Cobalt Stike Beacon Detected – 198[.]211[.]9[.]165:81
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]156[.]34[.]251:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – djvu – 3ad617705eb60bea01b35ebfdec9387c
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 3ad617705eb60bea01b35ebfdec9387cSHA1: 37ba7d4428f89d2065d07e0dea412f507cdb7438ANALYSIS DATE: 2023-02-25T10:35:16ZTTPS: T1005, T1081, T1053, T1012, T1060,...
Malware Analysis – djvu – 92712260bd169a57dc97ca60777714fc
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:pseudomanuscrypt, family:smokeloader, family:vidar, backdoor, discovery, evasion, loader, persistence, ransomware, stealer, trojan, vmprotectMD5: 92712260bd169a57dc97ca60777714fcSHA1: f681cba7d6305d9a2adce37bb358c8024a1c9bdbANALYSIS DATE:...
Malware Analysis – discovery – 12d36f901366740c1da210d62e05b98a
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 12d36f901366740c1da210d62e05b98aSHA1: 8d13b7aef049bdda83a390f2c7b022914defc15bANALYSIS DATE: 2023-02-25T09:58:50ZTTPS: T1222, T1012, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – djvu – 6a4db9167cb6ae1dbdb0516bc394d427
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomwareMD5: 6a4db9167cb6ae1dbdb0516bc394d427SHA1: c3a4997d48b4136086323501468b963a0ab7a2faANALYSIS DATE: 2023-02-25T11:31:59ZTTPS: T1060, T1112, T1222, T1082, T1012, T1053 ScoreMeaningExample10Known badA...
Cobalt Stike Beacon Detected – 209[.]133[.]211[.]242:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 8[.]142[.]124[.]166:8090
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]37[.]33[.]153:87
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 198[.]211[.]9[.]165:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cisco Firepower 4100, 9300 Security Appliances, and UCS Fabric Interconnects command execution | CVE-2023-20015
NAME__________Cisco Firepower 4100, 9300 Security Appliances, and UCS Fabric Interconnects command executionPlatforms Affected:Cisco UCS 6200 Series Fabric Interconnects Cisco UCS...
Gradio default account | CVE-2023-25823
NAME__________Gradio default accountPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Gradio contains default hardcoded credentials. A remote attacker could exploit this vulnerability to gain...
JetBrains TeamCity cross-site scripting | CVE-2022-48343
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
MuYuCMS directory traversal | CVE-2023-1002
NAME__________MuYuCMS directory traversalPlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MuYuCMS could allow a remote attacker to traverse directories on the system, caused by...
JetBrains TeamCity cross-site scripting | CVE-2022-48344
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Bumsys cross-site scripting | CVE-2023-0995
NAME__________Bumsys cross-site scriptingPlatforms Affected:Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Bumsys is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...
JetBrains TeamCity weak security | CVE-2022-48342
NAME__________JetBrains TeamCity weak securityPlatforms Affected:Risk Level:5.2Exploitability:UnprovenConsequences:Configuration DESCRIPTION__________JetBrains TeamCity could provide weaker than expected security, caused by jVMTI being enabled by...
mod-gnutls denial of service | CVE-2023-25824
NAME__________mod-gnutls denial of servicePlatforms Affected:mod_gnutls mod_gnutls 0.12.0 mod_gnutls mod_gnutls 0.9.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________mod-gnutls is vulnerable to a denial of...
SquaredUp Dashboard Server open redirect | CVE-2022-46784
NAME__________SquaredUp Dashboard Server open redirectPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Other DESCRIPTION__________SquaredUp Dashboard Server SCOM Edition, SquaredUp Dashboard Server Azure Edition, and SquaredUp Dashboard...
SquaredUp Dashboard Server cross-site scripting | CVE-2022-46785
NAME__________SquaredUp Dashboard Server cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________SquaredUp Dashboard Server SCOM Edition, SquaredUp Dashboard Server Azure Edition, and SquaredUp...
Sourcecodester Medical Certificate Generator App cross-site scripting | CVE-2023-1006
NAME__________Sourcecodester Medical Certificate Generator App cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sourcecodester Medical Certificate Generator App is vulnerable to cross-site scripting,...
Sales Tracker Management System SQL injection | CVE-2023-0986
NAME__________Sales Tracker Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Sales Tracker Management System is vulnerable to SQL injection. A remote...
Twister Antivirus security bypass | CVE-2023-1007
NAME__________Twister Antivirus security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Twister Antivirus could allow a local authenticated attacker to bypass security restrictions,...
Apple iOS, iPadOS and macOS Ventura privilege escalation | CVE-2023-23530
NAME__________Apple iOS, iPadOS and macOS Ventura privilege escalationPlatforms Affected:Apple macOS Ventura 13.1 Apple iOS 16.2 Apple iPadOS 16.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges...
