Cobalt Stike Beacon Detected – 52[.]43[.]159[.]70:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]92[.]227[.]151:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 88[.]218[.]193[.]100:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – nitro – a0c0192c30c048044421d25c23501582
Score: 10 MALWARE FAMILY: nitroTAGS:family:nitro, persistence, ransomware, spyware, stealerMD5: a0c0192c30c048044421d25c23501582SHA1: d6080d25a6439238d0a8e90e6bbfc229680ecf3bANALYSIS DATE: 2023-01-04T10:05:23ZTTPS: T1005, T1081, T1491, T1112, T1102, T1060, T1012,...
Malware Analysis – amadey – 6c5d5e80bab3b17f1b6faa5273e0b224
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:19, backdoor, collection, discovery, persistence, ransomware, spyware, stealer, trojan, vmprotectMD5: 6c5d5e80bab3b17f1b6faa5273e0b224SHA1: e486b2da9876bd1205a6efd8098dd30b59a6454dANALYSIS...
Malware Analysis – smokeloader – 88fc55ed1a5295684fc77c36024060cf
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: 88fc55ed1a5295684fc77c36024060cfSHA1: 3c09ac4a25c92f1f3a4052ee1e97659b39672925ANALYSIS DATE: 2023-01-04T11:26:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – ransomware – 0e2f34900a7e0324b91ca191fd043e74
Score: 5 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: 0e2f34900a7e0324b91ca191fd043e74SHA1: 8d34aca2b2ca50d3816b161493ec7440f2cbdbc0ANALYSIS DATE: 2023-01-04T10:53:29ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
Malware Analysis – djvu – a4b4e507ef0dc6c624c17badb10d29c9
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: a4b4e507ef0dc6c624c17badb10d29c9SHA1: d376a5af805dd6654af35f42f71a3303ff1905f6ANALYSIS DATE: 2023-01-04T10:20:49ZTTPS: T1082, T1012, T1053, T1222,...
Qualcomm BIOS buffer overflow | CVE-2022-40517
NAME Qualcomm BIOS buffer overflow Platforms Affected:Qualcomm BIOSRisk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Qualcomm BIOS is vulnerable to a stack-based buffer overflow,...
memos security bypass | CVE-2022-4863
NAME memos security bypass Platforms Affected:memos memos 0.9.0Risk Level:8.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION memos could allow a local attacker to bypass security...
Synology VPN Plus Server command execution | CVE-2022-43931
NAME Synology VPN Plus Server command execution Platforms Affected:Synology VPN Plus Server for SRM 1.2 Synology VPN Plus Server for...
Esri Portal for ArcGIS directory traversal | CVE-2022-38205
NAME Esri Portal for ArcGIS directory traversal Platforms Affected:Esri Portal for ArcGIS 10.9.1Risk Level:8.6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION Esri Portal for ArcGIS...
Apache Kylin command execution | CVE-2022-43396
NAME Apache Kylin command execution Platforms Affected:Apache Kylin 3.0.0 Apache Kylin 2.0.0 Apache Kylin 4.0.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache Kylin...
memos cross-site request forgery | CVE-2022-4847
NAME memos cross-site request forgery Platforms Affected:Risk Level:8.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION memos is vulnerable to cross-site request forgery, caused...
Apache Kylin command execution | CVE-2022-44621
NAME Apache Kylin command execution Platforms Affected:Apache Kylin 3.0.0 Apache Kylin 2.0.0 Apache Kylin 4.0.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache Kylin...
Froxlor security bypass | CVE-2022-4868
NAME Froxlor security bypass Platforms Affected:Froxlor Froxlor 0.10.38.3Risk Level:8.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Froxlor could allow a remote authenticated attacker to bypass...
memos cross-site request forgery | CVE-2022-4848
NAME memos cross-site request forgery Platforms Affected:Risk Level:8.6Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION memos is vulnerable to cross-site request forgery, caused...
Qualcomm BIOS buffer overflow | CVE-2022-40516
NAME Qualcomm BIOS buffer overflow Platforms Affected:Qualcomm BIOSRisk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Qualcomm BIOS is vulnerable to a stack-based buffer overflow,...
Qualcomm BIOS buffer overflow | CVE-2022-40520
NAME Qualcomm BIOS buffer overflow Platforms Affected:Qualcomm BIOSRisk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Qualcomm BIOS is vulnerable to a stack-based buffer overflow,...
Daily Vulnerability Trends: Wed Jan 04 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.CVE-2022-29455DOM-based Reflected Cross-Site Scripting (XSS) vulnerability...
Malware Analysis – djvu – 4d50334081024a62178c18193ad7640a
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 4d50334081024a62178c18193ad7640aSHA1: 89f06b69f0acf9f1e625c5097b82b74c20030c8bANALYSIS DATE: 2023-01-04T03:04:12ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – smokeloader – a83bee74074204ce9dd5e9780187aa0f
Score: 10 MALWARE FAMILY: smokeloaderTAGS:family:smokeloader, backdoor, trojanMD5: a83bee74074204ce9dd5e9780187aa0fSHA1: f80dca4216a824bdaea42ea1ce115ac8f66c05dbANALYSIS DATE: 2023-01-04T03:11:03ZTTPS: T1012, T1120, T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – ransomware – 4b95b42cac7a11602b26caa41574d764
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomware, spyware, stealerMD5: 4b95b42cac7a11602b26caa41574d764SHA1: f64b7f29ecf8516d9d55bca8443f33d041b2b16aANALYSIS DATE: 2023-01-04T03:28:40ZTTPS: T1005, T1081 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – evasion – cebed8210feb0d37479d62199049e0ba
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: cebed8210feb0d37479d62199049e0baSHA1: eec586742f917b65c73d2f99c11dd65072c4f298ANALYSIS DATE: 2023-01-04T03:41:58ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
