BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11
A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing...
LockBit 3.0 Ransomware Victim: tjel[.]net
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Vice Society Ransomware Victim: Vesuvius
Vice Society Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Cobalt Stike Beacon Detected – 195[.]2[.]67[.]185:7443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 45[.]227[.]252[.]241:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]139[.]15[.]98:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]138[.]168[.]20:99
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – djvu – d2759f5309e55616b031b25eb74590d6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: d2759f5309e55616b031b25eb74590d6SHA1: af830fa93d673f977e90eb65cb05103d924d5f93ANALYSIS DATE: 2023-03-01T10:13:59ZTTPS: T1012, T1060, T1112, T1222, T1005,...
Malware Analysis – djvu – b37dbbda5cccadaf790a2f4ba521655c
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: b37dbbda5cccadaf790a2f4ba521655cSHA1: ff1b5b752b332e58fa677f94439b6794163845ccANALYSIS DATE: 2023-03-01T09:15:10ZTTPS: T1222, T1005, T1081, T1060, T1112,...
Malware Analysis – djvu – 7f65c8c6ccea193f5d9566b41101bcf7
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 7f65c8c6ccea193f5d9566b41101bcf7SHA1: 9d169844ba08a0c8b5a90f45d188a1fc18c45833ANALYSIS DATE: 2023-03-01T09:17:06ZTTPS: T1222, T1053, T1005, T1081, T1012,...
Malware Analysis – djvu – 93c4c47e97687f03ad471d4d0d2f0291
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 93c4c47e97687f03ad471d4d0d2f0291SHA1: ad5800536b4053b7c87a4678900ba37fefe22accANALYSIS DATE: 2023-03-01T10:09:18ZTTPS: T1012, T1082, T1005, T1081, T1222,...
Cobalt Stike Beacon Detected – 81[.]70[.]239[.]223:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 108[.]165[.]178[.]42:9091
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]95[.]149[.]125:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]122[.]22[.]26:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – djvu – 7ef1217630afde6b4dd32eabbfa571ad
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 7ef1217630afde6b4dd32eabbfa571adSHA1: 969f7af1fe55f54aac5c572a167f1df3623b76bfANALYSIS DATE: 2023-03-01T10:29:57ZTTPS: T1222, T1082, T1012, T1005, T1081,...
Malware Analysis – djvu – c84e72c07920476083196bcca616c4fa
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: c84e72c07920476083196bcca616c4faSHA1: 2fb00ae12e8ae7569bee5285265aa465f4b6710fANALYSIS DATE: 2023-03-01T10:30:48ZTTPS: T1082, T1012, T1005, T1081, T1222,...
Malware Analysis – djvu – 6ac21b17bfbee755658feed1d8b2e0e2
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, backdoor, discovery, persistence, ransomware, stealer, trojanMD5: 6ac21b17bfbee755658feed1d8b2e0e2SHA1: d882a45a35c9195328505bc8b19515a10f416d5dANALYSIS DATE: 2023-03-01T11:30:33ZTTPS: T1012, T1120, T1082,...
Malware Analysis – djvu – cb3729af6606d66259fb727b19f929d4
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: cb3729af6606d66259fb727b19f929d4SHA1: e67dfef686231b24b924f796f4e11420ad0fcf0cANALYSIS DATE: 2023-03-01T10:32:09ZTTPS: T1012, T1005, T1081, T1222, T1082,...
GeoNode XML external entity injection | CVE-2023-26043
NAME__________GeoNode XML external entity injectionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GeoNode is vulnerable to an XML external entity injection (XXE) attack when...
Trusted Computing Group Trusted Platform Module information disclosure | US-CERT VU#782720
NAME__________Trusted Computing Group Trusted Platform Module information disclosurePlatforms Affected:Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Trusted...
laravel-admin file upload | CVE-2023-24249
NAME__________laravel-admin file uploadPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________laravel-admin could allow a remote authenticated attacker to upload arbitrary files, caused by improper...
Node.js utilities module denial of service | CVE-2023-26105
NAME__________Node.js utilities module denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Node.js utilities module is vulnerable to a denial of service,...
VMware Workspace ONE Content security bypass | CVE-2023-20857
NAME__________VMware Workspace ONE Content security bypassPlatforms Affected:VMware Workspace ONE ContentRisk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________VMware Workspace ONE Content could allow a local...
