RedPacket Security - InfoSec News & Tutorials

Cobalt Stike Beacon Detected – 79[.]137[.]248[.]24:443

December 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 124[.]156[.]11[.]146:9999

December 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – djvu – 9ce1877b8701e245454cf510ad1039ca

December 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojanMD5: 9ce1877b8701e245454cf510ad1039caSHA1: 755181bd3499c23173983e96ba306c7bf575fdb1ANALYSIS DATE: 2022-12-08T10:04:32ZTTPS:...

Malware Analysis – evasion – d024bd4ab684e1d78599f9ae8623d624

December 8, 2022

Score: 10 MALWARE FAMILY: evasionTAGS:evasion, ransomware, trojanMD5: d024bd4ab684e1d78599f9ae8623d624SHA1: 0b03ea93468d6a5108352051007c637ddeaa4ab3ANALYSIS DATE: 2022-12-08T10:09:35ZTTPS: T1112, T1031, T1089, T1107, T1490 ScoreMeaningExample10Known badA malware family...

Malware Analysis – djvu – e1a4cef73bd625a9f9360f8a3243d808

December 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: e1a4cef73bd625a9f9360f8a3243d808SHA1: 9c0c85de9f9d6067b393f78ff4360ea5d643338aANALYSIS DATE: 2022-12-08T10:26:04ZTTPS: T1222, T1060, T1112, T1082,...

Malware Analysis – djvu – 17af9dbcffe89a170dcb9e76810ef225

December 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, stealerMD5: 17af9dbcffe89a170dcb9e76810ef225SHA1: 90d91f86822863e8b8f1983e3255c0ff333aa3b1ANALYSIS DATE: 2022-12-08T10:29:06ZTTPS: T1053, T1222, T1060, T1112, T1082,...

Cobalt Stike Beacon Detected – 1[.]117[.]231[.]225:1024

December 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 49[.]128[.]198[.]3:53

December 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 129[.]226[.]201[.]214:9999

December 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Cobalt Stike Beacon Detected – 45[.]76[.]179[.]38:443

December 8, 2022

The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...

Malware Analysis – globeimposter – 8797e2092484f8dde83871366dcfbdae

December 8, 2022

Score: 10 MALWARE FAMILY: globeimposterTAGS:family:globeimposter, persistence, ransomware, spyware, stealerMD5: 8797e2092484f8dde83871366dcfbdaeSHA1: 53c0530d195de802b62dde6da0e5e335c5083963ANALYSIS DATE: 2022-12-08T11:39:12ZTTPS: T1005, T1081, T1060, T1112 ScoreMeaningExample10Known badA malware...

Malware Analysis – djvu – 2ffd48cc274bdacc604cc128dc874632

December 8, 2022

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:517, discovery, persistence, ransomware, spyware, stealerMD5: 2ffd48cc274bdacc604cc128dc874632SHA1: c88225d00c201da34b1d1b0c9a182fc161decd8cANALYSIS DATE: 2022-12-08T11:50:49ZTTPS: T1222, T1053, T1005, T1081,...

Malware Analysis – dcrat – 1ffedc09946da8cc244c117fd3a2bbba

December 8, 2022

Score: 10 MALWARE FAMILY: dcratTAGS:family:dcrat, family:djvu, family:smokeloader, family:vidar, botnet:517, backdoor, collection, discovery, infostealer, persistence, ransomware, rat, spyware, stealer, trojanMD5: 1ffedc09946da8cc244c117fd3a2bbbaSHA1:...

Malware Analysis – zeppelin – 8090cb9a98392d753116e30e0be9f25a

December 8, 2022

Score: 10 MALWARE FAMILY: zeppelinTAGS:family:zeppelin, persistence, ransomwareMD5: 8090cb9a98392d753116e30e0be9f25aSHA1: 1f45a5e3dc88e363fd6ff83d52a6a2e4ddd8951fANALYSIS DATE: 2022-12-08T10:56:45ZTTPS: T1060, T1112, T1082, T1012, T1120, T1107, T1490 ScoreMeaningExample10Known badA...

Sophos firewall cross-site scripting | CVE-2022-3709

December 8, 2022

NAME Sophos firewall cross-site scripting Platforms Affected:Sophos Firewall 19.4Risk Level:8.4Exploitability:HighConsequences:Gain Access DESCRIPTION Sophos firewall is vulnerable to cross-site scripting, caused...

Sophos firewall code execution | CVE-2022-3713

December 8, 2022

NAME Sophos firewall code execution Platforms Affected:Sophos Firewall 19.4Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Sophos firewall could allow a remote attacker to...

daloRADIUS cross-site scripting | CVE-2022-23475

December 8, 2022

NAME daloRADIUS cross-site scripting Platforms Affected:daloRADIUS daloRADIUS 1.2Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION daloRADIUS is vulnerable to cross-site scripting, caused by improper...

Aruba Networks ClearPass Policy Manager SQL injection | CVE-2022-43530

December 8, 2022

NAME Aruba Networks ClearPass Policy Manager SQL injection Platforms Affected:Aruba Networks ClearPass Policy Manager 6.9 Aruba Networks ClearPass Policy Manager...

Node.js simple-git module code execution | CVE-2022-25912

December 8, 2022

NAME Node.js simple-git module code execution Platforms Affected:Node.js simple-git 3.14.1Risk Level:8.1Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Node.js simple-git module could allow...

Sophos firewall command execution | CVE-2022-3226

December 8, 2022

NAME Sophos firewall command execution Platforms Affected:Sophos Firewall 19.4Risk Level:9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Sophos firewall could allow a remote autheticated attacker...

FortiOS and FortiProxy security bypass | CVE-2022-35843

December 8, 2022

NAME FortiOS and FortiProxy security bypass Platforms Affected:Fortinet FortiOS 6.0.0 Fortinet FortiOS 6.2.0 Fortinet FortiOS 6.4.0 Fortinet FortiProxy 2.0.0 Fortinet...

PaddlePaddle code execution | CVE-2022-46742

December 8, 2022

NAME PaddlePaddle code execution Platforms Affected:Risk Level:10Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION PaddlePaddle could allow a remote attacker to execute arbitrary...

Daily Vulnerability Trends: Thu Dec 08 2022

December 8, 2022

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2021-22555A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c....

BlackCat/ALPHV Ransomware Victim: pro office Büro + Wohnkultur GmbH

December 8, 2022

BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...

Main Story

Editor’s Picks

Trending Story

Featured Story

You may have missed