family:smokeloader, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, botnet:pub1, botnet:sprg, backdoor, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 06c1e142d1c9f438103774ec50d9b348SHA1:...
Malware Analysis – amadey – a480e4bf51162bfd63ed718149a4a608
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:rhadamanthys, family:smokeloader, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, botnet:pub1, botnet:sprg, backdoor, discovery, persistence, ransomware, stealer, trojanMD5: a480e4bf51162bfd63ed718149a4a608SHA1: 16b9d95ce72eceef41e51df9c30c1f84e63d9d72ANALYSIS...
Malware Analysis – djvu – bea14d484e11b88a5a1f76233f52f732
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: bea14d484e11b88a5a1f76233f52f732SHA1: 0c391495bc75c4926b52b14fdd27bd3f7e410911ANALYSIS DATE: 2023-03-17T17:52:32ZTTPS: T1222, T1060, T1112, T1005,...
Malware Analysis – ransomware – 2e7a4354b997f086db89e1a28ca60816
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 2e7a4354b997f086db89e1a28ca60816SHA1: ee98de0cbeefd9df93c364719b2ae69696f32382ANALYSIS DATE: 2023-03-17T18:12:54ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – djvu – 26551b9c3dbace2dd837828f85d078bd
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:d6ef050131e7d5a1d595c51613328971, discovery, persistence, ransomware, spyware, stealerMD5: 26551b9c3dbace2dd837828f85d078bdSHA1: 52ca324a5cf64db3586f4b2d5f9607144b044c74ANALYSIS DATE: 2023-03-17T17:50:19ZTTPS: T1012, T1222, T1082, T1053,...
LockBit 3.0 Ransomware Victim: meatel[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: mandirisekuritas[.]co[.]id
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: perfectplacement[.]co[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: waldogeneral[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: buehnen[.]de
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: ktcs[.]com[.]my
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: r-pac[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: radium[.]com[.]tw
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android...
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use...
