Cobalt Stike Beacon Detected – 35[.]88[.]90[.]115:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 179[.]43[.]187[.]24:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Posh C2 Detected – 141[.]145[.]213[.]10:443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
Royal Ransomware Victim: Pillar Resource Services
RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...
Exploits released for two Samsung Galaxy App Store vulnerabilities
Two vulnerabilities in the Galaxy App Store, Samsung’s official repository for its devices, could enable attackers to install any app...
The Week in Ransomware – January 20th 2023 – Targeting Crypto Exchanges
There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering...
New Boldmove Linux malware used to backdoor Fortinet devices
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and...
Over 19,000 end-of-life Cisco routers exposed to RCE attacks
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain....
Critical ManageEngine RCE bug now exploited to open reverse shells
A critical remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks. The first...
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang...
Cobalt Stike Beacon Detected – 182[.]92[.]67[.]97:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 23[.]227[.]202[.]188:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]100[.]190[.]135:6789
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 35[.]72[.]81[.]198:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]95[.]149[.]125:90
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – discovery – b836837cc3a35ac8ad5414e2fd758cb1
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: b836837cc3a35ac8ad5414e2fd758cb1SHA1: 7d963a95964735bd353eee489d949912935e154aANALYSIS DATE: 2023-01-21T09:13:49ZTTPS: T1112, T1082, T1042, T1060, T1012 ScoreMeaningExample10Known badA malware family...
Malware Analysis – djvu – de0bf20a9d668e641c58cbf15464dcff
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: de0bf20a9d668e641c58cbf15464dcffSHA1: 0a76a64c8c966e99a979cdc4517d05563a0736c6ANALYSIS DATE: 2023-01-21T09:31:33ZTTPS: T1012, T1082, T1005, T1081,...
Malware Analysis – djvu – 1da519e1cf49bb501127d725cd71d13d
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, stealerMD5: 1da519e1cf49bb501127d725cd71d13dSHA1: 53b253d5a7b42acae4cbb7cd6f2d943bcc7e484fANALYSIS DATE: 2023-01-21T09:56:05ZTTPS: T1130, T1112, T1060, T1222, T1082,...
Malware Analysis – djvu – db9ca7be33c09a07e9bf8631da3f943f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: db9ca7be33c09a07e9bf8631da3f943fSHA1: 517345fed6578132c020d79c5f46eae92c2cd991ANALYSIS DATE: 2023-01-21T11:02:19ZTTPS: T1060, T1112, T1012, T1082,...
Malware Analysis – evasion – 048d2cc9af6b8a64b48a6bed39ce3a94
Score: 9 MALWARE FAMILY: evasionTAGS:evasion, pyinstaller, ransomware, upxMD5: 048d2cc9af6b8a64b48a6bed39ce3a94SHA1: 6bba401ef23fb8aee4f6bd2ce2e0264c1159094cANALYSIS DATE: 2023-01-21T11:26:21ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – discovery – cc42a6beb3e2e6d9404f015076a3c28a
Score: 10 MALWARE FAMILY: discoveryTAGS:discovery, persistence, ransomwareMD5: cc42a6beb3e2e6d9404f015076a3c28aSHA1: d71b84e8ae3c692a96596d67138a9755af595a35ANALYSIS DATE: 2023-01-21T11:21:02ZTTPS: T1112, T1082, T1060, T1012, T1042 ScoreMeaningExample10Known badA malware family...
Dell EMC PV ME5 privilege escalation | CVE-2023-23691
NAME__________Dell EMC PV ME5 privilege escalationPlatforms Affected:Dell PowerVault ME5 1.1.0.0Risk Level:8.1Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell EMC PV ME5 could allow a remote...
LISTSERV cross-site scripting | CVE-2022-39195
NAME__________LISTSERV cross-site scriptingPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________LISTSERV is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...
Git Git GUI privilege escalation | CVE-2022-41953
NAME__________Git Git GUI privilege escalationPlatforms Affected:Git for Windows Git for Windows 2.39.0Risk Level:8.6Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Git GUI could allow a remote...
