Cobalt Stike Beacon Detected – 3[.]85[.]177[.]52:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – evasion – fefd16276a420a89681e28fffefd0b4a
Score: 6 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: fefd16276a420a89681e28fffefd0b4aSHA1: 7cb58f1143acd578a4085d36d1462b0465e64f6aANALYSIS DATE: 2023-01-12T09:12:11ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – evasion – 1e288142a45ebe7244ab899798cea643
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 1e288142a45ebe7244ab899798cea643SHA1: 078295d1cda8319ed69f64b5443e4d89705d8523ANALYSIS DATE: 2023-01-12T09:04:04ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – smokeloader – 7a806996e4de228c9b3e60b9de5c4640
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 7a806996e4de228c9b3e60b9de5c4640SHA1: 8ba775b47660510c4ba37b45ef7407cec9f9cb46ANALYSIS DATE: 2023-01-12T09:56:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – djvu – e2f5aa85d03fb41ad591e198090eb8e8
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: e2f5aa85d03fb41ad591e198090eb8e8SHA1: 58834f285e6e8d58444cb6b766216508757c3e0aANALYSIS DATE: 2023-01-12T09:41:51ZTTPS: T1060, T1112, T1082, T1005,...
Malware Analysis – ransomware – e87af2137d80d0bc082fe0f103f47166
Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: e87af2137d80d0bc082fe0f103f47166SHA1: 101f67e9078e4774bb38da6775f08a3cafd20843ANALYSIS DATE: 2023-01-12T10:09:47ZTTPS: T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – darkcomet – 19c677bb8cda5703f42c143bb4251e6a
Score: 10 MALWARE FAMILY: darkcometTAGS:family:darkcomet, family:njrat, family:xmrig, discovery, evasion, miner, persistence, ransomware, rat, spyware, stealer, trojan, upxMD5: 19c677bb8cda5703f42c143bb4251e6aSHA1: ad85336a7304a4e58b2a4f5c40b02f578aa00923ANALYSIS DATE:...
Malware Analysis – discovery – f69d9c918a8ad06c71d7f0f26ccfee12
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: f69d9c918a8ad06c71d7f0f26ccfee12SHA1: b3a7db5d394149862db9ae23682a745b1cdea128ANALYSIS DATE: 2023-01-12T10:19:25ZTTPS: T1012, T1120, T1082, T1060, T1112 ScoreMeaningExample10Known badA malware family...
Malware Analysis – aurora – 997678fdecbe60806da2112650e431ec
Score: 10 MALWARE FAMILY: auroraTAGS:family:aurora, family:dcrat, family:djvu, family:purecrypter, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, infostealer, loader, persistence, ransomware, rat, spyware,...
Malware Analysis – djvu – 8c5063d3ef8df921393f4fc163cc5e87
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 8c5063d3ef8df921393f4fc163cc5e87SHA1: ff5fb168cf01f2734c612ddcc354223780b5a6b6ANALYSIS DATE: 2023-01-12T11:09:11ZTTPS: T1005, T1081, T1060, T1112,...
Malware Analysis – revengerat – ddfdcc11a3e4a5dd265442a5bcea9fcf
Score: 10 MALWARE FAMILY: revengeratTAGS:family:revengerat, family:xmrig, discovery, evasion, miner, persistence, ransomware, spyware, stealer, trojanMD5: ddfdcc11a3e4a5dd265442a5bcea9fcfSHA1: a98cf41fb793d5c23bef6baac5c5848233c6ff41ANALYSIS DATE: 2023-01-12T11:05:34ZTTPS: T1031, T1064,...
Malware Analysis – smokeloader – b4346008df789fb0b428f3088c3290f5
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: b4346008df789fb0b428f3088c3290f5SHA1: 186b35c2d08c9250b3a0124dcd43c178a44cc3a5ANALYSIS DATE: 2023-01-12T11:11:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – smokeloader – b4be08f67e4b5fed600bf5558b119168
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: b4be08f67e4b5fed600bf5558b119168SHA1: 1085a0382315e70dcf742419ed281516d5c9bfd5ANALYSIS DATE: 2023-01-12T10:51:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
OMRON CP1L-EL20DR-D code execution | CVE-2023-22357
NAME__________OMRON CP1L-EL20DR-D code executionPlatforms Affected:OMRON CP1L-EL20DR-DRisk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________OMRON CP1L-EL20DR-D could allow a remote attacker to execute arbitrary code on...
Cisco IP Phone 7800 and 8800 Series security bypass | CVE-2023-20018
NAME__________Cisco IP Phone 7800 and 8800 Series security bypassPlatforms Affected:Cisco IP Phones 7800 Series Cisco IP Phone 8800 SeriesRisk Level:8.6Exploitability:UnprovenConsequences:Bypass...
Cisco Industrial Network Director information disclosure | CVE-2023-20038
NAME__________Cisco Industrial Network Director information disclosurePlatforms Affected:Cisco Industrial Network DirectorRisk Level:8.8Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Cisco Industrial Network Director could allow a local...
Zyxel GS1920-24v2 denial of service | CVE-2022-43393
NAME__________Zyxel GS1920-24v2 denial of servicePlatforms Affected:Risk Level:8.2Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Zyxel GS1920-24v2 is vulnerable to a denial of service, caused by...
Cisco BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform denial of service | CVE-2023-20020
NAME__________Cisco BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform denial of servicePlatforms Affected:Cisco BroadWorks Application Delivery Platform Software Cisco...
NVIDIA baseboard management buffer overflow | CVE-2022-42271
NAME__________NVIDIA baseboard management buffer overflowPlatforms Affected:NVIDIA DGX A100 00.19Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________NVIDIA baseboard management controller is vulnerable to buffer overflow,...
OMRON CX-Motion-MCH code execution | CVE-2023-22366
NAME__________OMRON CX-Motion-MCH code executionPlatforms Affected:OMRON CX-Motion-MCH 2.32Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________OMRON CX-Motion-MCH could allow a remote attacker to execute arbitrary code...
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers security bypass | CVE-2023-20025
NAME__________Cisco Small Business RV016, RV042, RV042G, and RV082 Routers security bypassPlatforms Affected:Risk Level:9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Cisco Small Business RV016, RV042, RV042G,...
Zyxel NR7101 command execution | CVE-2022-43389
NAME__________Zyxel NR7101 command executionPlatforms Affected:Risk Level:8.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zyxel NR7101 could allow a remote attacker to execute arbitrary commands on the...
Daily Vulnerability Trends: Thu Jan 12 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-20452In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution...
Malware Analysis – discovery – 1562d7504b9669b96cbeeba59b3fb6b4
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, evasion, persistence, ransomwareMD5: 1562d7504b9669b96cbeeba59b3fb6b4SHA1: 2ad24300cbd690f939cf62d949734f24daf1a8d3ANALYSIS DATE: 2023-01-12T03:00:34ZTTPS: T1012, T1120, T1082, T1060, T1112, T1497, T1042 ScoreMeaningExample10Known...
