Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers
Image: AI-generated through Midjourney The Roaming Mantis malware distribution campaign has updated its Android malware to include a DNS changer...
Vice Society Ransomware Victim: University of Duisburg-Essen
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Vice Society Ransomware Victim: Monmouth College
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cobalt Stike Beacon Detected – 194[.]165[.]16[.]62:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 121[.]4[.]154[.]240:4000
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 182[.]160[.]0[.]248:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Posh C2 Detected – 146[.]190[.]86[.]212:4443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
DragonCastle – A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a...
HackerOne Bug Bounty Disclosure: 1-click-account-takeover-via-deeplink-in-[com-kayak-android]byretr02332
Programme HackerOne KAYAK KAYAK Submitted by retr02332 retr02332 Report 1 click Account takeover via deeplink in Full Report A considerable...
HackerOne Bug Bounty Disclosure: private-information-exposed-through-graphql-search-endpoints-aggregatesbyreigertje
Programme HackerOne HackerOne HackerOne Submitted by reigertje reigertje Report Private information exposed through GraphQL search endpoints aggregates Full Report A...
Malware Analysis – djvu – c266d56f0bbea899b2cfa58f192a9f86
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: c266d56f0bbea899b2cfa58f192a9f86SHA1: 0f2191d9571e04ed4cf14188b9eab8f210f6c652ANALYSIS DATE: 2023-01-19T16:59:57ZTTPS: T1222, T1082, T1005, T1081,...
Malware Analysis – djvu – 50fee0fee96a3c681b9c47eada3fffdf
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 50fee0fee96a3c681b9c47eada3fffdfSHA1: db64c7d74705e4a3c08ca50c140fa84d3c4fce09ANALYSIS DATE: 2023-01-19T17:22:07ZTTPS: T1012, T1222, T1082, T1005,...
Malware Analysis – persistence – da8e21489a2c6c01ee676c304c8541c1
Score: 8 MALWARE FAMILY: persistenceTAGS:persistenceMD5: da8e21489a2c6c01ee676c304c8541c1SHA1: 40e6d3aa1f0fa21fae1a9563174b45b432aa3306ANALYSIS DATE: 2023-01-19T17:42:31ZTTPS: T1060, T1112, T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – discovery – 133af41cfec522b7f583fcf77be37b1a
Score: 8 MALWARE FAMILY: discoveryTAGS:discoveryMD5: 133af41cfec522b7f583fcf77be37b1aSHA1: 50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0ANALYSIS DATE: 2023-01-19T17:13:15ZTTPS: T1082, T1012 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – locky – fb6ca1cd232151d667f6cd2484fee8c8
Score: 10 MALWARE FAMILY: lockyTAGS:family:locky, ransomwareMD5: fb6ca1cd232151d667f6cd2484fee8c8SHA1: f7bb52767afd2cd32ede8b5f83012eb99ba1ce28ANALYSIS DATE: 2023-01-19T17:42:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
LockBit 3.0 Ransomware Victim: tvk[.]nl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country's national news agency...
Product Security Incident Response: Key Strategies and Best Practices
Written By: Samuel Cure, CISO, AMI In today's digital landscape, it is essential to implement proactive measures to ensure the...
Bitzlato crypto exchange seized for ransomware, drugs money laundering
The U.S. Department of Justice arrested and charged Russian national Anatoly Legkodymov, the founder of the Hong Kong-registered cryptocurrency exchange...
New York man defrauded thousands using credit cards sold on dark web
A New York resident has pleaded guilty to charges of conspiracy to commit bank fraud using stolen credit cards purchased...
Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner
Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google...
MailChimp discloses new breach after employees got hacked
Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the...
Illegal Solaris darknet market hijacked by competitor Kraken
Solaris, a large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named...
Malware Analysis – djvu – 1e12ef6d811ea006a932860cd74b0282
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 1e12ef6d811ea006a932860cd74b0282SHA1: fcbef26773b2ef3a41bf1a74f4ed59233283321dANALYSIS DATE: 2023-01-19T09:27:14ZTTPS: T1130, T1112, T1060, T1222, T1082,...
